diff --git a/modules/cdn/profile/endpoint/README.md b/modules/cdn/profile/endpoint/README.md
index 688a86025a..7681a1e2f8 100644
--- a/modules/cdn/profile/endpoint/README.md
+++ b/modules/cdn/profile/endpoint/README.md
@@ -20,29 +20,68 @@ This module deploys a CDN Profile Endpoint.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `name` | string | Name of the endpoint under the profile which is unique globally. |
-| `properties` | object | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). |
+| [`name`](#parameter-name) | string | Name of the endpoint under the profile which is unique globally. |
+| [`properties`](#parameter-properties) | object | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `profileName` | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. |
+| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | Resource location. |
-| `tags` | object | `{object}` | Endpoint tags. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Resource location. |
+| [`tags`](#parameter-tags) | object | Endpoint tags. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Resource location.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+Name of the endpoint under the profile which is unique globally.
+- Required: Yes
+- Type: string
+
+### Parameter: `profileName`
+
+The name of the parent CDN profile. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `properties`
+
+Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details).
+- Required: Yes
+- Type: object
+
+### Parameter: `tags`
+
+Endpoint tags.
+- Required: No
+- Type: object
+- Default: `{object}`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `endpointProperties` | object | The properties of the endpoint. |
 | `location` | string | The location the resource was deployed into. |
diff --git a/modules/cdn/profile/endpoint/origin/README.md b/modules/cdn/profile/endpoint/origin/README.md
index c4e00f6ddd..706d8a9c4a 100644
--- a/modules/cdn/profile/endpoint/origin/README.md
+++ b/modules/cdn/profile/endpoint/origin/README.md
@@ -19,37 +19,128 @@ This module deploys a CDN Profile Endpoint Origin.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `endpointName` | string | The name of the CDN Endpoint. |
-| `hostName` | string | The hostname of the origin. |
-| `name` | string | The name of the origin. |
+| [`endpointName`](#parameter-endpointname) | string | The name of the CDN Endpoint. |
+| [`hostName`](#parameter-hostname) | string | The hostname of the origin. |
+| [`name`](#parameter-name) | string | The name of the origin. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `priority` | int | `-1` | The priority of origin in given origin group for load balancing. Required if `weight` is provided. |
-| `privateLinkAlias` | string |  | The private link alias of the origin. Required if privateLinkLocation is provided. |
-| `privateLinkLocation` | string |  | The private link location of the origin. Required if privateLinkAlias is provided. |
-| `weight` | int | `-1` | The weight of the origin used for load balancing. Required if `priority` is provided. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`priority`](#parameter-priority) | int | The priority of origin in given origin group for load balancing. Required if `weight` is provided. |
+| [`privateLinkAlias`](#parameter-privatelinkalias) | string | The private link alias of the origin. Required if privateLinkLocation is provided. |
+| [`privateLinkLocation`](#parameter-privatelinklocation) | string | The private link location of the origin. Required if privateLinkAlias is provided. |
+| [`weight`](#parameter-weight) | int | The weight of the origin used for load balancing. Required if `priority` is provided. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enabled` | bool | `True` | Whether the origin is enabled for load balancing. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `httpPort` | int | `80` | The HTTP port of the origin. |
-| `httpsPort` | int | `443` | The HTTPS port of the origin. |
-| `originHostHeader` | string |  | The host header value sent to the origin. |
-| `privateLinkResourceId` | string |  | The private link resource ID of the origin. |
-| `profileName` | string | `'default'` | The name of the CDN profile. Default to "default". |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enabled`](#parameter-enabled) | bool | Whether the origin is enabled for load balancing. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`httpPort`](#parameter-httpport) | int | The HTTP port of the origin. |
+| [`httpsPort`](#parameter-httpsport) | int | The HTTPS port of the origin. |
+| [`originHostHeader`](#parameter-originhostheader) | string | The host header value sent to the origin. |
+| [`privateLinkResourceId`](#parameter-privatelinkresourceid) | string | The private link resource ID of the origin. |
+| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. Default to "default". |
+
+### Parameter: `enabled`
+
+Whether the origin is enabled for load balancing.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `endpointName`
+
+The name of the CDN Endpoint.
+- Required: Yes
+- Type: string
+
+### Parameter: `hostName`
+
+The hostname of the origin.
+- Required: Yes
+- Type: string
+
+### Parameter: `httpPort`
+
+The HTTP port of the origin.
+- Required: No
+- Type: int
+- Default: `80`
+
+### Parameter: `httpsPort`
+
+The HTTPS port of the origin.
+- Required: No
+- Type: int
+- Default: `443`
+
+### Parameter: `name`
+
+The name of the origin.
+- Required: Yes
+- Type: string
+
+### Parameter: `originHostHeader`
+
+The host header value sent to the origin.
+- Required: Yes
+- Type: string
+
+### Parameter: `priority`
+
+The priority of origin in given origin group for load balancing. Required if `weight` is provided.
+- Required: No
+- Type: int
+- Default: `-1`
+
+### Parameter: `privateLinkAlias`
+
+The private link alias of the origin. Required if privateLinkLocation is provided.
+- Required: Yes
+- Type: string
+
+### Parameter: `privateLinkLocation`
+
+The private link location of the origin. Required if privateLinkAlias is provided.
+- Required: Yes
+- Type: string
+
+### Parameter: `privateLinkResourceId`
+
+The private link resource ID of the origin.
+- Required: Yes
+- Type: string
+
+### Parameter: `profileName`
+
+The name of the CDN profile. Default to "default".
+- Required: No
+- Type: string
+- Default: `'default'`
+
+### Parameter: `weight`
+
+The weight of the origin used for load balancing. Required if `priority` is provided.
+- Required: No
+- Type: int
+- Default: `-1`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `location` | string | The location the resource was deployed into. |
 | `name` | string | The name of the endpoint. |
diff --git a/modules/cdn/profile/origingroup/README.md b/modules/cdn/profile/origingroup/README.md
index fd8396cd17..0ba329cf7b 100644
--- a/modules/cdn/profile/origingroup/README.md
+++ b/modules/cdn/profile/origingroup/README.md
@@ -20,26 +20,80 @@ This module deploys a CDN Profile Origin Group.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `loadBalancingSettings` | object | Load balancing settings for a backend pool. |
-| `name` | string | The name of the origin group. |
-| `origins` | array | The list of origins within the origin group. |
-| `profileName` | string | The name of the CDN profile. |
+| [`loadBalancingSettings`](#parameter-loadbalancingsettings) | object | Load balancing settings for a backend pool. |
+| [`name`](#parameter-name) | string | The name of the origin group. |
+| [`origins`](#parameter-origins) | array | The list of origins within the origin group. |
+| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `healthProbeSettings` | object | `{object}` |  | Health probe settings to the origin that is used to determine the health of the origin. |
-| `sessionAffinityState` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether to allow session affinity on this host. |
-| `trafficRestorationTimeToHealedOrNewEndpointsInMinutes` | int | `10` |  | Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`healthProbeSettings`](#parameter-healthprobesettings) | object | Health probe settings to the origin that is used to determine the health of the origin. |
+| [`sessionAffinityState`](#parameter-sessionaffinitystate) | string | Whether to allow session affinity on this host. |
+| [`trafficRestorationTimeToHealedOrNewEndpointsInMinutes`](#parameter-trafficrestorationtimetohealedornewendpointsinminutes) | int | Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `healthProbeSettings`
+
+Health probe settings to the origin that is used to determine the health of the origin.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `loadBalancingSettings`
+
+Load balancing settings for a backend pool.
+- Required: Yes
+- Type: object
+
+### Parameter: `name`
+
+The name of the origin group.
+- Required: Yes
+- Type: string
+
+### Parameter: `origins`
+
+The list of origins within the origin group.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `profileName`
+
+The name of the CDN profile.
+- Required: Yes
+- Type: string
+
+### Parameter: `sessionAffinityState`
+
+Whether to allow session affinity on this host.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `trafficRestorationTimeToHealedOrNewEndpointsInMinutes`
+
+Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins.
+- Required: No
+- Type: int
+- Default: `10`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `location` | string | The location the resource was deployed into. |
 | `name` | string | The name of the origin group. |
diff --git a/modules/cdn/profile/origingroup/origin/README.md b/modules/cdn/profile/origingroup/origin/README.md
index 260e7846fb..fd6cf7110b 100644
--- a/modules/cdn/profile/origingroup/origin/README.md
+++ b/modules/cdn/profile/origingroup/origin/README.md
@@ -19,31 +19,119 @@ This module deploys a CDN Profile Origin.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `hostName` | string | The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. |
-| `name` | string | The name of the origion. |
-| `originGroupName` | string | The name of the group. |
-| `profileName` | string | The name of the CDN profile. |
+| [`hostName`](#parameter-hostname) | string | The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. |
+| [`name`](#parameter-name) | string | The name of the origion. |
+| [`originGroupName`](#parameter-origingroupname) | string | The name of the group. |
+| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enabledState` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. |
-| `enforceCertificateNameCheck` | bool | `True` |  | Whether to enable certificate name check at origin level. |
-| `httpPort` | int | `80` |  | The value of the HTTP port. Must be between 1 and 65535. |
-| `httpsPort` | int | `443` |  | The value of the HTTPS port. Must be between 1 and 65535. |
-| `originHostHeader` | string | `''` |  | The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint. |
-| `priority` | int | `1` |  | Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5. |
-| `sharedPrivateLinkResource` | object | `{object}` |  | The properties of the private link resource for private origin. |
-| `weight` | int | `1000` |  | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enabledState`](#parameter-enabledstate) | string | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. |
+| [`enforceCertificateNameCheck`](#parameter-enforcecertificatenamecheck) | bool | Whether to enable certificate name check at origin level. |
+| [`httpPort`](#parameter-httpport) | int | The value of the HTTP port. Must be between 1 and 65535. |
+| [`httpsPort`](#parameter-httpsport) | int | The value of the HTTPS port. Must be between 1 and 65535. |
+| [`originHostHeader`](#parameter-originhostheader) | string | The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint. |
+| [`priority`](#parameter-priority) | int | Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5. |
+| [`sharedPrivateLinkResource`](#parameter-sharedprivatelinkresource) | object | The properties of the private link resource for private origin. |
+| [`weight`](#parameter-weight) | int | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enabledState`
+
+Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `enforceCertificateNameCheck`
+
+Whether to enable certificate name check at origin level.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `hostName`
+
+The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint.
+- Required: Yes
+- Type: string
+
+### Parameter: `httpPort`
+
+The value of the HTTP port. Must be between 1 and 65535.
+- Required: No
+- Type: int
+- Default: `80`
+
+### Parameter: `httpsPort`
+
+The value of the HTTPS port. Must be between 1 and 65535.
+- Required: No
+- Type: int
+- Default: `443`
+
+### Parameter: `name`
+
+The name of the origion.
+- Required: Yes
+- Type: string
+
+### Parameter: `originGroupName`
+
+The name of the group.
+- Required: Yes
+- Type: string
+
+### Parameter: `originHostHeader`
+
+The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `priority`
+
+Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5.
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `profileName`
+
+The name of the CDN profile.
+- Required: Yes
+- Type: string
+
+### Parameter: `sharedPrivateLinkResource`
+
+The properties of the private link resource for private origin.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `weight`
+
+Weight of the origin in given origin group for load balancing. Must be between 1 and 1000.
+- Required: No
+- Type: int
+- Default: `1000`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the origin. |
 | `resourceGroupName` | string | The name of the resource group the origin was created in. |
diff --git a/modules/cdn/profile/ruleset/README.md b/modules/cdn/profile/ruleset/README.md
index de4783b188..e7dc4c15de 100644
--- a/modules/cdn/profile/ruleset/README.md
+++ b/modules/cdn/profile/ruleset/README.md
@@ -20,27 +20,53 @@ This module deploys a CDN Profile rule set.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `name` | string | The name of the rule set. |
-| `profileName` | string | The name of the CDN profile. |
+| [`name`](#parameter-name) | string | The name of the rule set. |
+| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
 
 **Optinal parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `rules` | array | The rules to apply to the rule set. |
+| [`rules`](#parameter-rules) | array | The rules to apply to the rule set. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the rule set.
+- Required: Yes
+- Type: string
+
+### Parameter: `profileName`
+
+The name of the CDN profile.
+- Required: Yes
+- Type: string
+
+### Parameter: `rules`
+
+The rules to apply to the rule set.
+- Required: No
+- Type: array
+- Default: `[]`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the rule set. |
 | `resourceGroupName` | string | The name of the resource group the custom domain was created in. |
diff --git a/modules/cdn/profile/ruleset/rule/README.md b/modules/cdn/profile/ruleset/rule/README.md
index 9fbaa502eb..53201f8cfb 100644
--- a/modules/cdn/profile/ruleset/rule/README.md
+++ b/modules/cdn/profile/ruleset/rule/README.md
@@ -19,26 +19,78 @@ This module deploys a CDN Profile rule.
 
 **Required parameters**
 
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `matchProcessingBehavior` | string | `[Continue, Stop]` | If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. |
-| `name` | string |  | The name of the rule. |
-| `order` | int |  | The order in which this rule will be applied. Rules with a lower order are applied before rules with a higher order. |
-| `profileName` | string |  | The name of the profile. |
-| `ruleSetName` | string |  | The name of the rule set. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`matchProcessingBehavior`](#parameter-matchprocessingbehavior) | string | If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. |
+| [`name`](#parameter-name) | string | The name of the rule. |
+| [`order`](#parameter-order) | int | The order in which this rule will be applied. Rules with a lower order are applied before rules with a higher order. |
+| [`profileName`](#parameter-profilename) | string | The name of the profile. |
+| [`ruleSetName`](#parameter-rulesetname) | string | The name of the rule set. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `actions` | array | `[]` | A list of actions that are executed when all the conditions of a rule are satisfied. |
-| `conditions` | array | `[]` | A list of conditions that must be matched for the actions to be executed. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`actions`](#parameter-actions) | array | A list of actions that are executed when all the conditions of a rule are satisfied. |
+| [`conditions`](#parameter-conditions) | array | A list of conditions that must be matched for the actions to be executed. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+
+### Parameter: `actions`
+
+A list of actions that are executed when all the conditions of a rule are satisfied.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `conditions`
+
+A list of conditions that must be matched for the actions to be executed.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `matchProcessingBehavior`
+
+If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue.
+- Required: Yes
+- Type: string
+- Allowed: `[Continue, Stop]`
+
+### Parameter: `name`
+
+The name of the rule.
+- Required: Yes
+- Type: string
+
+### Parameter: `order`
+
+The order in which this rule will be applied. Rules with a lower order are applied before rules with a higher order.
+- Required: Yes
+- Type: int
+
+### Parameter: `profileName`
+
+The name of the profile.
+- Required: Yes
+- Type: string
+
+### Parameter: `ruleSetName`
+
+The name of the rule set.
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the rule. |
 | `resourceGroupName` | string | The name of the resource group the custom domain was created in. |
diff --git a/modules/cdn/profile/secret/README.md b/modules/cdn/profile/secret/README.md
index 4f1a1f6161..9156b542e5 100644
--- a/modules/cdn/profile/secret/README.md
+++ b/modules/cdn/profile/secret/README.md
@@ -19,31 +19,86 @@ This module deploys a CDN Profile Secret.
 
 **Required parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `name` | string |  |  | The name of the secrect. |
-| `type` | string | `'AzureFirstPartyManagedCertificate'` | `[AzureFirstPartyManagedCertificate, CustomerCertificate, ManagedCertificate, UrlSigningKey]` | The type of the secrect. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the secrect. |
+| [`type`](#parameter-type) | string | The type of the secrect. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `profileName` | string |  | The name of the parent CDN profile. Required if the template is used in a standalone deployment. |
-| `secretSourceResourceId` | string | `''` | The resource ID of the secrect source. Required if the type is CustomerCertificate. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. |
+| [`secretSourceResourceId`](#parameter-secretsourceresourceid) | string | The resource ID of the secrect source. Required if the type is CustomerCertificate. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `secretVersion` | string | `''` | The version of the secret. |
-| `subjectAlternativeNames` | array | `[]` | The subject alternative names of the secrect. |
-| `useLatestVersion` | bool | `False` | Indicates whether to use the latest version of the secrect. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`secretVersion`](#parameter-secretversion) | string | The version of the secret. |
+| [`subjectAlternativeNames`](#parameter-subjectalternativenames) | array | The subject alternative names of the secrect. |
+| [`useLatestVersion`](#parameter-uselatestversion) | bool | Indicates whether to use the latest version of the secrect. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the secrect.
+- Required: Yes
+- Type: string
+
+### Parameter: `profileName`
+
+The name of the parent CDN profile. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `secretSourceResourceId`
+
+The resource ID of the secrect source. Required if the type is CustomerCertificate.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `secretVersion`
+
+The version of the secret.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `subjectAlternativeNames`
+
+The subject alternative names of the secrect.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `type`
+
+The type of the secrect.
+- Required: No
+- Type: string
+- Default: `'AzureFirstPartyManagedCertificate'`
+- Allowed: `[AzureFirstPartyManagedCertificate, CustomerCertificate, ManagedCertificate, UrlSigningKey]`
+
+### Parameter: `useLatestVersion`
+
+Indicates whether to use the latest version of the secrect.
+- Required: No
+- Type: bool
+- Default: `False`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the secrect. |
 | `resourceGroupName` | string | The name of the resource group the secret was created in. |
diff --git a/modules/cognitive-services/account/.test/common/main.test.bicep b/modules/cognitive-services/account/.test/common/main.test.bicep
index 0802ae9df8..39d0bbbd26 100644
--- a/modules/cognitive-services/account/.test/common/main.test.bicep
+++ b/modules/cognitive-services/account/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/cognitive-services/account/.test/min/main.test.bicep b/modules/cognitive-services/account/.test/min/main.test.bicep
index 727b9a5a92..c24b67f868 100644
--- a/modules/cognitive-services/account/.test/min/main.test.bicep
+++ b/modules/cognitive-services/account/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/cognitive-services/account/README.md b/modules/cognitive-services/account/README.md
index 93f229c9e9..4cc5ebb441 100644
--- a/modules/cognitive-services/account/README.md
+++ b/modules/cognitive-services/account/README.md
@@ -4,14 +4,14 @@ This module deploys a Cognitive Service.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 - [Notes](#Notes)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -22,91 +22,31 @@ This module deploys a Cognitive Service.
 | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) |
 | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `kind` | string | `[AnomalyDetector, Bing.Autosuggest.v7, Bing.CustomSearch, Bing.EntitySearch, Bing.Search.v7, Bing.SpellCheck.v7, CognitiveServices, ComputerVision, ContentModerator, CustomVision.Prediction, CustomVision.Training, Face, FormRecognizer, ImmersiveReader, Internal.AllInOne, LUIS, LUIS.Authoring, Personalizer, QnAMaker, SpeechServices, TextAnalytics, TextTranslation]` | Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. |
-| `name` | string |  | The name of Cognitive Services account. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
-| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. |
-| `customSubDomainName` | string | `''` | Subdomain name used for token-based authentication. Required if 'networkAcls' or 'privateEndpoints' are set. |
-| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `allowedFqdnList` | array | `[]` |  | List of allowed FQDN. |
-| `apiProperties` | object | `{object}` |  | The API properties for special APIs. |
-| `cMKKeyName` | string | `''` |  | The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. |
-| `cMKKeyVersion` | string | `''` |  | The version of the customer managed key to reference for encryption. If not provided, latest is used. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Audit, RequestResponse]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` |  | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `disableLocalAuth` | bool | `True` |  | Allow only Azure AD authentication. Should be enabled for security reasons. |
-| `dynamicThrottlingEnabled` | bool | `False` |  | The flag to enable dynamic throttling. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` |  | Location for all Resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `migrationToken` | string | `''` |  | Resource migration token. |
-| `networkAcls` | object | `{object}` |  | A collection of rules governing the accessibility from specific network locations. |
-| `privateEndpoints` | array | `[]` |  | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
-| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. |
-| `restore` | bool | `False` |  | Restore a soft-deleted cognitive service at deployment time. Will fail if no such soft-deleted resource exists. |
-| `restrictOutboundNetworkAccess` | bool | `True` |  | Restrict outbound network access. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `sku` | string | `'S0'` | `[C2, C3, C4, F0, F1, S, S0, S1, S10, S2, S3, S4, S5, S6, S7, S8, S9]` | SKU of the Cognitive Services resource. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. |
-| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `userOwnedStorage` | array | `[]` |  | The storage accounts for this resource. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `endpoint` | string | The service endpoint of the cognitive services account. |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the cognitive services account. |
-| `resourceGroupName` | string | The resource group the cognitive services account was deployed into. |
-| `resourceId` | string | The resource ID of the cognitive services account. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+## Usage examples
 
-## Cross-referenced modules
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cognitive-services.account:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Encr](#example-2-encr)
+- [Using only defaults](#example-3-using-only-defaults)
+- [Speech](#example-4-speech)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module account './cognitive-services/account/main.bicep' = {
+module account 'br:bicep/modules/cognitive-services.account:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-csacom'
   params: {
     // Required parameters
@@ -284,14 +224,14 @@ module account './cognitive-services/account/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Encr</h3>
+### Example 2: _Encr_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module account './cognitive-services/account/main.bicep' = {
+module account 'br:bicep/modules/cognitive-services.account:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-csaencr'
   params: {
     // Required parameters
@@ -365,14 +305,17 @@ module account './cognitive-services/account/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 3: Min</h3>
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module account './cognitive-services/account/main.bicep' = {
+module account 'br:bicep/modules/cognitive-services.account:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-csamin'
   params: {
     // Required parameters
@@ -414,14 +357,14 @@ module account './cognitive-services/account/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 4: Speech</h3>
+### Example 4: _Speech_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module account './cognitive-services/account/main.bicep' = {
+module account 'br:bicep/modules/cognitive-services.account:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-csaspeech'
   params: {
     // Required parameters
@@ -530,6 +473,311 @@ module account './cognitive-services/account/main.bicep' = {
 <p>
 
 
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`kind`](#parameter-kind) | string | Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. |
+| [`name`](#parameter-name) | string | The name of Cognitive Services account. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
+| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. |
+| [`customSubDomainName`](#parameter-customsubdomainname) | string | Subdomain name used for token-based authentication. Required if 'networkAcls' or 'privateEndpoints' are set. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`allowedFqdnList`](#parameter-allowedfqdnlist) | array | List of allowed FQDN. |
+| [`apiProperties`](#parameter-apiproperties) | object | The API properties for special APIs. |
+| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. |
+| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, latest is used. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Allow only Azure AD authentication. Should be enabled for security reasons. |
+| [`dynamicThrottlingEnabled`](#parameter-dynamicthrottlingenabled) | bool | The flag to enable dynamic throttling. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`migrationToken`](#parameter-migrationtoken) | string | Resource migration token. |
+| [`networkAcls`](#parameter-networkacls) | object | A collection of rules governing the accessibility from specific network locations. |
+| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. |
+| [`restore`](#parameter-restore) | bool | Restore a soft-deleted cognitive service at deployment time. Will fail if no such soft-deleted resource exists. |
+| [`restrictOutboundNetworkAccess`](#parameter-restrictoutboundnetworkaccess) | bool | Restrict outbound network access. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`sku`](#parameter-sku) | string | SKU of the Cognitive Services resource. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`userOwnedStorage`](#parameter-userownedstorage) | array | The storage accounts for this resource. |
+
+### Parameter: `allowedFqdnList`
+
+List of allowed FQDN.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `apiProperties`
+
+The API properties for special APIs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `cMKKeyName`
+
+The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVaultResourceId`
+
+The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVersion`
+
+The version of the customer managed key to reference for encryption. If not provided, latest is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKUserAssignedIdentityResourceId`
+
+User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `customSubDomainName`
+
+Subdomain name used for token-based authentication. Required if 'networkAcls' or 'privateEndpoints' are set.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, Audit, RequestResponse]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `disableLocalAuth`
+
+Allow only Azure AD authentication. Should be enabled for security reasons.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `dynamicThrottlingEnabled`
+
+The flag to enable dynamic throttling.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `kind`
+
+Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region.
+- Required: Yes
+- Type: string
+- Allowed: `[AnomalyDetector, Bing.Autosuggest.v7, Bing.CustomSearch, Bing.EntitySearch, Bing.Search.v7, Bing.SpellCheck.v7, CognitiveServices, ComputerVision, ContentModerator, CustomVision.Prediction, CustomVision.Training, Face, FormRecognizer, ImmersiveReader, Internal.AllInOne, LUIS, LUIS.Authoring, Personalizer, QnAMaker, SpeechServices, TextAnalytics, TextTranslation]`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `migrationToken`
+
+Resource migration token.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+The name of Cognitive Services account.
+- Required: Yes
+- Type: string
+
+### Parameter: `networkAcls`
+
+A collection of rules governing the accessibility from specific network locations.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `privateEndpoints`
+
+Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `publicNetworkAccess`
+
+Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Disabled, Enabled]`
+
+### Parameter: `restore`
+
+Restore a soft-deleted cognitive service at deployment time. Will fail if no such soft-deleted resource exists.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `restrictOutboundNetworkAccess`
+
+Restrict outbound network access.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `sku`
+
+SKU of the Cognitive Services resource. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region.
+- Required: No
+- Type: string
+- Default: `'S0'`
+- Allowed: `[C2, C3, C4, F0, F1, S, S0, S1, S10, S2, S3, S4, S5, S6, S7, S8, S9]`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userOwnedStorage`
+
+The storage accounts for this resource.
+- Required: No
+- Type: array
+- Default: `[]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `endpoint` | string | The service endpoint of the cognitive services account. |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the cognitive services account. |
+| `resourceGroupName` | string | The resource group the cognitive services account was deployed into. |
+| `resourceId` | string | The resource ID of the cognitive services account. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/private-endpoint` | Local reference |
+
 ## Notes
 
 Not all combinations of parameters `kind` and `SKU` are valid and they may vary in different Azure Regions. Please use PowerShell cmdlet `Get-AzCognitiveServicesAccountSku` or another methods to determine valid values in your region.
diff --git a/modules/cognitive-services/account/main.json b/modules/cognitive-services/account/main.json
index bf739e9b56..cbee7b00f2 100644
--- a/modules/cognitive-services/account/main.json
+++ b/modules/cognitive-services/account/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "11205324681033433198"
+      "version": "0.22.6.54827",
+      "templateHash": "13442875800072342008"
     },
     "name": "Cognitive Services",
     "description": "This module deploys a Cognitive Service.",
@@ -452,8 +452,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "14580007913383558904"
+              "version": "0.22.6.54827",
+              "templateHash": "2884140170473394983"
             },
             "name": "Private Endpoints",
             "description": "This module deploys a Private Endpoint.",
@@ -652,8 +652,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "2469208411936339153"
+                      "version": "0.22.6.54827",
+                      "templateHash": "5610247137574346230"
                     },
                     "name": "Private Endpoint Private DNS Zone Groups",
                     "description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -790,8 +790,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "13032708393704093995"
+                      "version": "0.22.6.54827",
+                      "templateHash": "14351187799927334028"
                     }
                   },
                   "parameters": {
@@ -1004,8 +1004,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "8402203115964616978"
+              "version": "0.22.6.54827",
+              "templateHash": "2121072685211673304"
             }
           },
           "parameters": {
diff --git a/modules/compute/availability-set/.test/common/main.test.bicep b/modules/compute/availability-set/.test/common/main.test.bicep
index 6bece2dc2d..ae1d4d2684 100644
--- a/modules/compute/availability-set/.test/common/main.test.bicep
+++ b/modules/compute/availability-set/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/availability-set/.test/min/main.test.bicep b/modules/compute/availability-set/.test/min/main.test.bicep
index 440148ac96..9160e72cc4 100644
--- a/modules/compute/availability-set/.test/min/main.test.bicep
+++ b/modules/compute/availability-set/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/availability-set/README.md b/modules/compute/availability-set/README.md
index 795e47aef4..2f5d79fb0b 100644
--- a/modules/compute/availability-set/README.md
+++ b/modules/compute/availability-set/README.md
@@ -4,13 +4,13 @@ This module deploys an Availability Set.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -18,57 +18,29 @@ This module deploys an Availability Set.
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 | `Microsoft.Compute/availabilitySets` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/availabilitySets) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the availability set that is being created. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` |  | Resource location. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `platformFaultDomainCount` | int | `2` |  | The number of fault domains to use. |
-| `platformUpdateDomainCount` | int | `5` |  | The number of update domains to use. |
-| `proximityPlacementGroupResourceId` | string | `''` |  | Resource ID of a proximity placement group. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `skuName` | string | `'Aligned'` |  | SKU of the availability set.</p>- Use 'Aligned' for virtual machines with managed disks.</p>- Use 'Classic' for virtual machines with unmanaged disks. |
-| `tags` | object | `{object}` |  | Tags of the availability set resource. |
-
+## Usage examples
 
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the availability set. |
-| `resourceGroupName` | string | The resource group the availability set was deployed into. |
-| `resourceId` | string | The resource ID of the availability set. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.availability-set:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module availabilitySet './compute/availability-set/main.bicep' = {
+module availabilitySet 'br:bicep/modules/compute.availability-set:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cascom'
   params: {
     // Required parameters
@@ -146,14 +118,17 @@ module availabilitySet './compute/availability-set/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module availabilitySet './compute/availability-set/main.bicep' = {
+module availabilitySet 'br:bicep/modules/compute.availability-set:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-casmin'
   params: {
     // Required parameters
@@ -190,3 +165,110 @@ module availabilitySet './compute/availability-set/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the availability set that is being created. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Resource location. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`platformFaultDomainCount`](#parameter-platformfaultdomaincount) | int | The number of fault domains to use. |
+| [`platformUpdateDomainCount`](#parameter-platformupdatedomaincount) | int | The number of update domains to use. |
+| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`skuName`](#parameter-skuname) | string | SKU of the availability set.</p>- Use 'Aligned' for virtual machines with managed disks.</p>- Use 'Classic' for virtual machines with unmanaged disks. |
+| [`tags`](#parameter-tags) | object | Tags of the availability set resource. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Resource location.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the availability set that is being created.
+- Required: Yes
+- Type: string
+
+### Parameter: `platformFaultDomainCount`
+
+The number of fault domains to use.
+- Required: No
+- Type: int
+- Default: `2`
+
+### Parameter: `platformUpdateDomainCount`
+
+The number of update domains to use.
+- Required: No
+- Type: int
+- Default: `5`
+
+### Parameter: `proximityPlacementGroupResourceId`
+
+Resource ID of a proximity placement group.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `skuName`
+
+SKU of the availability set.</p>- Use 'Aligned' for virtual machines with managed disks.</p>- Use 'Classic' for virtual machines with unmanaged disks.
+- Required: No
+- Type: string
+- Default: `'Aligned'`
+
+### Parameter: `tags`
+
+Tags of the availability set resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the availability set. |
+| `resourceGroupName` | string | The resource group the availability set was deployed into. |
+| `resourceId` | string | The resource ID of the availability set. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/compute/availability-set/main.json b/modules/compute/availability-set/main.json
index 0f7753fa37..19bcaa1b81 100644
--- a/modules/compute/availability-set/main.json
+++ b/modules/compute/availability-set/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "5171259001608994511"
+      "version": "0.22.6.54827",
+      "templateHash": "9507883477012630410"
     },
     "name": "Availability Sets",
     "description": "This module deploys an Availability Set.",
@@ -165,8 +165,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "12543587259073888483"
+              "version": "0.22.6.54827",
+              "templateHash": "5622639352313082546"
             }
           },
           "parameters": {
diff --git a/modules/compute/disk-encryption-set/.test/common/main.test.bicep b/modules/compute/disk-encryption-set/.test/common/main.test.bicep
index 5b54d45427..a6ad758a86 100644
--- a/modules/compute/disk-encryption-set/.test/common/main.test.bicep
+++ b/modules/compute/disk-encryption-set/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/disk-encryption-set/README.md b/modules/compute/disk-encryption-set/README.md
index beee32ad5d..f008764132 100644
--- a/modules/compute/disk-encryption-set/README.md
+++ b/modules/compute/disk-encryption-set/README.md
@@ -4,13 +4,13 @@ This module deploys a Disk Encryption Set.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -20,73 +20,26 @@ This module deploys a Disk Encryption Set.
 | `Microsoft.KeyVault/vaults/accessPolicies` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/accessPolicies) |
 | `Microsoft.ManagedIdentity/userAssignedIdentities` | [2018-11-30](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2018-11-30/userAssignedIdentities) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `keyName` | string | Key URL (with version) pointing to a key or secret in KeyVault. |
-| `keyVaultResourceId` | string | Resource ID of the KeyVault containing the key or secret. |
-| `name` | string | The name of the disk encryption set that is being created. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `systemAssignedIdentity` | bool | `True` | Enables system assigned managed identity on the resource. Required if userAssignedIdentities is empty. |
-| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if systemAssignedIdentity is set to "false". |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `encryptionType` | string | `'EncryptionAtRestWithPlatformAndCustomerKeys'` | `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys]` | The type of key used to encrypt the data of the disk. For security reasons, it is recommended to set encryptionType to EncryptionAtRestWithPlatformAndCustomerKeys. |
-| `federatedClientId` | string | `'None'` |  | Multi-tenant application client ID to access key vault in a different tenant. Setting the value to "None" will clear the property. |
-| `keyVersion` | string | `''` |  | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
-| `location` | string | `[resourceGroup().location]` |  | Resource location. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `rotationToLatestKeyVersionEnabled` | bool | `False` |  | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. |
-| `tags` | object | `{object}` |  | Tags of the disk encryption resource. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `identities` | object | The idenities of the disk encryption set. |
-| `keyVaultName` | string | The name of the key vault with the disk encryption key. |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the disk encryption set. |
-| `principalId` | string | The principal ID of the disk encryption set. |
-| `resourceGroupName` | string | The resource group the disk encryption set was deployed into. |
-| `resourceId` | string | The resource ID of the disk encryption set. |
-
-## Cross-referenced modules
+## Usage examples
 
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
-
-| Reference | Type |
-| :-- | :-- |
-| `key-vault/vault/access-policy` | Local reference |
-
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
    >**Note**: The name of each example is based on the name of the file from which it is taken.
 
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Accesspolicies</h3>
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.disk-encryption-set:1.0.0`.
+
+- [Accesspolicies](#example-1-accesspolicies)
+- [Using large parameter set](#example-2-using-large-parameter-set)
+
+### Example 1: _Accesspolicies_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = {
+module diskEncryptionSet 'br:bicep/modules/compute.disk-encryption-set:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cdesap'
   params: {
     // Required parameters
@@ -176,14 +129,17 @@ module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Common</h3>
+### Example 2: _Using large parameter set_
+
+This instance deploys the module with most of its features enabled.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = {
+module diskEncryptionSet 'br:bicep/modules/compute.disk-encryption-set:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cdescom'
   params: {
     // Required parameters
@@ -276,3 +232,153 @@ module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`keyName`](#parameter-keyname) | string | Key URL (with version) pointing to a key or secret in KeyVault. |
+| [`keyVaultResourceId`](#parameter-keyvaultresourceid) | string | Resource ID of the KeyVault containing the key or secret. |
+| [`name`](#parameter-name) | string | The name of the disk encryption set that is being created. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. Required if userAssignedIdentities is empty. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if systemAssignedIdentity is set to "false". |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`encryptionType`](#parameter-encryptiontype) | string | The type of key used to encrypt the data of the disk. For security reasons, it is recommended to set encryptionType to EncryptionAtRestWithPlatformAndCustomerKeys. |
+| [`federatedClientId`](#parameter-federatedclientid) | string | Multi-tenant application client ID to access key vault in a different tenant. Setting the value to "None" will clear the property. |
+| [`keyVersion`](#parameter-keyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
+| [`location`](#parameter-location) | string | Resource location. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`rotationToLatestKeyVersionEnabled`](#parameter-rotationtolatestkeyversionenabled) | bool | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. |
+| [`tags`](#parameter-tags) | object | Tags of the disk encryption resource. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `encryptionType`
+
+The type of key used to encrypt the data of the disk. For security reasons, it is recommended to set encryptionType to EncryptionAtRestWithPlatformAndCustomerKeys.
+- Required: No
+- Type: string
+- Default: `'EncryptionAtRestWithPlatformAndCustomerKeys'`
+- Allowed: `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys]`
+
+### Parameter: `federatedClientId`
+
+Multi-tenant application client ID to access key vault in a different tenant. Setting the value to "None" will clear the property.
+- Required: No
+- Type: string
+- Default: `'None'`
+
+### Parameter: `keyName`
+
+Key URL (with version) pointing to a key or secret in KeyVault.
+- Required: Yes
+- Type: string
+
+### Parameter: `keyVaultResourceId`
+
+Resource ID of the KeyVault containing the key or secret.
+- Required: Yes
+- Type: string
+
+### Parameter: `keyVersion`
+
+The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `location`
+
+Resource location.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the disk encryption set that is being created.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `rotationToLatestKeyVersionEnabled`
+
+Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource. Required if userAssignedIdentities is empty.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `tags`
+
+Tags of the disk encryption resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource. Required if systemAssignedIdentity is set to "false".
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `identities` | object | The idenities of the disk encryption set. |
+| `keyVaultName` | string | The name of the key vault with the disk encryption key. |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the disk encryption set. |
+| `principalId` | string | The principal ID of the disk encryption set. |
+| `resourceGroupName` | string | The resource group the disk encryption set was deployed into. |
+| `resourceId` | string | The resource ID of the disk encryption set. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/key-vault/vault/access-policy` | Local reference |
diff --git a/modules/compute/disk-encryption-set/main.json b/modules/compute/disk-encryption-set/main.json
index 64d9b15bb7..d695c7fa4b 100644
--- a/modules/compute/disk-encryption-set/main.json
+++ b/modules/compute/disk-encryption-set/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "18377917753202643188"
+      "version": "0.22.6.54827",
+      "templateHash": "2262193414925411787"
     },
     "name": "Disk Encryption Sets",
     "description": "This module deploys a Disk Encryption Set.",
@@ -210,8 +210,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "1230112027833486150"
+              "version": "0.22.6.54827",
+              "templateHash": "17441180682016270247"
             }
           },
           "parameters": {
@@ -286,8 +286,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "7222366309271203422"
+                      "version": "0.22.6.54827",
+                      "templateHash": "7398650593557443106"
                     }
                   },
                   "parameters": {
@@ -358,8 +358,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "10458348557666655329"
+                      "version": "0.22.6.54827",
+                      "templateHash": "2131300650084383528"
                     },
                     "name": "Key Vault Access Policies",
                     "description": "This module deploys a Key Vault Access Policy.",
@@ -492,8 +492,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "13165233376501361165"
+              "version": "0.22.6.54827",
+              "templateHash": "17225067072833999246"
             }
           },
           "parameters": {
diff --git a/modules/compute/disk/.test/common/main.test.bicep b/modules/compute/disk/.test/common/main.test.bicep
index 7b06f5ded0..aa9864c7ed 100644
--- a/modules/compute/disk/.test/common/main.test.bicep
+++ b/modules/compute/disk/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/disk/.test/min/main.test.bicep b/modules/compute/disk/.test/min/main.test.bicep
index 15661b44b4..6a69bbe644 100644
--- a/modules/compute/disk/.test/min/main.test.bicep
+++ b/modules/compute/disk/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/disk/README.md b/modules/compute/disk/README.md
index 1c03c30837..8157f6c48a 100644
--- a/modules/compute/disk/README.md
+++ b/modules/compute/disk/README.md
@@ -5,10 +5,10 @@ This module deploys a Compute Disk
 ## Navigation
 
 - [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
 ## Resource Types
 
@@ -18,80 +18,31 @@ This module deploys a Compute Disk
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 | `Microsoft.Compute/disks` | [2022-07-02](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-07-02/disks) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `name` | string |  | The name of the disk that is being created. |
-| `sku` | string | `[Premium_LRS, Premium_ZRS, Premium_ZRS, PremiumV2_LRS, Standard_LRS, StandardSSD_LRS, UltraSSD_LRS]` | The disks sku name. Can be . |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `diskSizeGB` | int | `0` | The size of the disk to create. Required if create option is Empty. |
-| `storageAccountId` | string | `''` | The resource ID of the storage account containing the blob to import as a disk. Required if create option is Import. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `acceleratedNetwork` | bool | `False` |  | True if the image from which the OS disk is created supports accelerated networking. |
-| `architecture` | string | `''` | `['', Arm64, x64]` | CPU architecture supported by an OS disk. |
-| `burstingEnabled` | bool | `False` |  | Set to true to enable bursting beyond the provisioned performance target of the disk. |
-| `completionPercent` | int | `100` |  | Percentage complete for the background copy when a resource is created via the CopyStart operation. |
-| `createOption` | string | `'Empty'` | `[Attach, Copy, CopyStart, Empty, FromImage, Import, ImportSecure, Restore, Upload, UploadPreparedSecure]` | Sources of a disk creation. |
-| `diskIOPSReadWrite` | int | `0` |  | The number of IOPS allowed for this disk; only settable for UltraSSD disks. |
-| `diskMBpsReadWrite` | int | `0` |  | The bandwidth allowed for this disk; only settable for UltraSSD disks. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `hyperVGeneration` | string | `'V2'` | `[V1, V2]` | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. |
-| `imageReferenceId` | string | `''` |  | A relative uri containing either a Platform Image Repository or user image reference. |
-| `location` | string | `[resourceGroup().location]` |  | Resource location. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `logicalSectorSize` | int | `4096` |  | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. |
-| `maxShares` | int | `1` |  | The maximum number of VMs that can attach to the disk at the same time. Default value is 0. |
-| `networkAccessPolicy` | string | `'DenyAll'` | `[AllowAll, AllowPrivate, DenyAll]` | Policy for accessing the disk via network. |
-| `optimizedForFrequentAttach` | bool | `False` |  | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. |
-| `osType` | string | `''` | `['', Linux, Windows]` | Sources of a disk creation. |
-| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | Policy for controlling export on the disk. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `securityDataUri` | string | `''` |  | If create option is ImportSecure, this is the URI of a blob to be imported into VM guest state. |
-| `sourceResourceId` | string | `''` |  | If create option is Copy, this is the ARM ID of the source snapshot or disk. |
-| `sourceUri` | string | `''` |  | If create option is Import, this is the URI of a blob to be imported into a managed disk. |
-| `tags` | object | `{object}` |  | Tags of the availability set resource. |
-| `uploadSizeBytes` | int | `20972032` |  | If create option is Upload, this is the size of the contents of the upload including the VHD footer. |
-
+## Usage examples
 
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the disk. |
-| `resourceGroupName` | string | The resource group the  disk was deployed into. |
-| `resourceId` | string | The resource ID of the disk. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.disk:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Image](#example-2-image)
+- [Import](#example-3-import)
+- [Using only defaults](#example-4-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module disk './compute/disk/main.bicep' = {
+module disk 'br:bicep/modules/compute.disk:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cdcom'
   params: {
     // Required parameters
@@ -193,14 +144,14 @@ module disk './compute/disk/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Image</h3>
+### Example 2: _Image_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module disk './compute/disk/main.bicep' = {
+module disk 'br:bicep/modules/compute.disk:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cdimg'
   params: {
     // Required parameters
@@ -282,14 +233,14 @@ module disk './compute/disk/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 3: Import</h3>
+### Example 3: _Import_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module disk './compute/disk/main.bicep' = {
+module disk 'br:bicep/modules/compute.disk:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cdimp'
   params: {
     // Required parameters
@@ -375,14 +326,17 @@ module disk './compute/disk/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 4: Min</h3>
+### Example 4: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module disk './compute/disk/main.bicep' = {
+module disk 'br:bicep/modules/compute.disk:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cdmin'
   params: {
     // Required parameters
@@ -427,3 +381,265 @@ module disk './compute/disk/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the disk that is being created. |
+| [`sku`](#parameter-sku) | string | The disks sku name. Can be . |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`diskSizeGB`](#parameter-disksizegb) | int | The size of the disk to create. Required if create option is Empty. |
+| [`storageAccountId`](#parameter-storageaccountid) | string | The resource ID of the storage account containing the blob to import as a disk. Required if create option is Import. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`acceleratedNetwork`](#parameter-acceleratednetwork) | bool | True if the image from which the OS disk is created supports accelerated networking. |
+| [`architecture`](#parameter-architecture) | string | CPU architecture supported by an OS disk. |
+| [`burstingEnabled`](#parameter-burstingenabled) | bool | Set to true to enable bursting beyond the provisioned performance target of the disk. |
+| [`completionPercent`](#parameter-completionpercent) | int | Percentage complete for the background copy when a resource is created via the CopyStart operation. |
+| [`createOption`](#parameter-createoption) | string | Sources of a disk creation. |
+| [`diskIOPSReadWrite`](#parameter-diskiopsreadwrite) | int | The number of IOPS allowed for this disk; only settable for UltraSSD disks. |
+| [`diskMBpsReadWrite`](#parameter-diskmbpsreadwrite) | int | The bandwidth allowed for this disk; only settable for UltraSSD disks. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`hyperVGeneration`](#parameter-hypervgeneration) | string | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. |
+| [`imageReferenceId`](#parameter-imagereferenceid) | string | A relative uri containing either a Platform Image Repository or user image reference. |
+| [`location`](#parameter-location) | string | Resource location. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`logicalSectorSize`](#parameter-logicalsectorsize) | int | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. |
+| [`maxShares`](#parameter-maxshares) | int | The maximum number of VMs that can attach to the disk at the same time. Default value is 0. |
+| [`networkAccessPolicy`](#parameter-networkaccesspolicy) | string | Policy for accessing the disk via network. |
+| [`optimizedForFrequentAttach`](#parameter-optimizedforfrequentattach) | bool | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. |
+| [`osType`](#parameter-ostype) | string | Sources of a disk creation. |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Policy for controlling export on the disk. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`securityDataUri`](#parameter-securitydatauri) | string | If create option is ImportSecure, this is the URI of a blob to be imported into VM guest state. |
+| [`sourceResourceId`](#parameter-sourceresourceid) | string | If create option is Copy, this is the ARM ID of the source snapshot or disk. |
+| [`sourceUri`](#parameter-sourceuri) | string | If create option is Import, this is the URI of a blob to be imported into a managed disk. |
+| [`tags`](#parameter-tags) | object | Tags of the availability set resource. |
+| [`uploadSizeBytes`](#parameter-uploadsizebytes) | int | If create option is Upload, this is the size of the contents of the upload including the VHD footer. |
+
+### Parameter: `acceleratedNetwork`
+
+True if the image from which the OS disk is created supports accelerated networking.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `architecture`
+
+CPU architecture supported by an OS disk.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Arm64, x64]`
+
+### Parameter: `burstingEnabled`
+
+Set to true to enable bursting beyond the provisioned performance target of the disk.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `completionPercent`
+
+Percentage complete for the background copy when a resource is created via the CopyStart operation.
+- Required: No
+- Type: int
+- Default: `100`
+
+### Parameter: `createOption`
+
+Sources of a disk creation.
+- Required: No
+- Type: string
+- Default: `'Empty'`
+- Allowed: `[Attach, Copy, CopyStart, Empty, FromImage, Import, ImportSecure, Restore, Upload, UploadPreparedSecure]`
+
+### Parameter: `diskIOPSReadWrite`
+
+The number of IOPS allowed for this disk; only settable for UltraSSD disks.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `diskMBpsReadWrite`
+
+The bandwidth allowed for this disk; only settable for UltraSSD disks.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `diskSizeGB`
+
+The size of the disk to create. Required if create option is Empty.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `hyperVGeneration`
+
+The hypervisor generation of the Virtual Machine. Applicable to OS disks only.
+- Required: No
+- Type: string
+- Default: `'V2'`
+- Allowed: `[V1, V2]`
+
+### Parameter: `imageReferenceId`
+
+A relative uri containing either a Platform Image Repository or user image reference.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `location`
+
+Resource location.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `logicalSectorSize`
+
+Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096.
+- Required: No
+- Type: int
+- Default: `4096`
+
+### Parameter: `maxShares`
+
+The maximum number of VMs that can attach to the disk at the same time. Default value is 0.
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `name`
+
+The name of the disk that is being created.
+- Required: Yes
+- Type: string
+
+### Parameter: `networkAccessPolicy`
+
+Policy for accessing the disk via network.
+- Required: No
+- Type: string
+- Default: `'DenyAll'`
+- Allowed: `[AllowAll, AllowPrivate, DenyAll]`
+
+### Parameter: `optimizedForFrequentAttach`
+
+Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `osType`
+
+Sources of a disk creation.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Linux, Windows]`
+
+### Parameter: `publicNetworkAccess`
+
+Policy for controlling export on the disk.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `securityDataUri`
+
+If create option is ImportSecure, this is the URI of a blob to be imported into VM guest state.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `sku`
+
+The disks sku name. Can be .
+- Required: Yes
+- Type: string
+- Allowed: `[Premium_LRS, Premium_ZRS, Premium_ZRS, PremiumV2_LRS, Standard_LRS, StandardSSD_LRS, UltraSSD_LRS]`
+
+### Parameter: `sourceResourceId`
+
+If create option is Copy, this is the ARM ID of the source snapshot or disk.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `sourceUri`
+
+If create option is Import, this is the URI of a blob to be imported into a managed disk.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `storageAccountId`
+
+The resource ID of the storage account containing the blob to import as a disk. Required if create option is Import.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `tags`
+
+Tags of the availability set resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `uploadSizeBytes`
+
+If create option is Upload, this is the size of the contents of the upload including the VHD footer.
+- Required: No
+- Type: int
+- Default: `20972032`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the disk. |
+| `resourceGroupName` | string | The resource group the  disk was deployed into. |
+| `resourceId` | string | The resource ID of the disk. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/compute/disk/main.json b/modules/compute/disk/main.json
index 39c388e7bf..84ea41a567 100644
--- a/modules/compute/disk/main.json
+++ b/modules/compute/disk/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "5862388830070369227"
+      "version": "0.22.6.54827",
+      "templateHash": "12764361220335313353"
     },
     "name": "Compute Disks",
     "description": "This module deploys a Compute Disk",
@@ -353,8 +353,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "15033488944608271524"
+              "version": "0.22.6.54827",
+              "templateHash": "9743538331774034121"
             }
           },
           "parameters": {
diff --git a/modules/compute/gallery/.test/common/main.test.bicep b/modules/compute/gallery/.test/common/main.test.bicep
index 7d1d8b24e4..661d7c9463 100644
--- a/modules/compute/gallery/.test/common/main.test.bicep
+++ b/modules/compute/gallery/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/gallery/.test/min/main.test.bicep b/modules/compute/gallery/.test/min/main.test.bicep
index df2b8e1bfb..363ba87906 100644
--- a/modules/compute/gallery/.test/min/main.test.bicep
+++ b/modules/compute/gallery/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/gallery/README.md b/modules/compute/gallery/README.md
index 361dfefa38..e518757185 100644
--- a/modules/compute/gallery/README.md
+++ b/modules/compute/gallery/README.md
@@ -5,10 +5,10 @@ This module deploys an Azure Compute Gallery (formerly known as Shared Image Gal
 ## Navigation
 
 - [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
 ## Resource Types
 
@@ -20,56 +20,29 @@ This module deploys an Azure Compute Gallery (formerly known as Shared Image Gal
 | `Microsoft.Compute/galleries/applications` | [2022-03-03](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-03-03/galleries/applications) |
 | `Microsoft.Compute/galleries/images` | [2022-03-03](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-03-03/galleries/images) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Azure Compute Gallery. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `applications` | array | `[]` |  | Applications to create. |
-| `description` | string | `''` |  | Description of the Azure Shared Image Gallery. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `images` | array | `[]` |  | Images to create. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `tags` | object | `{object}` |  | Tags for all resources. |
-
+## Usage examples
 
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the deployed image gallery. |
-| `resourceGroupName` | string | The resource group of the deployed image gallery. |
-| `resourceId` | string | The resource ID of the deployed image gallery. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.gallery:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module gallery './compute/gallery/main.bicep' = {
+module gallery 'br:bicep/modules/compute.gallery:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cgcom'
   params: {
     // Required parameters
@@ -401,14 +374,17 @@ module gallery './compute/gallery/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module gallery './compute/gallery/main.bicep' = {
+module gallery 'br:bicep/modules/compute.gallery:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cgmin'
   params: {
     // Required parameters
@@ -445,3 +421,102 @@ module gallery './compute/gallery/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Azure Compute Gallery. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`applications`](#parameter-applications) | array | Applications to create. |
+| [`description`](#parameter-description) | string | Description of the Azure Shared Image Gallery. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`images`](#parameter-images) | array | Images to create. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Tags for all resources. |
+
+### Parameter: `applications`
+
+Applications to create.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `description`
+
+Description of the Azure Shared Image Gallery.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `images`
+
+Images to create.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of the Azure Compute Gallery.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags for all resources.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the deployed image gallery. |
+| `resourceGroupName` | string | The resource group of the deployed image gallery. |
+| `resourceId` | string | The resource ID of the deployed image gallery. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/compute/gallery/application/README.md b/modules/compute/gallery/application/README.md
index ad83eb42dc..9f581840d4 100644
--- a/modules/compute/gallery/application/README.md
+++ b/modules/compute/gallery/application/README.md
@@ -4,13 +4,13 @@ This module deploys an Azure Compute Gallery Application.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
 - [Notes](#Notes)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -21,36 +21,126 @@ This module deploys an Azure Compute Gallery Application.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `name` | string | Name of the application definition. |
+| [`name`](#parameter-name) | string | Name of the application definition. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `galleryName` | string | The name of the parent Azure Compute Gallery. Required if the template is used in a standalone deployment. |
+| [`galleryName`](#parameter-galleryname) | string | The name of the parent Azure Compute Gallery. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `customActions` | array | `[]` |  | A list of custom actions that can be performed with all of the Gallery Application Versions within this Gallery Application. |
-| `description` | string | `''` |  | The description of this gallery Application Definition resource. This property is updatable. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `endOfLifeDate` | string | `''` |  | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. |
-| `eula` | string | `''` |  | The Eula agreement for the gallery Application Definition. Has to be a valid URL. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `privacyStatementUri` | string | `''` |  | The privacy statement uri. Has to be a valid URL. |
-| `releaseNoteUri` | string | `''` |  | The release note uri. Has to be a valid URL. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `supportedOSType` | string | `'Windows'` | `[Linux, Windows]` | This property allows you to specify the supported type of the OS that application is built for. |
-| `tags` | object | `{object}` |  | Tags for all resources. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`customActions`](#parameter-customactions) | array | A list of custom actions that can be performed with all of the Gallery Application Versions within this Gallery Application. |
+| [`description`](#parameter-description) | string | The description of this gallery Application Definition resource. This property is updatable. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`endOfLifeDate`](#parameter-endoflifedate) | string | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. |
+| [`eula`](#parameter-eula) | string | The Eula agreement for the gallery Application Definition. Has to be a valid URL. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`privacyStatementUri`](#parameter-privacystatementuri) | string | The privacy statement uri. Has to be a valid URL. |
+| [`releaseNoteUri`](#parameter-releasenoteuri) | string | The release note uri. Has to be a valid URL. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`supportedOSType`](#parameter-supportedostype) | string | This property allows you to specify the supported type of the OS that application is built for. |
+| [`tags`](#parameter-tags) | object | Tags for all resources. |
+
+### Parameter: `customActions`
+
+A list of custom actions that can be performed with all of the Gallery Application Versions within this Gallery Application.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `description`
+
+The description of this gallery Application Definition resource. This property is updatable.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `endOfLifeDate`
+
+The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `eula`
+
+The Eula agreement for the gallery Application Definition. Has to be a valid URL.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `galleryName`
+
+The name of the parent Azure Compute Gallery. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+Name of the application definition.
+- Required: Yes
+- Type: string
+
+### Parameter: `privacyStatementUri`
+
+The privacy statement uri. Has to be a valid URL.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `releaseNoteUri`
+
+The release note uri. Has to be a valid URL.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `supportedOSType`
+
+This property allows you to specify the supported type of the OS that application is built for.
+- Required: No
+- Type: string
+- Default: `'Windows'`
+- Allowed: `[Linux, Windows]`
+
+### Parameter: `tags`
+
+Tags for all resources.
+- Required: No
+- Type: object
+- Default: `{object}`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `location` | string | The location the resource was deployed into. |
 | `name` | string | The name of the image. |
diff --git a/modules/compute/gallery/application/main.json b/modules/compute/gallery/application/main.json
index 723172da86..c845191f4c 100644
--- a/modules/compute/gallery/application/main.json
+++ b/modules/compute/gallery/application/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "302763326863799273"
+      "version": "0.22.6.54827",
+      "templateHash": "16139720757397534180"
     },
     "name": "Compute Galleries Applications",
     "description": "This module deploys an Azure Compute Gallery Application.",
@@ -172,8 +172,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.20.4.51522",
-              "templateHash": "3891555929973685105"
+              "version": "0.22.6.54827",
+              "templateHash": "13281580182526787077"
             }
           },
           "parameters": {
diff --git a/modules/compute/gallery/image/README.md b/modules/compute/gallery/image/README.md
index 51ccbb2e93..3ad27fb151 100644
--- a/modules/compute/gallery/image/README.md
+++ b/modules/compute/gallery/image/README.md
@@ -4,12 +4,12 @@ This module deploys an Azure Compute Gallery Image Definition.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -20,51 +20,251 @@ This module deploys an Azure Compute Gallery Image Definition.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `name` | string | Name of the image definition. |
+| [`name`](#parameter-name) | string | Name of the image definition. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `galleryName` | string | The name of the parent Azure Shared Image Gallery. Required if the template is used in a standalone deployment. |
+| [`galleryName`](#parameter-galleryname) | string | The name of the parent Azure Shared Image Gallery. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `description` | string | `''` |  | The description of this gallery Image Definition resource. This property is updatable. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `endOfLife` | string | `''` |  | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. |
-| `eula` | string | `''` |  | The Eula agreement for the gallery Image Definition. Has to be a valid URL. |
-| `excludedDiskTypes` | array | `[]` |  | List of the excluded disk types. E.g. Standard_LRS. |
-| `hyperVGeneration` | string | `''` | `['', V1, V2]` | The hypervisor generation of the Virtual Machine.</p>- If this value is not specified, then it is determined by the securityType parameter.</p>- If the securityType parameter is specified, then the value of hyperVGeneration will be V2, else V1. |
-| `isAcceleratedNetworkSupported` | string | `'false'` | `[false, true]` | The image supports accelerated networking.</p>Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance.</p>This high-performance path bypasses the host from the data path, which reduces latency, jitter, and CPU utilization for the most demanding network workloads on supported VM types. |
-| `isHibernateSupported` | string | `'false'` | `[false, true]` | The image will support hibernation. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `maxRecommendedMemory` | int | `16` |  | The maximum amount of RAM in GB recommended for this image. |
-| `maxRecommendedvCPUs` | int | `4` |  | The maximum number of the CPU cores recommended for this image. |
-| `minRecommendedMemory` | int | `4` |  | The minimum amount of RAM in GB recommended for this image. |
-| `minRecommendedvCPUs` | int | `1` |  | The minimum number of the CPU cores recommended for this image. |
-| `offer` | string | `'WindowsServer'` |  | The name of the gallery Image Definition offer. |
-| `osState` | string | `'Generalized'` | `[Generalized, Specialized]` | This property allows the user to specify whether the virtual machines created under this image are 'Generalized' or 'Specialized'. |
-| `osType` | string | `'Windows'` | `[Linux, Windows]` | OS type of the image to be created. |
-| `planName` | string | `''` |  | The plan ID. |
-| `planPublisherName` | string | `''` |  | The publisher ID. |
-| `privacyStatementUri` | string | `''` |  | The privacy statement uri. Has to be a valid URL. |
-| `productName` | string | `''` |  | The product ID. |
-| `publisher` | string | `'MicrosoftWindowsServer'` |  | The name of the gallery Image Definition publisher. |
-| `releaseNoteUri` | string | `''` |  | The release note uri. Has to be a valid URL. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `securityType` | string | `'Standard'` | `[ConfidentialVM, ConfidentialVMSupported, Standard, TrustedLaunch]` | The security type of the image. Requires a hyperVGeneration V2. |
-| `sku` | string | `'2019-Datacenter'` |  | The name of the gallery Image Definition SKU. |
-| `tags` | object | `{object}` |  | Tags for all resources. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | The description of this gallery Image Definition resource. This property is updatable. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`endOfLife`](#parameter-endoflife) | string | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. |
+| [`eula`](#parameter-eula) | string | The Eula agreement for the gallery Image Definition. Has to be a valid URL. |
+| [`excludedDiskTypes`](#parameter-excludeddisktypes) | array | List of the excluded disk types. E.g. Standard_LRS. |
+| [`hyperVGeneration`](#parameter-hypervgeneration) | string | The hypervisor generation of the Virtual Machine.</p>- If this value is not specified, then it is determined by the securityType parameter.</p>- If the securityType parameter is specified, then the value of hyperVGeneration will be V2, else V1. |
+| [`isAcceleratedNetworkSupported`](#parameter-isacceleratednetworksupported) | string | The image supports accelerated networking.</p>Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance.</p>This high-performance path bypasses the host from the data path, which reduces latency, jitter, and CPU utilization for the most demanding network workloads on supported VM types. |
+| [`isHibernateSupported`](#parameter-ishibernatesupported) | string | The image will support hibernation. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`maxRecommendedMemory`](#parameter-maxrecommendedmemory) | int | The maximum amount of RAM in GB recommended for this image. |
+| [`maxRecommendedvCPUs`](#parameter-maxrecommendedvcpus) | int | The maximum number of the CPU cores recommended for this image. |
+| [`minRecommendedMemory`](#parameter-minrecommendedmemory) | int | The minimum amount of RAM in GB recommended for this image. |
+| [`minRecommendedvCPUs`](#parameter-minrecommendedvcpus) | int | The minimum number of the CPU cores recommended for this image. |
+| [`offer`](#parameter-offer) | string | The name of the gallery Image Definition offer. |
+| [`osState`](#parameter-osstate) | string | This property allows the user to specify whether the virtual machines created under this image are 'Generalized' or 'Specialized'. |
+| [`osType`](#parameter-ostype) | string | OS type of the image to be created. |
+| [`planName`](#parameter-planname) | string | The plan ID. |
+| [`planPublisherName`](#parameter-planpublishername) | string | The publisher ID. |
+| [`privacyStatementUri`](#parameter-privacystatementuri) | string | The privacy statement uri. Has to be a valid URL. |
+| [`productName`](#parameter-productname) | string | The product ID. |
+| [`publisher`](#parameter-publisher) | string | The name of the gallery Image Definition publisher. |
+| [`releaseNoteUri`](#parameter-releasenoteuri) | string | The release note uri. Has to be a valid URL. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`securityType`](#parameter-securitytype) | string | The security type of the image. Requires a hyperVGeneration V2. |
+| [`sku`](#parameter-sku) | string | The name of the gallery Image Definition SKU. |
+| [`tags`](#parameter-tags) | object | Tags for all resources. |
+
+### Parameter: `description`
+
+The description of this gallery Image Definition resource. This property is updatable.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `endOfLife`
+
+The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `eula`
+
+The Eula agreement for the gallery Image Definition. Has to be a valid URL.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `excludedDiskTypes`
+
+List of the excluded disk types. E.g. Standard_LRS.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `galleryName`
+
+The name of the parent Azure Shared Image Gallery. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `hyperVGeneration`
+
+The hypervisor generation of the Virtual Machine.</p>- If this value is not specified, then it is determined by the securityType parameter.</p>- If the securityType parameter is specified, then the value of hyperVGeneration will be V2, else V1.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', V1, V2]`
+
+### Parameter: `isAcceleratedNetworkSupported`
+
+The image supports accelerated networking.</p>Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance.</p>This high-performance path bypasses the host from the data path, which reduces latency, jitter, and CPU utilization for the most demanding network workloads on supported VM types.
+- Required: No
+- Type: string
+- Default: `'false'`
+- Allowed: `[false, true]`
+
+### Parameter: `isHibernateSupported`
+
+The image will support hibernation.
+- Required: No
+- Type: string
+- Default: `'false'`
+- Allowed: `[false, true]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `maxRecommendedMemory`
+
+The maximum amount of RAM in GB recommended for this image.
+- Required: No
+- Type: int
+- Default: `16`
+
+### Parameter: `maxRecommendedvCPUs`
+
+The maximum number of the CPU cores recommended for this image.
+- Required: No
+- Type: int
+- Default: `4`
+
+### Parameter: `minRecommendedMemory`
+
+The minimum amount of RAM in GB recommended for this image.
+- Required: No
+- Type: int
+- Default: `4`
+
+### Parameter: `minRecommendedvCPUs`
+
+The minimum number of the CPU cores recommended for this image.
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `name`
+
+Name of the image definition.
+- Required: Yes
+- Type: string
+
+### Parameter: `offer`
+
+The name of the gallery Image Definition offer.
+- Required: No
+- Type: string
+- Default: `'WindowsServer'`
+
+### Parameter: `osState`
+
+This property allows the user to specify whether the virtual machines created under this image are 'Generalized' or 'Specialized'.
+- Required: No
+- Type: string
+- Default: `'Generalized'`
+- Allowed: `[Generalized, Specialized]`
+
+### Parameter: `osType`
+
+OS type of the image to be created.
+- Required: No
+- Type: string
+- Default: `'Windows'`
+- Allowed: `[Linux, Windows]`
+
+### Parameter: `planName`
+
+The plan ID.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `planPublisherName`
+
+The publisher ID.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `privacyStatementUri`
+
+The privacy statement uri. Has to be a valid URL.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `productName`
+
+The product ID.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `publisher`
+
+The name of the gallery Image Definition publisher.
+- Required: No
+- Type: string
+- Default: `'MicrosoftWindowsServer'`
+
+### Parameter: `releaseNoteUri`
+
+The release note uri. Has to be a valid URL.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `securityType`
+
+The security type of the image. Requires a hyperVGeneration V2.
+- Required: No
+- Type: string
+- Default: `'Standard'`
+- Allowed: `[ConfidentialVM, ConfidentialVMSupported, Standard, TrustedLaunch]`
+
+### Parameter: `sku`
+
+The name of the gallery Image Definition SKU.
+- Required: No
+- Type: string
+- Default: `'2019-Datacenter'`
+
+### Parameter: `tags`
+
+Tags for all resources.
+- Required: No
+- Type: object
+- Default: `{object}`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `location` | string | The location the resource was deployed into. |
 | `name` | string | The name of the image. |
diff --git a/modules/compute/gallery/image/main.json b/modules/compute/gallery/image/main.json
index 3cc4aa0a12..27cd77a9d9 100644
--- a/modules/compute/gallery/image/main.json
+++ b/modules/compute/gallery/image/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "14112753208892308004"
+      "version": "0.22.6.54827",
+      "templateHash": "12756969313323460277"
     },
     "name": "Compute Galleries Image Definitions",
     "description": "This module deploys an Azure Compute Gallery Image Definition.",
@@ -333,8 +333,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.20.4.51522",
-              "templateHash": "5875220683176267757"
+              "version": "0.22.6.54827",
+              "templateHash": "11966293152836776526"
             }
           },
           "parameters": {
diff --git a/modules/compute/gallery/main.json b/modules/compute/gallery/main.json
index 30cefa77b2..d1a6ae1c3b 100644
--- a/modules/compute/gallery/main.json
+++ b/modules/compute/gallery/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "9949380945514738513"
+      "version": "0.22.6.54827",
+      "templateHash": "18299186787302449822"
     },
     "name": "Azure Compute Galleries",
     "description": "This module deploys an Azure Compute Gallery (formerly known as Shared Image Gallery).",
@@ -158,8 +158,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "4214079490664881100"
+              "version": "0.22.6.54827",
+              "templateHash": "14589885933064386870"
             }
           },
           "parameters": {
@@ -333,8 +333,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "3432608104011360661"
+              "version": "0.22.6.54827",
+              "templateHash": "16139720757397534180"
             },
             "name": "Compute Galleries Applications",
             "description": "This module deploys an Azure Compute Gallery Application.",
@@ -501,8 +501,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "1432477963725169802"
+                      "version": "0.22.6.54827",
+                      "templateHash": "13281580182526787077"
                     }
                   },
                   "parameters": {
@@ -726,8 +726,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "11726406803846510228"
+              "version": "0.22.6.54827",
+              "templateHash": "12756969313323460277"
             },
             "name": "Compute Galleries Image Definitions",
             "description": "This module deploys an Azure Compute Gallery Image Definition.",
@@ -1055,8 +1055,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "9996928759826468102"
+                      "version": "0.22.6.54827",
+                      "templateHash": "11966293152836776526"
                     }
                   },
                   "parameters": {
diff --git a/modules/compute/image/.test/common/main.test.bicep b/modules/compute/image/.test/common/main.test.bicep
index 05f4ac649e..64743cb96c 100644
--- a/modules/compute/image/.test/common/main.test.bicep
+++ b/modules/compute/image/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/image/README.md b/modules/compute/image/README.md
index bfe1ab68d0..bfb88c0c34 100644
--- a/modules/compute/image/README.md
+++ b/modules/compute/image/README.md
@@ -4,79 +4,41 @@ This module deploys a Compute Image.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 | `Microsoft.Compute/images` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/images) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the image. |
-| `osDiskBlobUri` | string | The Virtual Hard Disk. |
-| `osType` | string | This property allows you to specify the type of the OS that is included in the disk if creating a VM from a custom image. - Windows or Linux. |
+## Usage examples
 
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `dataDisks` | array | `[]` |  | Specifies the parameters that are used to add a data disk to a virtual machine. |
-| `diskEncryptionSetResourceId` | string | `''` |  | Specifies the customer managed disk encryption set resource ID for the managed image disk. |
-| `diskSizeGB` | int | `128` |  | Specifies the size of empty data disks in gigabytes. This element can be used to overwrite the name of the disk in a virtual machine image. This value cannot be larger than 1023 GB. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `extendedLocation` | object | `{object}` |  | The extended location of the Image. |
-| `hyperVGeneration` | string | `'V1'` |  | Gets the HyperVGenerationType of the VirtualMachine created from the image. - V1 or V2. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `managedDiskResourceId` | string | `''` |  | The managedDisk. |
-| `osAccountType` | string |  |  | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. - Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS. |
-| `osDiskCaching` | string |  |  | Specifies the caching requirements. Default: None for Standard storage. ReadOnly for Premium storage. - None, ReadOnly, ReadWrite. |
-| `osState` | string | `'Generalized'` | `[Generalized, Specialized]` | The OS State. For managed images, use Generalized. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `snapshotResourceId` | string | `''` |  | The snapshot resource ID. |
-| `sourceVirtualMachineResourceId` | string | `''` |  | The source virtual machine from which Image is created. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `zoneResilient` | bool | `False` |  | Default is false. Specifies whether an image is zone resilient or not. Zone resilient images can be created only in regions that provide Zone Redundant Storage (ZRS). |
-
-
-## Outputs
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the image. |
-| `resourceGroupName` | string | The resource group the image was deployed into. |
-| `resourceId` | string | The resource ID of the image. |
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-## Cross-referenced modules
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.image:1.0.0`.
 
-_None_
+- [Using large parameter set](#example-1-using-large-parameter-set)
 
-## Deployment examples
+### Example 1: _Using large parameter set_
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+This instance deploys the module with most of its features enabled.
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module image './compute/image/main.bicep' = {
+module image 'br:bicep/modules/compute.image:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cicom'
   params: {
     // Required parameters
@@ -181,3 +143,178 @@ module image './compute/image/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the image. |
+| [`osDiskBlobUri`](#parameter-osdiskbloburi) | string | The Virtual Hard Disk. |
+| [`osType`](#parameter-ostype) | string | This property allows you to specify the type of the OS that is included in the disk if creating a VM from a custom image. - Windows or Linux. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`dataDisks`](#parameter-datadisks) | array | Specifies the parameters that are used to add a data disk to a virtual machine. |
+| [`diskEncryptionSetResourceId`](#parameter-diskencryptionsetresourceid) | string | Specifies the customer managed disk encryption set resource ID for the managed image disk. |
+| [`diskSizeGB`](#parameter-disksizegb) | int | Specifies the size of empty data disks in gigabytes. This element can be used to overwrite the name of the disk in a virtual machine image. This value cannot be larger than 1023 GB. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`extendedLocation`](#parameter-extendedlocation) | object | The extended location of the Image. |
+| [`hyperVGeneration`](#parameter-hypervgeneration) | string | Gets the HyperVGenerationType of the VirtualMachine created from the image. - V1 or V2. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`managedDiskResourceId`](#parameter-manageddiskresourceid) | string | The managedDisk. |
+| [`osAccountType`](#parameter-osaccounttype) | string | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. - Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS. |
+| [`osDiskCaching`](#parameter-osdiskcaching) | string | Specifies the caching requirements. Default: None for Standard storage. ReadOnly for Premium storage. - None, ReadOnly, ReadWrite. |
+| [`osState`](#parameter-osstate) | string | The OS State. For managed images, use Generalized. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`snapshotResourceId`](#parameter-snapshotresourceid) | string | The snapshot resource ID. |
+| [`sourceVirtualMachineResourceId`](#parameter-sourcevirtualmachineresourceid) | string | The source virtual machine from which Image is created. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`zoneResilient`](#parameter-zoneresilient) | bool | Default is false. Specifies whether an image is zone resilient or not. Zone resilient images can be created only in regions that provide Zone Redundant Storage (ZRS). |
+
+### Parameter: `dataDisks`
+
+Specifies the parameters that are used to add a data disk to a virtual machine.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `diskEncryptionSetResourceId`
+
+Specifies the customer managed disk encryption set resource ID for the managed image disk.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diskSizeGB`
+
+Specifies the size of empty data disks in gigabytes. This element can be used to overwrite the name of the disk in a virtual machine image. This value cannot be larger than 1023 GB.
+- Required: No
+- Type: int
+- Default: `128`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `extendedLocation`
+
+The extended location of the Image.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `hyperVGeneration`
+
+Gets the HyperVGenerationType of the VirtualMachine created from the image. - V1 or V2.
+- Required: No
+- Type: string
+- Default: `'V1'`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `managedDiskResourceId`
+
+The managedDisk.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+The name of the image.
+- Required: Yes
+- Type: string
+
+### Parameter: `osAccountType`
+
+Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. - Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS.
+- Required: Yes
+- Type: string
+
+### Parameter: `osDiskBlobUri`
+
+The Virtual Hard Disk.
+- Required: Yes
+- Type: string
+
+### Parameter: `osDiskCaching`
+
+Specifies the caching requirements. Default: None for Standard storage. ReadOnly for Premium storage. - None, ReadOnly, ReadWrite.
+- Required: Yes
+- Type: string
+
+### Parameter: `osState`
+
+The OS State. For managed images, use Generalized.
+- Required: No
+- Type: string
+- Default: `'Generalized'`
+- Allowed: `[Generalized, Specialized]`
+
+### Parameter: `osType`
+
+This property allows you to specify the type of the OS that is included in the disk if creating a VM from a custom image. - Windows or Linux.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `snapshotResourceId`
+
+The snapshot resource ID.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `sourceVirtualMachineResourceId`
+
+The source virtual machine from which Image is created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `zoneResilient`
+
+Default is false. Specifies whether an image is zone resilient or not. Zone resilient images can be created only in regions that provide Zone Redundant Storage (ZRS).
+- Required: No
+- Type: bool
+- Default: `False`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the image. |
+| `resourceGroupName` | string | The resource group the image was deployed into. |
+| `resourceId` | string | The resource ID of the image. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/compute/image/main.json b/modules/compute/image/main.json
index ae3a9cc984..4d5551e4a8 100644
--- a/modules/compute/image/main.json
+++ b/modules/compute/image/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "2820072627955480116"
+      "version": "0.22.6.54827",
+      "templateHash": "10714756522840080401"
     },
     "name": "Images",
     "description": "This module deploys a Compute Image.",
@@ -221,8 +221,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "18299600248178146819"
+              "version": "0.22.6.54827",
+              "templateHash": "17260715174516023943"
             }
           },
           "parameters": {
diff --git a/modules/compute/proximity-placement-group/.test/common/main.test.bicep b/modules/compute/proximity-placement-group/.test/common/main.test.bicep
index 04e74c7088..38de4fd5d1 100644
--- a/modules/compute/proximity-placement-group/.test/common/main.test.bicep
+++ b/modules/compute/proximity-placement-group/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/proximity-placement-group/.test/min/main.test.bicep b/modules/compute/proximity-placement-group/.test/min/main.test.bicep
index 244fae144c..cb745a8bda 100644
--- a/modules/compute/proximity-placement-group/.test/min/main.test.bicep
+++ b/modules/compute/proximity-placement-group/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/proximity-placement-group/README.md b/modules/compute/proximity-placement-group/README.md
index 42bb92577b..98c3ab9444 100644
--- a/modules/compute/proximity-placement-group/README.md
+++ b/modules/compute/proximity-placement-group/README.md
@@ -4,13 +4,13 @@ This module deploys a Proximity Placement Group.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -18,57 +18,29 @@ This module deploys a Proximity Placement Group.
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 | `Microsoft.Compute/proximityPlacementGroups` | [2022-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-08-01/proximityPlacementGroups) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the proximity placement group that is being created. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `colocationStatus` | object | `{object}` |  | Describes colocation status of the Proximity Placement Group. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `intent` | object | `{object}` |  | Specifies the user intent of the proximity placement group. |
-| `location` | string | `[resourceGroup().location]` |  | Resource location. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `tags` | object | `{object}` |  | Tags of the proximity placement group resource. |
-| `type` | string | `'Standard'` | `[Standard, Ultra]` | Specifies the type of the proximity placement group. |
-| `zones` | array | `[]` |  | Specifies the Availability Zone where virtual machine, virtual machine scale set or availability set associated with the proximity placement group can be created. |
-
+## Usage examples
 
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the proximity placement group. |
-| `resourceGroupName` | string | The resource group the proximity placement group was deployed into. |
-| `resourceId` | string | The resourceId the proximity placement group. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.proximity-placement-group:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module proximityPlacementGroup './compute/proximity-placement-group/main.bicep' = {
+module proximityPlacementGroup 'br:bicep/modules/compute.proximity-placement-group:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cppgcom'
   params: {
     // Required parameters
@@ -182,14 +154,17 @@ module proximityPlacementGroup './compute/proximity-placement-group/main.bicep'
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module proximityPlacementGroup './compute/proximity-placement-group/main.bicep' = {
+module proximityPlacementGroup 'br:bicep/modules/compute.proximity-placement-group:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cppgmin'
   params: {
     // Required parameters
@@ -226,3 +201,111 @@ module proximityPlacementGroup './compute/proximity-placement-group/main.bicep'
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the proximity placement group that is being created. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`colocationStatus`](#parameter-colocationstatus) | object | Describes colocation status of the Proximity Placement Group. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`intent`](#parameter-intent) | object | Specifies the user intent of the proximity placement group. |
+| [`location`](#parameter-location) | string | Resource location. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Tags of the proximity placement group resource. |
+| [`type`](#parameter-type) | string | Specifies the type of the proximity placement group. |
+| [`zones`](#parameter-zones) | array | Specifies the Availability Zone where virtual machine, virtual machine scale set or availability set associated with the proximity placement group can be created. |
+
+### Parameter: `colocationStatus`
+
+Describes colocation status of the Proximity Placement Group.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `intent`
+
+Specifies the user intent of the proximity placement group.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `location`
+
+Resource location.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the proximity placement group that is being created.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the proximity placement group resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `type`
+
+Specifies the type of the proximity placement group.
+- Required: No
+- Type: string
+- Default: `'Standard'`
+- Allowed: `[Standard, Ultra]`
+
+### Parameter: `zones`
+
+Specifies the Availability Zone where virtual machine, virtual machine scale set or availability set associated with the proximity placement group can be created.
+- Required: No
+- Type: array
+- Default: `[]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the proximity placement group. |
+| `resourceGroupName` | string | The resource group the proximity placement group was deployed into. |
+| `resourceId` | string | The resourceId the proximity placement group. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/compute/proximity-placement-group/main.json b/modules/compute/proximity-placement-group/main.json
index c14b4643cf..515ff086af 100644
--- a/modules/compute/proximity-placement-group/main.json
+++ b/modules/compute/proximity-placement-group/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "12193143335374733252"
+      "version": "0.22.6.54827",
+      "templateHash": "6477295143375151288"
     },
     "name": "Proximity Placement Groups",
     "description": "This module deploys a Proximity Placement Group.",
@@ -167,8 +167,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "9569185937867215918"
+              "version": "0.22.6.54827",
+              "templateHash": "843117559787773713"
             }
           },
           "parameters": {
diff --git a/modules/compute/ssh-public-key/.test/common/main.test.bicep b/modules/compute/ssh-public-key/.test/common/main.test.bicep
index 0a61dd1d16..f20494fb87 100644
--- a/modules/compute/ssh-public-key/.test/common/main.test.bicep
+++ b/modules/compute/ssh-public-key/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/ssh-public-key/.test/min/main.test.bicep b/modules/compute/ssh-public-key/.test/min/main.test.bicep
index c115e84702..dfc7cdd0ec 100644
--- a/modules/compute/ssh-public-key/.test/min/main.test.bicep
+++ b/modules/compute/ssh-public-key/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/compute/ssh-public-key/README.md b/modules/compute/ssh-public-key/README.md
index ae6fc16917..8789b85ef3 100644
--- a/modules/compute/ssh-public-key/README.md
+++ b/modules/compute/ssh-public-key/README.md
@@ -7,10 +7,10 @@ This module deploys a Public SSH Key.
 ## Navigation
 
 - [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
 ## Resource Types
 
@@ -20,54 +20,29 @@ This module deploys a Public SSH Key.
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 | `Microsoft.Compute/sshPublicKeys` | [2022-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-08-01/sshPublicKeys) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the SSH public Key that is being created. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` |  | Resource location. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `publicKey` | string | `''` |  | SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `tags` | object | `{object}` |  | Tags of the availability set resource. |
+## Usage examples
 
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the Public SSH Key. |
-| `resourceGroupName` | string | The name of the Resource Group the Public SSH Key was created in. |
-| `resourceId` | string | The resource ID of the Public SSH Key. |
-
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.ssh-public-key:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module sshPublicKey './compute/ssh-public-key/main.bicep' = {
+module sshPublicKey 'br:bicep/modules/compute.ssh-public-key:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cspkcom'
   params: {
     // Required parameters
@@ -109,14 +84,17 @@ module sshPublicKey './compute/ssh-public-key/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module sshPublicKey './compute/ssh-public-key/main.bicep' = {
+module sshPublicKey 'br:bicep/modules/compute.ssh-public-key:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cspkmin'
   params: {
     // Required parameters
@@ -153,3 +131,86 @@ module sshPublicKey './compute/ssh-public-key/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the SSH public Key that is being created. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Resource location. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`publicKey`](#parameter-publickey) | string | SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Tags of the availability set resource. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Resource location.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the SSH public Key that is being created.
+- Required: Yes
+- Type: string
+
+### Parameter: `publicKey`
+
+SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the availability set resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the Public SSH Key. |
+| `resourceGroupName` | string | The name of the Resource Group the Public SSH Key was created in. |
+| `resourceId` | string | The resource ID of the Public SSH Key. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/compute/ssh-public-key/main.json b/modules/compute/ssh-public-key/main.json
index 8249f12974..b0179a9ba4 100644
--- a/modules/compute/ssh-public-key/main.json
+++ b/modules/compute/ssh-public-key/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "15954994307790830722"
+      "version": "0.22.6.54827",
+      "templateHash": "10030504426335419860"
     },
     "name": "Public SSH Keys",
     "description": "This module deploys a Public SSH Key.\r\n\r\n> Note: The resource does not auto-generate the key for you.",
@@ -139,8 +139,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "6373247458133694880"
+              "version": "0.22.6.54827",
+              "templateHash": "12934875075357551454"
             }
           },
           "parameters": {
diff --git a/modules/compute/virtual-machine-scale-set/README.md b/modules/compute/virtual-machine-scale-set/README.md
index 9c7583c1c4..fe88a71ad7 100644
--- a/modules/compute/virtual-machine-scale-set/README.md
+++ b/modules/compute/virtual-machine-scale-set/README.md
@@ -4,14 +4,14 @@ This module deploys a Virtual Machine Scale Set.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 - [Notes](#Notes)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -21,134 +21,29 @@ This module deploys a Virtual Machine Scale Set.
 | `Microsoft.Compute/virtualMachineScaleSets/extensions` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/virtualMachineScaleSets/extensions) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 
-### Resource dependency
+## Usage examples
 
-The following resources are required to be able to deploy this resource.
-
-- `Microsoft.Network/VirtualNetwork`
-
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `adminUsername` | securestring |  | Administrator username. |
-| `imageReference` | object |  | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. |
-| `name` | string |  | Name of the VMSS. |
-| `nicConfigurations` | array |  | Configures NICs and PIPs. |
-| `osDisk` | object |  | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. |
-| `osType` | string | `[Linux, Windows]` | The chosen OS type. |
-| `skuName` | string |  | The SKU size of the VMs. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `additionalUnattendContent` | array | `[]` |  | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. |
-| `adminPassword` | securestring | `''` |  | When specifying a Windows Virtual Machine, this value should be passed. |
-| `automaticRepairsPolicyEnabled` | bool | `False` |  | Specifies whether automatic repairs should be enabled on the virtual machine scale set. |
-| `availabilityZones` | array | `[]` |  | The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. |
-| `bootDiagnosticStorageAccountName` | string | `''` |  | Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. |
-| `bootDiagnosticStorageAccountUri` | string | `[format('.blob.{0}/', environment().suffixes.storage)]` |  | Storage account boot diagnostic base URI. |
-| `customData` | string | `''` |  | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. |
-| `dataDisks` | array | `[]` |  | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `disableAutomaticRollback` | bool | `False` |  | Whether OS image rollback feature should be disabled. |
-| `disablePasswordAuthentication` | bool | `False` |  | Specifies whether password authentication should be disabled. |
-| `doNotRunExtensionsOnOverprovisionedVMs` | bool | `False` |  | When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. |
-| `enableAutomaticOSUpgrade` | bool | `False` |  | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. |
-| `enableAutomaticUpdates` | bool | `True` |  | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enableEvictionPolicy` | bool | `False` |  | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. |
-| `encryptionAtHost` | bool | `True` |  | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets. |
-| `extensionAntiMalwareConfig` | object | `{object}` |  | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionAzureDiskEncryptionConfig` | object | `{object}` |  | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. |
-| `extensionCustomScriptConfig` | object | `{object}` |  | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionDependencyAgentConfig` | object | `{object}` |  | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionDomainJoinConfig` | object | `{object}` |  | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionDomainJoinPassword` | securestring | `''` |  | Required if name is specified. Password of the user specified in user parameter. |
-| `extensionDSCConfig` | object | `{object}` |  | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionMonitoringAgentConfig` | object | `{object}` |  | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionNetworkWatcherAgentConfig` | object | `{object}` |  | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `gracePeriod` | string | `'PT30M'` |  | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). |
-| `licenseType` | string | `''` | `['', Windows_Client, Windows_Server]` | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `maxBatchInstancePercent` | int | `20` |  | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. |
-| `maxPriceForLowPriorityVm` | string | `''` |  | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. |
-| `maxUnhealthyInstancePercent` | int | `20` |  | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. |
-| `maxUnhealthyUpgradedInstancePercent` | int | `20` |  | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. |
-| `monitoringWorkspaceId` | string | `''` |  | Resource ID of the monitoring log analytics workspace. |
-| `overprovision` | bool | `False` |  | Specifies whether the Virtual Machine Scale Set should be overprovisioned. |
-| `pauseTimeBetweenBatches` | string | `'PT0S'` |  | The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. |
-| `plan` | object | `{object}` |  | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. |
-| `provisionVMAgent` | bool | `True` |  | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
-| `proximityPlacementGroupResourceId` | string | `''` |  | Resource ID of a proximity placement group. |
-| `publicIpDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` |  | The name of the diagnostic setting, if deployed. |
-| `publicKeys` | array | `[]` |  | The list of SSH public keys used to authenticate with linux based VMs. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `sasTokenValidityLength` | string | `'PT8H'` |  | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. |
-| `scaleInPolicy` | object | `{object}` |  | Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in. |
-| `scaleSetFaultDomain` | int | `2` |  | Fault Domain count for each placement group. |
-| `scheduledEventsProfile` | object | `{object}` |  | Specifies Scheduled Event related configurations. |
-| `secrets` | array | `[]` |  | Specifies set of certificates that should be installed onto the virtual machines in the scale set. |
-| `secureBootEnabled` | bool | `False` |  | Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
-| `securityType` | string | `''` |  | Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings. |
-| `singlePlacementGroup` | bool | `True` |  | When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. |
-| `skuCapacity` | int | `1` |  | The initial instance count of scale set VMs. |
-| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `timeZone` | string | `''` |  | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. |
-| `ultraSSDEnabled` | bool | `False` |  | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. |
-| `upgradePolicyMode` | string | `'Manual'` | `[Automatic, Manual, Rolling]` | Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling. |
-| `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. |
-| `vmNamePrefix` | string | `'vmssvm'` |  | Specifies the computer name prefix for all of the virtual machines in the scale set. |
-| `vmPriority` | string | `'Regular'` | `[Low, Regular, Spot]` | Specifies the priority for the virtual machine. |
-| `vTpmEnabled` | bool | `False` |  | Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings.  SecurityType should be set to TrustedLaunch to enable UefiSettings. |
-| `winRM` | object | `{object}` |  | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. |
-| `zoneBalance` | bool | `False` |  | Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. |
-
-**Generated parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `baseTime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a registration token. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the virtual machine scale set. |
-| `resourceGroupName` | string | The resource group of the virtual machine scale set. |
-| `resourceId` | string | The resource ID of the virtual machine scale set. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
-
-_None_
-
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
    >**Note**: The name of each example is based on the name of the file from which it is taken.
 
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Linux</h3>
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.virtual-machine-scale-set:1.0.0`.
+
+- [Linux](#example-1-linux)
+- [Linux.Min](#example-2-linuxmin)
+- [Linux.Ssecmk](#example-3-linuxssecmk)
+- [Windows](#example-4-windows)
+- [Windows.Min](#example-5-windowsmin)
+
+### Example 1: _Linux_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = {
+module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmsslin'
   params: {
     // Required parameters
@@ -492,14 +387,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =
 </details>
 <p>
 
-<h3>Example 2: Linux.Min</h3>
+### Example 2: _Linux.Min_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = {
+module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmsslinmin'
   params: {
     // Required parameters
@@ -629,14 +524,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =
 </details>
 <p>
 
-<h3>Example 3: Linux.Ssecmk</h3>
+### Example 3: _Linux.Ssecmk_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = {
+module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmsslcmk'
   params: {
     // Required parameters
@@ -816,14 +711,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =
 </details>
 <p>
 
-<h3>Example 4: Windows</h3>
+### Example 4: _Windows_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = {
+module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmsswin'
   params: {
     // Required parameters
@@ -1149,14 +1044,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =
 </details>
 <p>
 
-<h3>Example 5: Windows.Min</h3>
+### Example 5: _Windows.Min_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = {
+module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmsswinmin'
   params: {
     // Required parameters
@@ -1273,6 +1168,638 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =
 <p>
 
 
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`adminUsername`](#parameter-adminusername) | securestring | Administrator username. |
+| [`imageReference`](#parameter-imagereference) | object | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. |
+| [`name`](#parameter-name) | string | Name of the VMSS. |
+| [`nicConfigurations`](#parameter-nicconfigurations) | array | Configures NICs and PIPs. |
+| [`osDisk`](#parameter-osdisk) | object | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. |
+| [`osType`](#parameter-ostype) | string | The chosen OS type. |
+| [`skuName`](#parameter-skuname) | string | The SKU size of the VMs. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`additionalUnattendContent`](#parameter-additionalunattendcontent) | array | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. |
+| [`adminPassword`](#parameter-adminpassword) | securestring | When specifying a Windows Virtual Machine, this value should be passed. |
+| [`automaticRepairsPolicyEnabled`](#parameter-automaticrepairspolicyenabled) | bool | Specifies whether automatic repairs should be enabled on the virtual machine scale set. |
+| [`availabilityZones`](#parameter-availabilityzones) | array | The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. |
+| [`bootDiagnosticStorageAccountName`](#parameter-bootdiagnosticstorageaccountname) | string | Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. |
+| [`bootDiagnosticStorageAccountUri`](#parameter-bootdiagnosticstorageaccounturi) | string | Storage account boot diagnostic base URI. |
+| [`customData`](#parameter-customdata) | string | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. |
+| [`dataDisks`](#parameter-datadisks) | array | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`disableAutomaticRollback`](#parameter-disableautomaticrollback) | bool | Whether OS image rollback feature should be disabled. |
+| [`disablePasswordAuthentication`](#parameter-disablepasswordauthentication) | bool | Specifies whether password authentication should be disabled. |
+| [`doNotRunExtensionsOnOverprovisionedVMs`](#parameter-donotrunextensionsonoverprovisionedvms) | bool | When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. |
+| [`enableAutomaticOSUpgrade`](#parameter-enableautomaticosupgrade) | bool | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. |
+| [`enableAutomaticUpdates`](#parameter-enableautomaticupdates) | bool | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enableEvictionPolicy`](#parameter-enableevictionpolicy) | bool | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. |
+| [`encryptionAtHost`](#parameter-encryptionathost) | bool | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets. |
+| [`extensionAntiMalwareConfig`](#parameter-extensionantimalwareconfig) | object | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionAzureDiskEncryptionConfig`](#parameter-extensionazurediskencryptionconfig) | object | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. |
+| [`extensionCustomScriptConfig`](#parameter-extensioncustomscriptconfig) | object | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionDependencyAgentConfig`](#parameter-extensiondependencyagentconfig) | object | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionDomainJoinConfig`](#parameter-extensiondomainjoinconfig) | object | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionDomainJoinPassword`](#parameter-extensiondomainjoinpassword) | securestring | Required if name is specified. Password of the user specified in user parameter. |
+| [`extensionDSCConfig`](#parameter-extensiondscconfig) | object | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionMonitoringAgentConfig`](#parameter-extensionmonitoringagentconfig) | object | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionNetworkWatcherAgentConfig`](#parameter-extensionnetworkwatcheragentconfig) | object | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`gracePeriod`](#parameter-graceperiod) | string | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). |
+| [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`maxBatchInstancePercent`](#parameter-maxbatchinstancepercent) | int | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. |
+| [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. |
+| [`maxUnhealthyInstancePercent`](#parameter-maxunhealthyinstancepercent) | int | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. |
+| [`maxUnhealthyUpgradedInstancePercent`](#parameter-maxunhealthyupgradedinstancepercent) | int | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. |
+| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. |
+| [`overprovision`](#parameter-overprovision) | bool | Specifies whether the Virtual Machine Scale Set should be overprovisioned. |
+| [`pauseTimeBetweenBatches`](#parameter-pausetimebetweenbatches) | string | The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. |
+| [`plan`](#parameter-plan) | object | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. |
+| [`provisionVMAgent`](#parameter-provisionvmagent) | bool | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
+| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. |
+| [`publicIpDiagnosticSettingsName`](#parameter-publicipdiagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. |
+| [`publicKeys`](#parameter-publickeys) | array | The list of SSH public keys used to authenticate with linux based VMs. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. |
+| [`scaleInPolicy`](#parameter-scaleinpolicy) | object | Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in. |
+| [`scaleSetFaultDomain`](#parameter-scalesetfaultdomain) | int | Fault Domain count for each placement group. |
+| [`scheduledEventsProfile`](#parameter-scheduledeventsprofile) | object | Specifies Scheduled Event related configurations. |
+| [`secrets`](#parameter-secrets) | array | Specifies set of certificates that should be installed onto the virtual machines in the scale set. |
+| [`secureBootEnabled`](#parameter-securebootenabled) | bool | Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
+| [`securityType`](#parameter-securitytype) | string | Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings. |
+| [`singlePlacementGroup`](#parameter-singleplacementgroup) | bool | When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. |
+| [`skuCapacity`](#parameter-skucapacity) | int | The initial instance count of scale set VMs. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`timeZone`](#parameter-timezone) | string | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. |
+| [`ultraSSDEnabled`](#parameter-ultrassdenabled) | bool | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. |
+| [`upgradePolicyMode`](#parameter-upgradepolicymode) | string | Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+| [`vmNamePrefix`](#parameter-vmnameprefix) | string | Specifies the computer name prefix for all of the virtual machines in the scale set. |
+| [`vmPriority`](#parameter-vmpriority) | string | Specifies the priority for the virtual machine. |
+| [`vTpmEnabled`](#parameter-vtpmenabled) | bool | Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings.  SecurityType should be set to TrustedLaunch to enable UefiSettings. |
+| [`winRM`](#parameter-winrm) | object | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. |
+| [`zoneBalance`](#parameter-zonebalance) | bool | Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. |
+
+**Generated parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. |
+
+### Parameter: `additionalUnattendContent`
+
+Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `adminPassword`
+
+When specifying a Windows Virtual Machine, this value should be passed.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `adminUsername`
+
+Administrator username.
+- Required: Yes
+- Type: securestring
+
+### Parameter: `automaticRepairsPolicyEnabled`
+
+Specifies whether automatic repairs should be enabled on the virtual machine scale set.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `availabilityZones`
+
+The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `baseTime`
+
+Do not provide a value! This date value is used to generate a registration token.
+- Required: No
+- Type: string
+- Default: `[utcNow('u')]`
+
+### Parameter: `bootDiagnosticStorageAccountName`
+
+Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `bootDiagnosticStorageAccountUri`
+
+Storage account boot diagnostic base URI.
+- Required: No
+- Type: string
+- Default: `[format('.blob.{0}/', environment().suffixes.storage)]`
+
+### Parameter: `customData`
+
+Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `dataDisks`
+
+Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `disableAutomaticRollback`
+
+Whether OS image rollback feature should be disabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `disablePasswordAuthentication`
+
+Specifies whether password authentication should be disabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `doNotRunExtensionsOnOverprovisionedVMs`
+
+When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableAutomaticOSUpgrade`
+
+Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableAutomaticUpdates`
+
+Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableEvictionPolicy`
+
+Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `encryptionAtHost`
+
+This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `extensionAntiMalwareConfig`
+
+The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionAzureDiskEncryptionConfig`
+
+The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionCustomScriptConfig`
+
+The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionDependencyAgentConfig`
+
+The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionDomainJoinConfig`
+
+The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionDomainJoinPassword`
+
+Required if name is specified. Password of the user specified in user parameter.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `extensionDSCConfig`
+
+The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionMonitoringAgentConfig`
+
+The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionNetworkWatcherAgentConfig`
+
+The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `gracePeriod`
+
+The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M).
+- Required: No
+- Type: string
+- Default: `'PT30M'`
+
+### Parameter: `imageReference`
+
+OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image.
+- Required: Yes
+- Type: object
+
+### Parameter: `licenseType`
+
+Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Windows_Client, Windows_Server]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `maxBatchInstancePercent`
+
+The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability.
+- Required: No
+- Type: int
+- Default: `20`
+
+### Parameter: `maxPriceForLowPriorityVm`
+
+Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `maxUnhealthyInstancePercent`
+
+The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch.
+- Required: No
+- Type: int
+- Default: `20`
+
+### Parameter: `maxUnhealthyUpgradedInstancePercent`
+
+The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch.
+- Required: No
+- Type: int
+- Default: `20`
+
+### Parameter: `monitoringWorkspaceId`
+
+Resource ID of the monitoring log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+Name of the VMSS.
+- Required: Yes
+- Type: string
+
+### Parameter: `nicConfigurations`
+
+Configures NICs and PIPs.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `osDisk`
+
+Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
+- Required: Yes
+- Type: object
+
+### Parameter: `osType`
+
+The chosen OS type.
+- Required: Yes
+- Type: string
+- Allowed: `[Linux, Windows]`
+
+### Parameter: `overprovision`
+
+Specifies whether the Virtual Machine Scale Set should be overprovisioned.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `pauseTimeBetweenBatches`
+
+The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format.
+- Required: No
+- Type: string
+- Default: `'PT0S'`
+
+### Parameter: `plan`
+
+Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `provisionVMAgent`
+
+Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `proximityPlacementGroupResourceId`
+
+Resource ID of a proximity placement group.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `publicIpDiagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed.
+- Required: No
+- Type: string
+- Default: `[format('{0}-diagnosticSettings', parameters('name'))]`
+
+### Parameter: `publicKeys`
+
+The list of SSH public keys used to authenticate with linux based VMs.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `sasTokenValidityLength`
+
+SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.
+- Required: No
+- Type: string
+- Default: `'PT8H'`
+
+### Parameter: `scaleInPolicy`
+
+Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `scaleSetFaultDomain`
+
+Fault Domain count for each placement group.
+- Required: No
+- Type: int
+- Default: `2`
+
+### Parameter: `scheduledEventsProfile`
+
+Specifies Scheduled Event related configurations.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `secrets`
+
+Specifies set of certificates that should be installed onto the virtual machines in the scale set.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `secureBootEnabled`
+
+Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `securityType`
+
+Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `singlePlacementGroup`
+
+When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `skuCapacity`
+
+The initial instance count of scale set VMs.
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `skuName`
+
+The SKU size of the VMs.
+- Required: Yes
+- Type: string
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `timeZone`
+
+Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `ultraSSDEnabled`
+
+The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `upgradePolicyMode`
+
+Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling.
+- Required: No
+- Type: string
+- Default: `'Manual'`
+- Allowed: `[Automatic, Manual, Rolling]`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `vmNamePrefix`
+
+Specifies the computer name prefix for all of the virtual machines in the scale set.
+- Required: No
+- Type: string
+- Default: `'vmssvm'`
+
+### Parameter: `vmPriority`
+
+Specifies the priority for the virtual machine.
+- Required: No
+- Type: string
+- Default: `'Regular'`
+- Allowed: `[Low, Regular, Spot]`
+
+### Parameter: `vTpmEnabled`
+
+Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings.  SecurityType should be set to TrustedLaunch to enable UefiSettings.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `winRM`
+
+Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `zoneBalance`
+
+Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage.
+- Required: No
+- Type: bool
+- Default: `False`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the virtual machine scale set. |
+| `resourceGroupName` | string | The resource group of the virtual machine scale set. |
+| `resourceId` | string | The resource ID of the virtual machine scale set. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+_None_
+
 ## Notes
 
 ### Parameter Usage: `imageReference`
diff --git a/modules/compute/virtual-machine-scale-set/extension/README.md b/modules/compute/virtual-machine-scale-set/extension/README.md
index 52412ef886..462a5b3111 100644
--- a/modules/compute/virtual-machine-scale-set/extension/README.md
+++ b/modules/compute/virtual-machine-scale-set/extension/README.md
@@ -19,35 +19,112 @@ This module deploys a Virtual Machine Scale Set Extension.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `autoUpgradeMinorVersion` | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. |
-| `enableAutomaticUpgrade` | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. |
-| `name` | string | The name of the virtual machine scale set extension. |
-| `publisher` | string | The name of the extension handler publisher. |
-| `type` | string | Specifies the type of the extension; an example is "CustomScriptExtension". |
-| `typeHandlerVersion` | string | Specifies the version of the script handler. |
+| [`autoUpgradeMinorVersion`](#parameter-autoupgrademinorversion) | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. |
+| [`enableAutomaticUpgrade`](#parameter-enableautomaticupgrade) | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. |
+| [`name`](#parameter-name) | string | The name of the virtual machine scale set extension. |
+| [`publisher`](#parameter-publisher) | string | The name of the extension handler publisher. |
+| [`type`](#parameter-type) | string | Specifies the type of the extension; an example is "CustomScriptExtension". |
+| [`typeHandlerVersion`](#parameter-typehandlerversion) | string | Specifies the version of the script handler. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `virtualMachineScaleSetName` | string | The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment. |
+| [`virtualMachineScaleSetName`](#parameter-virtualmachinescalesetname) | string | The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `forceUpdateTag` | string | `''` | How the extension handler should be forced to update even if the extension configuration has not changed. |
-| `protectedSettings` | secureObject | `{object}` | Any object that contains the extension specific protected settings. |
-| `settings` | object | `{object}` | Any object that contains the extension specific settings. |
-| `supressFailures` | bool | `False` | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`forceUpdateTag`](#parameter-forceupdatetag) | string | How the extension handler should be forced to update even if the extension configuration has not changed. |
+| [`protectedSettings`](#parameter-protectedsettings) | secureObject | Any object that contains the extension specific protected settings. |
+| [`settings`](#parameter-settings) | object | Any object that contains the extension specific settings. |
+| [`supressFailures`](#parameter-supressfailures) | bool | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. |
+
+### Parameter: `autoUpgradeMinorVersion`
+
+Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true.
+- Required: Yes
+- Type: bool
+
+### Parameter: `enableAutomaticUpgrade`
+
+Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available.
+- Required: Yes
+- Type: bool
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `forceUpdateTag`
+
+How the extension handler should be forced to update even if the extension configuration has not changed.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+The name of the virtual machine scale set extension.
+- Required: Yes
+- Type: string
+
+### Parameter: `protectedSettings`
+
+Any object that contains the extension specific protected settings.
+- Required: No
+- Type: secureObject
+- Default: `{object}`
+
+### Parameter: `publisher`
+
+The name of the extension handler publisher.
+- Required: Yes
+- Type: string
+
+### Parameter: `settings`
+
+Any object that contains the extension specific settings.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `supressFailures`
+
+Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `type`
+
+Specifies the type of the extension; an example is "CustomScriptExtension".
+- Required: Yes
+- Type: string
+
+### Parameter: `typeHandlerVersion`
+
+Specifies the version of the script handler.
+- Required: Yes
+- Type: string
+
+### Parameter: `virtualMachineScaleSetName`
+
+The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the extension. |
 | `resourceGroupName` | string | The name of the Resource Group the extension was created in. |
diff --git a/modules/compute/virtual-machine-scale-set/extension/main.json b/modules/compute/virtual-machine-scale-set/extension/main.json
index 14783762a8..d63e240501 100644
--- a/modules/compute/virtual-machine-scale-set/extension/main.json
+++ b/modules/compute/virtual-machine-scale-set/extension/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "3045861199823874082"
+      "version": "0.22.6.54827",
+      "templateHash": "5906561479759498703"
     },
     "name": "Virtual Machine Scale Set Extensions",
     "description": "This module deploys a Virtual Machine Scale Set Extension.",
diff --git a/modules/compute/virtual-machine-scale-set/main.json b/modules/compute/virtual-machine-scale-set/main.json
index 974fbd8b00..59b04e2594 100644
--- a/modules/compute/virtual-machine-scale-set/main.json
+++ b/modules/compute/virtual-machine-scale-set/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "12564504054150617860"
+      "version": "0.22.6.54827",
+      "templateHash": "1180320046795963031"
     },
     "name": "Virtual Machine Scale Sets",
     "description": "This module deploys a Virtual Machine Scale Set.",
@@ -842,8 +842,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "7816202249753353774"
+              "version": "0.22.6.54827",
+              "templateHash": "5906561479759498703"
             },
             "name": "Virtual Machine Scale Set Extensions",
             "description": "This module deploys a Virtual Machine Scale Set Extension.",
@@ -1028,8 +1028,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "7816202249753353774"
+              "version": "0.22.6.54827",
+              "templateHash": "5906561479759498703"
             },
             "name": "Virtual Machine Scale Set Extensions",
             "description": "This module deploys a Virtual Machine Scale Set Extension.",
@@ -1219,8 +1219,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "7816202249753353774"
+              "version": "0.22.6.54827",
+              "templateHash": "5906561479759498703"
             },
             "name": "Virtual Machine Scale Set Extensions",
             "description": "This module deploys a Virtual Machine Scale Set Extension.",
@@ -1400,8 +1400,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "7816202249753353774"
+              "version": "0.22.6.54827",
+              "templateHash": "5906561479759498703"
             },
             "name": "Virtual Machine Scale Set Extensions",
             "description": "This module deploys a Virtual Machine Scale Set Extension.",
@@ -1581,8 +1581,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "7816202249753353774"
+              "version": "0.22.6.54827",
+              "templateHash": "5906561479759498703"
             },
             "name": "Virtual Machine Scale Set Extensions",
             "description": "This module deploys a Virtual Machine Scale Set Extension.",
@@ -1766,8 +1766,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "7816202249753353774"
+              "version": "0.22.6.54827",
+              "templateHash": "5906561479759498703"
             },
             "name": "Virtual Machine Scale Set Extensions",
             "description": "This module deploys a Virtual Machine Scale Set Extension.",
@@ -1957,8 +1957,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "7816202249753353774"
+              "version": "0.22.6.54827",
+              "templateHash": "5906561479759498703"
             },
             "name": "Virtual Machine Scale Set Extensions",
             "description": "This module deploys a Virtual Machine Scale Set Extension.",
@@ -2143,8 +2143,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "7816202249753353774"
+              "version": "0.22.6.54827",
+              "templateHash": "5906561479759498703"
             },
             "name": "Virtual Machine Scale Set Extensions",
             "description": "This module deploys a Virtual Machine Scale Set Extension.",
@@ -2326,8 +2326,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "18352328702844325130"
+              "version": "0.22.6.54827",
+              "templateHash": "2683570948982482973"
             }
           },
           "parameters": {
diff --git a/modules/compute/virtual-machine/README.md b/modules/compute/virtual-machine/README.md
index 0a3195f2ef..a635528a68 100644
--- a/modules/compute/virtual-machine/README.md
+++ b/modules/compute/virtual-machine/README.md
@@ -5,10 +5,10 @@ This module deploys a Virtual Machine with one or multiple NICs and optionally o
 ## Navigation
 
 - [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 - [Notes](#Notes)
 
 ## Resource Types
@@ -25,132 +25,31 @@ This module deploys a Virtual Machine with one or multiple NICs and optionally o
 | `Microsoft.Network/publicIPAddresses` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/publicIPAddresses) |
 | `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2023-01-01/vaults/backupFabrics/protectionContainers/protectedItems) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `adminUsername` | securestring |  |  | Administrator username. |
-| `configurationProfile` | string | `''` | `['', /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest, /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction]` | The configuration profile of automanage. |
-| `imageReference` | object |  |  | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. |
-| `nicConfigurations` | array |  |  | Configures NICs and PIPs. |
-| `osDisk` | object |  |  | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object.  Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
-| `osType` | string |  | `[Linux, Windows]` | The chosen OS type. |
-| `vmSize` | string |  |  | Specifies the size for the VMs. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `additionalUnattendContent` | array | `[]` |  | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. |
-| `adminPassword` | securestring | `''` |  | When specifying a Windows Virtual Machine, this value should be passed. |
-| `allowExtensionOperations` | bool | `True` |  | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. |
-| `availabilitySetResourceId` | string | `''` |  | Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. |
-| `availabilityZone` | int | `0` | `[0, 1, 2, 3]` | If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. |
-| `backupPolicyName` | string | `'DefaultPolicy'` |  | Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault. |
-| `backupVaultName` | string | `''` |  | Recovery service vault name to add VMs to backup. |
-| `backupVaultResourceGroup` | string | `[resourceGroup().name]` |  | Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default. |
-| `bootDiagnostics` | bool | `False` |  | Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled. |
-| `bootDiagnosticStorageAccountName` | string | `''` |  | Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided. |
-| `bootDiagnosticStorageAccountUri` | string | `[format('.blob.{0}/', environment().suffixes.storage)]` |  | Storage account boot diagnostic base URI. |
-| `certificatesToBeInstalled` | array | `[]` |  | Specifies set of certificates that should be installed onto the virtual machine. |
-| `computerName` | string | `[parameters('name')]` |  | Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name. |
-| `customData` | string | `''` |  | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. |
-| `dataDisks` | array | `[]` |  | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
-| `dedicatedHostId` | string | `''` |  | Specifies resource ID about the dedicated host that the virtual machine resides in. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `disablePasswordAuthentication` | bool | `False` |  | Specifies whether password authentication should be disabled. |
-| `enableAutomaticUpdates` | bool | `True` |  | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enableEvictionPolicy` | bool | `False` |  | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. |
-| `encryptionAtHost` | bool | `True` |  | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
-| `extensionAadJoinConfig` | object | `{object}` |  | The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionAntiMalwareConfig` | object | `{object}` |  | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionAzureDiskEncryptionConfig` | object | `{object}` |  | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. |
-| `extensionCustomScriptConfig` | object | `{object}` |  | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionCustomScriptProtectedSetting` | secureObject | `{object}` |  | Any object that contains the extension specific protected settings. |
-| `extensionDependencyAgentConfig` | object | `{object}` |  | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionDomainJoinConfig` | object | `{object}` |  | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionDomainJoinPassword` | securestring | `''` |  | Required if name is specified. Password of the user specified in user parameter. |
-| `extensionDSCConfig` | object | `{object}` |  | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionMonitoringAgentConfig` | object | `{object}` |  | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `extensionNetworkWatcherAgentConfig` | object | `{object}` |  | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| `licenseType` | string | `''` | `['', Windows_Client, Windows_Server]` | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `maxPriceForLowPriorityVm` | string | `''` |  | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. |
-| `monitoringWorkspaceId` | string | `''` |  | Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. |
-| `name` | string | `[take(toLower(uniqueString(resourceGroup().name)), 10)]` |  | The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. |
-| `nicdiagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `nicDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` |  | The name of the NIC diagnostic setting, if deployed. |
-| `patchAssessmentMode` | string | `'ImageDefault'` | `[AutomaticByPlatform, ImageDefault]` | VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. |
-| `patchMode` | string | `''` | `['', AutomaticByOS, AutomaticByPlatform, ImageDefault, Manual]` | VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'. |
-| `pipdiagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `pipdiagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `pipDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` |  | The name of the PIP diagnostic setting, if deployed. |
-| `plan` | object | `{object}` |  | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. |
-| `priority` | string | `'Regular'` | `[Low, Regular, Spot]` | Specifies the priority for the virtual machine. |
-| `provisionVMAgent` | bool | `True` |  | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
-| `proximityPlacementGroupResourceId` | string | `''` |  | Resource ID of a proximity placement group. |
-| `publicKeys` | array | `[]` |  | The list of SSH public keys used to authenticate with linux based VMs. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `sasTokenValidityLength` | string | `'PT8H'` |  | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. |
-| `secureBootEnabled` | bool | `False` |  | Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
-| `securityType` | string | `''` |  | Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. |
-| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True". |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `timeZone` | string | `''` |  | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. |
-| `ultraSSDEnabled` | bool | `False` |  | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. |
-| `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. |
-| `vTpmEnabled` | bool | `False` |  | Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings.  SecurityType should be set to TrustedLaunch to enable UefiSettings. |
-| `winRM` | object | `{object}` |  | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. |
-
-**Generated parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `baseTime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a registration token. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the VM. |
-| `resourceGroupName` | string | The name of the resource group the VM was created in. |
-| `resourceId` | string | The resource ID of the VM. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
-
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
-
-| Reference | Type |
-| :-- | :-- |
-| `network/network-interface` | Local reference |
-| `network/public-ip-address` | Local reference |
-| `recovery-services/vault/backup-fabric/protection-container/protected-item` | Local reference |
-
-## Deployment examples
+## Usage examples
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
    >**Note**: The name of each example is based on the name of the file from which it is taken.
 
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Linux</h3>
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.virtual-machine:1.0.0`.
+
+- [Linux](#example-1-linux)
+- [Linux.Atmg](#example-2-linuxatmg)
+- [Linux.Min](#example-3-linuxmin)
+- [Windows](#example-4-windows)
+- [Windows.Atmg](#example-5-windowsatmg)
+- [Windows.Min](#example-6-windowsmin)
+- [Windows.Ssecmk](#example-7-windowsssecmk)
+
+### Example 1: _Linux_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachine './compute/virtual-machine/main.bicep' = {
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmlincom'
   params: {
     // Required parameters
@@ -662,14 +561,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Linux.Atmg</h3>
+### Example 2: _Linux.Atmg_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachine './compute/virtual-machine/main.bicep' = {
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmlinatmg'
   params: {
     // Required parameters
@@ -845,14 +744,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 3: Linux.Min</h3>
+### Example 3: _Linux.Min_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachine './compute/virtual-machine/main.bicep' = {
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmlinmin'
   params: {
     // Required parameters
@@ -982,14 +881,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 4: Windows</h3>
+### Example 4: _Windows_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachine './compute/virtual-machine/main.bicep' = {
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmwincom'
   params: {
     // Required parameters
@@ -1539,14 +1438,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 5: Windows.Atmg</h3>
+### Example 5: _Windows.Atmg_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachine './compute/virtual-machine/main.bicep' = {
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmwinatmg'
   params: {
     // Required parameters
@@ -1672,14 +1571,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 6: Windows.Min</h3>
+### Example 6: _Windows.Min_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachine './compute/virtual-machine/main.bicep' = {
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmwinmin'
   params: {
     // Required parameters
@@ -1789,14 +1688,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 7: Windows.Ssecmk</h3>
+### Example 7: _Windows.Ssecmk_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachine './compute/virtual-machine/main.bicep' = {
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cvmwincmk'
   params: {
     // Required parameters
@@ -1949,6 +1848,633 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {
 <p>
 
 
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`adminUsername`](#parameter-adminusername) | securestring | Administrator username. |
+| [`configurationProfile`](#parameter-configurationprofile) | string | The configuration profile of automanage. |
+| [`imageReference`](#parameter-imagereference) | object | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. |
+| [`nicConfigurations`](#parameter-nicconfigurations) | array | Configures NICs and PIPs. |
+| [`osDisk`](#parameter-osdisk) | object | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object.  Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
+| [`osType`](#parameter-ostype) | string | The chosen OS type. |
+| [`vmSize`](#parameter-vmsize) | string | Specifies the size for the VMs. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`additionalUnattendContent`](#parameter-additionalunattendcontent) | array | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. |
+| [`adminPassword`](#parameter-adminpassword) | securestring | When specifying a Windows Virtual Machine, this value should be passed. |
+| [`allowExtensionOperations`](#parameter-allowextensionoperations) | bool | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. |
+| [`availabilitySetResourceId`](#parameter-availabilitysetresourceid) | string | Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. |
+| [`availabilityZone`](#parameter-availabilityzone) | int | If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. |
+| [`backupPolicyName`](#parameter-backuppolicyname) | string | Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault. |
+| [`backupVaultName`](#parameter-backupvaultname) | string | Recovery service vault name to add VMs to backup. |
+| [`backupVaultResourceGroup`](#parameter-backupvaultresourcegroup) | string | Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default. |
+| [`bootDiagnostics`](#parameter-bootdiagnostics) | bool | Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled. |
+| [`bootDiagnosticStorageAccountName`](#parameter-bootdiagnosticstorageaccountname) | string | Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided. |
+| [`bootDiagnosticStorageAccountUri`](#parameter-bootdiagnosticstorageaccounturi) | string | Storage account boot diagnostic base URI. |
+| [`certificatesToBeInstalled`](#parameter-certificatestobeinstalled) | array | Specifies set of certificates that should be installed onto the virtual machine. |
+| [`computerName`](#parameter-computername) | string | Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name. |
+| [`customData`](#parameter-customdata) | string | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. |
+| [`dataDisks`](#parameter-datadisks) | array | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
+| [`dedicatedHostId`](#parameter-dedicatedhostid) | string | Specifies resource ID about the dedicated host that the virtual machine resides in. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`disablePasswordAuthentication`](#parameter-disablepasswordauthentication) | bool | Specifies whether password authentication should be disabled. |
+| [`enableAutomaticUpdates`](#parameter-enableautomaticupdates) | bool | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enableEvictionPolicy`](#parameter-enableevictionpolicy) | bool | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. |
+| [`encryptionAtHost`](#parameter-encryptionathost) | bool | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
+| [`extensionAadJoinConfig`](#parameter-extensionaadjoinconfig) | object | The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionAntiMalwareConfig`](#parameter-extensionantimalwareconfig) | object | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionAzureDiskEncryptionConfig`](#parameter-extensionazurediskencryptionconfig) | object | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. |
+| [`extensionCustomScriptConfig`](#parameter-extensioncustomscriptconfig) | object | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionCustomScriptProtectedSetting`](#parameter-extensioncustomscriptprotectedsetting) | secureObject | Any object that contains the extension specific protected settings. |
+| [`extensionDependencyAgentConfig`](#parameter-extensiondependencyagentconfig) | object | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionDomainJoinConfig`](#parameter-extensiondomainjoinconfig) | object | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionDomainJoinPassword`](#parameter-extensiondomainjoinpassword) | securestring | Required if name is specified. Password of the user specified in user parameter. |
+| [`extensionDSCConfig`](#parameter-extensiondscconfig) | object | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionMonitoringAgentConfig`](#parameter-extensionmonitoringagentconfig) | object | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionNetworkWatcherAgentConfig`](#parameter-extensionnetworkwatcheragentconfig) | object | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. |
+| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. |
+| [`name`](#parameter-name) | string | The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. |
+| [`nicdiagnosticMetricsToEnable`](#parameter-nicdiagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`nicDiagnosticSettingsName`](#parameter-nicdiagnosticsettingsname) | string | The name of the NIC diagnostic setting, if deployed. |
+| [`patchAssessmentMode`](#parameter-patchassessmentmode) | string | VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. |
+| [`patchMode`](#parameter-patchmode) | string | VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'. |
+| [`pipdiagnosticLogCategoriesToEnable`](#parameter-pipdiagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`pipdiagnosticMetricsToEnable`](#parameter-pipdiagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`pipDiagnosticSettingsName`](#parameter-pipdiagnosticsettingsname) | string | The name of the PIP diagnostic setting, if deployed. |
+| [`plan`](#parameter-plan) | object | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. |
+| [`priority`](#parameter-priority) | string | Specifies the priority for the virtual machine. |
+| [`provisionVMAgent`](#parameter-provisionvmagent) | bool | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
+| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. |
+| [`publicKeys`](#parameter-publickeys) | array | The list of SSH public keys used to authenticate with linux based VMs. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. |
+| [`secureBootEnabled`](#parameter-securebootenabled) | bool | Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
+| [`securityType`](#parameter-securitytype) | string | Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True". |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`timeZone`](#parameter-timezone) | string | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. |
+| [`ultraSSDEnabled`](#parameter-ultrassdenabled) | bool | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+| [`vTpmEnabled`](#parameter-vtpmenabled) | bool | Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings.  SecurityType should be set to TrustedLaunch to enable UefiSettings. |
+| [`winRM`](#parameter-winrm) | object | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. |
+
+**Generated parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. |
+
+### Parameter: `additionalUnattendContent`
+
+Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `adminPassword`
+
+When specifying a Windows Virtual Machine, this value should be passed.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `adminUsername`
+
+Administrator username.
+- Required: Yes
+- Type: securestring
+
+### Parameter: `allowExtensionOperations`
+
+Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `availabilitySetResourceId`
+
+Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `availabilityZone`
+
+If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set.
+- Required: No
+- Type: int
+- Default: `0`
+- Allowed: `[0, 1, 2, 3]`
+
+### Parameter: `backupPolicyName`
+
+Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault.
+- Required: No
+- Type: string
+- Default: `'DefaultPolicy'`
+
+### Parameter: `backupVaultName`
+
+Recovery service vault name to add VMs to backup.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `backupVaultResourceGroup`
+
+Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().name]`
+
+### Parameter: `baseTime`
+
+Do not provide a value! This date value is used to generate a registration token.
+- Required: No
+- Type: string
+- Default: `[utcNow('u')]`
+
+### Parameter: `bootDiagnostics`
+
+Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `bootDiagnosticStorageAccountName`
+
+Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `bootDiagnosticStorageAccountUri`
+
+Storage account boot diagnostic base URI.
+- Required: No
+- Type: string
+- Default: `[format('.blob.{0}/', environment().suffixes.storage)]`
+
+### Parameter: `certificatesToBeInstalled`
+
+Specifies set of certificates that should be installed onto the virtual machine.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `computerName`
+
+Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name.
+- Required: No
+- Type: string
+- Default: `[parameters('name')]`
+
+### Parameter: `configurationProfile`
+
+The configuration profile of automanage.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest, /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction]`
+
+### Parameter: `customData`
+
+Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `dataDisks`
+
+Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `dedicatedHostId`
+
+Specifies resource ID about the dedicated host that the virtual machine resides in.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `disablePasswordAuthentication`
+
+Specifies whether password authentication should be disabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableAutomaticUpdates`
+
+Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableEvictionPolicy`
+
+Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `encryptionAtHost`
+
+This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `extensionAadJoinConfig`
+
+The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionAntiMalwareConfig`
+
+The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionAzureDiskEncryptionConfig`
+
+The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionCustomScriptConfig`
+
+The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionCustomScriptProtectedSetting`
+
+Any object that contains the extension specific protected settings.
+- Required: No
+- Type: secureObject
+- Default: `{object}`
+
+### Parameter: `extensionDependencyAgentConfig`
+
+The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionDomainJoinConfig`
+
+The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionDomainJoinPassword`
+
+Required if name is specified. Password of the user specified in user parameter.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `extensionDSCConfig`
+
+The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionMonitoringAgentConfig`
+
+The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `extensionNetworkWatcherAgentConfig`
+
+The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `imageReference`
+
+OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image.
+- Required: Yes
+- Type: object
+
+### Parameter: `licenseType`
+
+Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Windows_Client, Windows_Server]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `maxPriceForLowPriorityVm`
+
+Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `monitoringWorkspaceId`
+
+Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name.
+- Required: No
+- Type: string
+- Default: `[take(toLower(uniqueString(resourceGroup().name)), 10)]`
+
+### Parameter: `nicConfigurations`
+
+Configures NICs and PIPs.
+- Required: Yes
+- Type: array
+
+### Parameter: `nicdiagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `nicDiagnosticSettingsName`
+
+The name of the NIC diagnostic setting, if deployed.
+- Required: No
+- Type: string
+- Default: `[format('{0}-diagnosticSettings', parameters('name'))]`
+
+### Parameter: `osDisk`
+
+Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object.  Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
+- Required: Yes
+- Type: object
+
+### Parameter: `osType`
+
+The chosen OS type.
+- Required: Yes
+- Type: string
+- Allowed: `[Linux, Windows]`
+
+### Parameter: `patchAssessmentMode`
+
+VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours.
+- Required: No
+- Type: string
+- Default: `'ImageDefault'`
+- Allowed: `[AutomaticByPlatform, ImageDefault]`
+
+### Parameter: `patchMode`
+
+VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', AutomaticByOS, AutomaticByPlatform, ImageDefault, Manual]`
+
+### Parameter: `pipdiagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]`
+
+### Parameter: `pipdiagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `pipDiagnosticSettingsName`
+
+The name of the PIP diagnostic setting, if deployed.
+- Required: No
+- Type: string
+- Default: `[format('{0}-diagnosticSettings', parameters('name'))]`
+
+### Parameter: `plan`
+
+Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `priority`
+
+Specifies the priority for the virtual machine.
+- Required: No
+- Type: string
+- Default: `'Regular'`
+- Allowed: `[Low, Regular, Spot]`
+
+### Parameter: `provisionVMAgent`
+
+Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `proximityPlacementGroupResourceId`
+
+Resource ID of a proximity placement group.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `publicKeys`
+
+The list of SSH public keys used to authenticate with linux based VMs.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `sasTokenValidityLength`
+
+SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.
+- Required: No
+- Type: string
+- Default: `'PT8H'`
+
+### Parameter: `secureBootEnabled`
+
+Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `securityType`
+
+Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True".
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `timeZone`
+
+Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `ultraSSDEnabled`
+
+The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `vmSize`
+
+Specifies the size for the VMs.
+- Required: Yes
+- Type: string
+
+### Parameter: `vTpmEnabled`
+
+Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings.  SecurityType should be set to TrustedLaunch to enable UefiSettings.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `winRM`
+
+Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the VM. |
+| `resourceGroupName` | string | The name of the resource group the VM was created in. |
+| `resourceId` | string | The resource ID of the VM. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/network-interface` | Local reference |
+| `modules/network/public-ip-address` | Local reference |
+| `modules/recovery-services/vault/backup-fabric/protection-container/protected-item` | Local reference |
+
 ## Notes
 
 ### Automanage considerations
diff --git a/modules/compute/virtual-machine/extension/README.md b/modules/compute/virtual-machine/extension/README.md
index 7823c9766b..761c7b4d27 100644
--- a/modules/compute/virtual-machine/extension/README.md
+++ b/modules/compute/virtual-machine/extension/README.md
@@ -19,37 +19,128 @@ This module deploys a Virtual Machine Extension.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `autoUpgradeMinorVersion` | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. |
-| `enableAutomaticUpgrade` | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. |
-| `name` | string | The name of the virtual machine extension. |
-| `publisher` | string | The name of the extension handler publisher. |
-| `type` | string | Specifies the type of the extension; an example is "CustomScriptExtension". |
-| `typeHandlerVersion` | string | Specifies the version of the script handler. |
+| [`autoUpgradeMinorVersion`](#parameter-autoupgrademinorversion) | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. |
+| [`enableAutomaticUpgrade`](#parameter-enableautomaticupgrade) | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. |
+| [`name`](#parameter-name) | string | The name of the virtual machine extension. |
+| [`publisher`](#parameter-publisher) | string | The name of the extension handler publisher. |
+| [`type`](#parameter-type) | string | Specifies the type of the extension; an example is "CustomScriptExtension". |
+| [`typeHandlerVersion`](#parameter-typehandlerversion) | string | Specifies the version of the script handler. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `virtualMachineName` | string | The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment. |
+| [`virtualMachineName`](#parameter-virtualmachinename) | string | The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `forceUpdateTag` | string | `''` | How the extension handler should be forced to update even if the extension configuration has not changed. |
-| `location` | string | `[resourceGroup().location]` | The location the extension is deployed to. |
-| `protectedSettings` | secureObject | `{object}` | Any object that contains the extension specific protected settings. |
-| `settings` | object | `{object}` | Any object that contains the extension specific settings. |
-| `supressFailures` | bool | `False` | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. |
-| `tags` | object | `{object}` | Tags of the resource. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`forceUpdateTag`](#parameter-forceupdatetag) | string | How the extension handler should be forced to update even if the extension configuration has not changed. |
+| [`location`](#parameter-location) | string | The location the extension is deployed to. |
+| [`protectedSettings`](#parameter-protectedsettings) | secureObject | Any object that contains the extension specific protected settings. |
+| [`settings`](#parameter-settings) | object | Any object that contains the extension specific settings. |
+| [`supressFailures`](#parameter-supressfailures) | bool | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+
+### Parameter: `autoUpgradeMinorVersion`
+
+Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true.
+- Required: Yes
+- Type: bool
+
+### Parameter: `enableAutomaticUpgrade`
+
+Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available.
+- Required: Yes
+- Type: bool
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `forceUpdateTag`
+
+How the extension handler should be forced to update even if the extension configuration has not changed.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `location`
+
+The location the extension is deployed to.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+The name of the virtual machine extension.
+- Required: Yes
+- Type: string
+
+### Parameter: `protectedSettings`
+
+Any object that contains the extension specific protected settings.
+- Required: No
+- Type: secureObject
+- Default: `{object}`
+
+### Parameter: `publisher`
+
+The name of the extension handler publisher.
+- Required: Yes
+- Type: string
+
+### Parameter: `settings`
+
+Any object that contains the extension specific settings.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `supressFailures`
+
+Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `type`
+
+Specifies the type of the extension; an example is "CustomScriptExtension".
+- Required: Yes
+- Type: string
+
+### Parameter: `typeHandlerVersion`
+
+Specifies the version of the script handler.
+- Required: Yes
+- Type: string
+
+### Parameter: `virtualMachineName`
+
+The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `location` | string | The location the resource was deployed into. |
 | `name` | string | The name of the extension. |
diff --git a/modules/compute/virtual-machine/extension/main.json b/modules/compute/virtual-machine/extension/main.json
index 9dc0e8298a..782a6fa1ff 100644
--- a/modules/compute/virtual-machine/extension/main.json
+++ b/modules/compute/virtual-machine/extension/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "3227525972274814852"
+      "version": "0.22.6.54827",
+      "templateHash": "16166330808348655128"
     },
     "name": "Virtual Machine Extensions",
     "description": "This module deploys a Virtual Machine Extension.",
diff --git a/modules/compute/virtual-machine/main.json b/modules/compute/virtual-machine/main.json
index 6ba690ab4f..202cf5e053 100644
--- a/modules/compute/virtual-machine/main.json
+++ b/modules/compute/virtual-machine/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "8956159626460319190"
+      "version": "0.22.6.54827",
+      "templateHash": "16514436583417262148"
     },
     "name": "Virtual Machines",
     "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.",
@@ -844,8 +844,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "17678163563393779135"
+              "version": "0.22.6.54827",
+              "templateHash": "8548313386789098939"
             }
           },
           "parameters": {
@@ -999,8 +999,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "1887898957722092173"
+                      "version": "0.22.6.54827",
+                      "templateHash": "4317747709004918530"
                     },
                     "name": "Public IP Addresses",
                     "description": "This module deploys a Public IP Address.",
@@ -1333,8 +1333,8 @@
                           "metadata": {
                             "_generator": {
                               "name": "bicep",
-                              "version": "0.21.1.54444",
-                              "templateHash": "7328126239184883887"
+                              "version": "0.22.6.54827",
+                              "templateHash": "9976109177347918049"
                             }
                           },
                           "parameters": {
@@ -1585,8 +1585,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "5974456600868040376"
+                      "version": "0.22.6.54827",
+                      "templateHash": "14479255820598719580"
                     },
                     "name": "Network Interface",
                     "description": "This module deploys a Network Interface.",
@@ -1888,8 +1888,8 @@
                           "metadata": {
                             "_generator": {
                               "name": "bicep",
-                              "version": "0.21.1.54444",
-                              "templateHash": "10645923556503351364"
+                              "version": "0.22.6.54827",
+                              "templateHash": "11518733977101662334"
                             }
                           },
                           "parameters": {
@@ -2105,8 +2105,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "3227525972274814852"
+              "version": "0.22.6.54827",
+              "templateHash": "16166330808348655128"
             },
             "name": "Virtual Machine Extensions",
             "description": "This module deploys a Virtual Machine Extension.",
@@ -2320,8 +2320,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "3227525972274814852"
+              "version": "0.22.6.54827",
+              "templateHash": "16166330808348655128"
             },
             "name": "Virtual Machine Extensions",
             "description": "This module deploys a Virtual Machine Extension.",
@@ -2530,8 +2530,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "3227525972274814852"
+              "version": "0.22.6.54827",
+              "templateHash": "16166330808348655128"
             },
             "name": "Virtual Machine Extensions",
             "description": "This module deploys a Virtual Machine Extension.",
@@ -2745,8 +2745,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "3227525972274814852"
+              "version": "0.22.6.54827",
+              "templateHash": "16166330808348655128"
             },
             "name": "Virtual Machine Extensions",
             "description": "This module deploys a Virtual Machine Extension.",
@@ -2950,8 +2950,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "3227525972274814852"
+              "version": "0.22.6.54827",
+              "templateHash": "16166330808348655128"
             },
             "name": "Virtual Machine Extensions",
             "description": "This module deploys a Virtual Machine Extension.",
@@ -3155,8 +3155,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "3227525972274814852"
+              "version": "0.22.6.54827",
+              "templateHash": "16166330808348655128"
             },
             "name": "Virtual Machine Extensions",
             "description": "This module deploys a Virtual Machine Extension.",
@@ -3364,8 +3364,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "3227525972274814852"
+              "version": "0.22.6.54827",
+              "templateHash": "16166330808348655128"
             },
             "name": "Virtual Machine Extensions",
             "description": "This module deploys a Virtual Machine Extension.",
@@ -3581,8 +3581,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "3227525972274814852"
+              "version": "0.22.6.54827",
+              "templateHash": "16166330808348655128"
             },
             "name": "Virtual Machine Extensions",
             "description": "This module deploys a Virtual Machine Extension.",
@@ -3791,8 +3791,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "3227525972274814852"
+              "version": "0.22.6.54827",
+              "templateHash": "16166330808348655128"
             },
             "name": "Virtual Machine Extensions",
             "description": "This module deploys a Virtual Machine Extension.",
@@ -4003,8 +4003,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "10079924922844886000"
+              "version": "0.22.6.54827",
+              "templateHash": "7148492251760573310"
             },
             "name": "Recovery Service Vaults Protection Container Protected Item",
             "description": "This module deploys a Recovery Services Vault Protection Container Protected Item.",
@@ -4172,8 +4172,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "11877341194593849245"
+              "version": "0.22.6.54827",
+              "templateHash": "16523538632311306099"
             }
           },
           "parameters": {
diff --git a/modules/consumption/budget/.test/common/main.test.bicep b/modules/consumption/budget/.test/common/main.test.bicep
index 0b3044a0e3..7668018aae 100644
--- a/modules/consumption/budget/.test/common/main.test.bicep
+++ b/modules/consumption/budget/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/consumption/budget/.test/min/main.test.bicep b/modules/consumption/budget/.test/min/main.test.bicep
index cd1da3812e..a76b439216 100644
--- a/modules/consumption/budget/.test/min/main.test.bicep
+++ b/modules/consumption/budget/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/consumption/budget/README.md b/modules/consumption/budget/README.md
index 191cc3a890..59a1e90b16 100644
--- a/modules/consumption/budget/README.md
+++ b/modules/consumption/budget/README.md
@@ -4,75 +4,41 @@ This module deploys a Consumption Budget for Subscriptions.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
 | `Microsoft.Consumption/budgets` | [2021-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Consumption/2021-10-01/budgets) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `amount` | int | The total amount of cost or usage to track with the budget. |
-| `name` | string | The name of the budget. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `actionGroups` | array | List of action group resource IDs that will receive the alert. Required if neither `contactEmails` nor `contactEmails` was provided. |
-| `contactEmails` | array | The list of email addresses to send the budget notification to when the thresholds are exceeded. Required if neither `contactRoles` nor `actionGroups` was provided. |
-| `contactRoles` | array | The list of contact roles to send the budget notification to when the thresholds are exceeded. Required if neither `contactEmails` nor `actionGroups` was provided. |
+## Usage examples
 
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `category` | string | `'Cost'` | `[Cost, Usage]` | The category of the budget, whether the budget tracks cost or usage. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `endDate` | string | `''` |  | The end date for the budget. If not provided, it will default to 10 years from the start date. |
-| `location` | string | `[deployment().location]` |  | Location deployment metadata. |
-| `resetPeriod` | string | `'Monthly'` | `[Annually, BillingAnnual, BillingMonth, BillingQuarter, Monthly, Quarterly]` | The time covered by a budget. Tracking of the amount will be reset based on the time grain. BillingMonth, BillingQuarter, and BillingAnnual are only supported by WD customers. |
-| `startDate` | string | `[format('{0}-{1}-01T00:00:00Z', utcNow('yyyy'), utcNow('MM'))]` |  | The start date for the budget. Start date should be the first day of the month and cannot be in the past (except for the current month). |
-| `thresholds` | array | `[50, 75, 90, 100, 110]` |  | Percent thresholds of budget for when to get a notification. Can be up to 5 thresholds, where each must be between 1 and 1000. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the budget. |
-| `resourceId` | string | The resource ID of the budget. |
-| `subscriptionName` | string | The subscription the budget was deployed into. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/consumption.budget:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module budget './consumption/budget/main.bicep' = {
+module budget 'br:bicep/modules/consumption.budget:1.0.0' = {
   name: '${uniqueString(deployment().name)}-test-cbcom'
   params: {
     // Required parameters
@@ -138,14 +104,17 @@ module budget './consumption/budget/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module budget './consumption/budget/main.bicep' = {
+module budget 'br:bicep/modules/consumption.budget:1.0.0' = {
   name: '${uniqueString(deployment().name)}-test-cbmin'
   params: {
     // Required parameters
@@ -194,3 +163,130 @@ module budget './consumption/budget/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`amount`](#parameter-amount) | int | The total amount of cost or usage to track with the budget. |
+| [`name`](#parameter-name) | string | The name of the budget. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`actionGroups`](#parameter-actiongroups) | array | List of action group resource IDs that will receive the alert. Required if neither `contactEmails` nor `contactEmails` was provided. |
+| [`contactEmails`](#parameter-contactemails) | array | The list of email addresses to send the budget notification to when the thresholds are exceeded. Required if neither `contactRoles` nor `actionGroups` was provided. |
+| [`contactRoles`](#parameter-contactroles) | array | The list of contact roles to send the budget notification to when the thresholds are exceeded. Required if neither `contactEmails` nor `actionGroups` was provided. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`category`](#parameter-category) | string | The category of the budget, whether the budget tracks cost or usage. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`endDate`](#parameter-enddate) | string | The end date for the budget. If not provided, it will default to 10 years from the start date. |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`resetPeriod`](#parameter-resetperiod) | string | The time covered by a budget. Tracking of the amount will be reset based on the time grain. BillingMonth, BillingQuarter, and BillingAnnual are only supported by WD customers. |
+| [`startDate`](#parameter-startdate) | string | The start date for the budget. Start date should be the first day of the month and cannot be in the past (except for the current month). |
+| [`thresholds`](#parameter-thresholds) | array | Percent thresholds of budget for when to get a notification. Can be up to 5 thresholds, where each must be between 1 and 1000. |
+
+### Parameter: `actionGroups`
+
+List of action group resource IDs that will receive the alert. Required if neither `contactEmails` nor `contactEmails` was provided.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `amount`
+
+The total amount of cost or usage to track with the budget.
+- Required: Yes
+- Type: int
+
+### Parameter: `category`
+
+The category of the budget, whether the budget tracks cost or usage.
+- Required: No
+- Type: string
+- Default: `'Cost'`
+- Allowed: `[Cost, Usage]`
+
+### Parameter: `contactEmails`
+
+The list of email addresses to send the budget notification to when the thresholds are exceeded. Required if neither `contactRoles` nor `actionGroups` was provided.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `contactRoles`
+
+The list of contact roles to send the budget notification to when the thresholds are exceeded. Required if neither `contactEmails` nor `actionGroups` was provided.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `endDate`
+
+The end date for the budget. If not provided, it will default to 10 years from the start date.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `name`
+
+The name of the budget.
+- Required: Yes
+- Type: string
+
+### Parameter: `resetPeriod`
+
+The time covered by a budget. Tracking of the amount will be reset based on the time grain. BillingMonth, BillingQuarter, and BillingAnnual are only supported by WD customers.
+- Required: No
+- Type: string
+- Default: `'Monthly'`
+- Allowed: `[Annually, BillingAnnual, BillingMonth, BillingQuarter, Monthly, Quarterly]`
+
+### Parameter: `startDate`
+
+The start date for the budget. Start date should be the first day of the month and cannot be in the past (except for the current month).
+- Required: No
+- Type: string
+- Default: `[format('{0}-{1}-01T00:00:00Z', utcNow('yyyy'), utcNow('MM'))]`
+
+### Parameter: `thresholds`
+
+Percent thresholds of budget for when to get a notification. Can be up to 5 thresholds, where each must be between 1 and 1000.
+- Required: No
+- Type: array
+- Default: `[50, 75, 90, 100, 110]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the budget. |
+| `resourceId` | string | The resource ID of the budget. |
+| `subscriptionName` | string | The subscription the budget was deployed into. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/consumption/budget/main.json b/modules/consumption/budget/main.json
index 5b676a256c..a65a1bbfe8 100644
--- a/modules/consumption/budget/main.json
+++ b/modules/consumption/budget/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "14854724529401221825"
+      "version": "0.22.6.54827",
+      "templateHash": "2760526032764483110"
     },
     "name": "Consumption Budgets",
     "description": "This module deploys a Consumption Budget for Subscriptions.",
diff --git a/modules/container-instance/container-group/.test/common/main.test.bicep b/modules/container-instance/container-group/.test/common/main.test.bicep
index d514033d8f..76374c71e0 100644
--- a/modules/container-instance/container-group/.test/common/main.test.bicep
+++ b/modules/container-instance/container-group/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/container-instance/container-group/.test/min/main.test.bicep b/modules/container-instance/container-group/.test/min/main.test.bicep
index 6136c721aa..240ce76d42 100644
--- a/modules/container-instance/container-group/.test/min/main.test.bicep
+++ b/modules/container-instance/container-group/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/container-instance/container-group/README.md b/modules/container-instance/container-group/README.md
index 9e02a54f3c..f482faa1ad 100644
--- a/modules/container-instance/container-group/README.md
+++ b/modules/container-instance/container-group/README.md
@@ -4,93 +4,45 @@ This module deploys a Container Instance Container Group.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 - [Notes](#Notes)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
 | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
 | `Microsoft.ContainerInstance/containerGroups` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerInstance/2022-09-01/containerGroups) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `containers` | array | The containers and their respective config within the container group. |
-| `name` | string | Name for the container group. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. |
-| `ipAddressPorts` | array | `[]` | Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `autoGeneratedDomainNameLabelScope` | string | `'TenantReuse'` | `[Noreuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse, Unsecure]` | Specify level of protection of the domain name label. |
-| `cMKKeyName` | string | `''` |  | The name of the customer managed key to use for encryption. |
-| `cMKKeyVaultResourceId` | string | `''` |  | The resource ID of a key vault to reference a customer managed key for encryption from. |
-| `cMKKeyVersion` | string | `''` |  | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
-| `dnsNameLabel` | string | `''` |  | The Dns name label for the resource. |
-| `dnsNameServers` | array | `[]` |  | List of dns servers used by the containers for lookups. |
-| `dnsSearchDomains` | string | `''` |  | DNS search domain which will be appended to each DNS lookup. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `imageRegistryCredentials` | array | `[]` |  | The image registry credentials by which the container group is created from. |
-| `initContainers` | array | `[]` |  | A list of container definitions which will be executed before the application container starts. |
-| `ipAddressType` | string | `'Public'` | `[Private, Public]` | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all Resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `osType` | string | `'Linux'` |  | The operating system type required by the containers in the container group. - Windows or Linux. |
-| `restartPolicy` | string | `'Always'` | `[Always, Never, OnFailure]` | Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. |
-| `sku` | string | `'Standard'` | `[Dedicated, Standard]` | The container group SKU. |
-| `subnetId` | string | `''` |  | Resource ID of the subnet. Only specify when ipAddressType is Private. |
-| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. |
-| `volumes` | array | `[]` |  | Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup. |
+## Usage examples
 
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `iPv4Address` | string | The IPv4 address of the container group. |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the container group. |
-| `resourceGroupName` | string | The resource group the container group was deployed into. |
-| `resourceId` | string | The resource ID of the container group. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/container-instance.container-group:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Encr](#example-2-encr)
+- [Using only defaults](#example-3-using-only-defaults)
+- [Private](#example-4-private)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module containerGroup './container-instance/container-group/main.bicep' = {
+module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cicgcom'
   params: {
     // Required parameters
@@ -272,14 +224,14 @@ module containerGroup './container-instance/container-group/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Encr</h3>
+### Example 2: _Encr_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module containerGroup './container-instance/container-group/main.bicep' = {
+module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cicgenc'
   params: {
     // Required parameters
@@ -473,14 +425,17 @@ module containerGroup './container-instance/container-group/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 3: Min</h3>
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module containerGroup './container-instance/container-group/main.bicep' = {
+module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cicgmin'
   params: {
     // Required parameters
@@ -574,14 +529,14 @@ module containerGroup './container-instance/container-group/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 4: Private</h3>
+### Example 4: _Private_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module containerGroup './container-instance/container-group/main.bicep' = {
+module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-cicgprivate'
   params: {
     // Required parameters
@@ -806,6 +761,242 @@ module containerGroup './container-instance/container-group/main.bicep' = {
 <p>
 
 
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`containers`](#parameter-containers) | array | The containers and their respective config within the container group. |
+| [`name`](#parameter-name) | string | Name for the container group. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. |
+| [`ipAddressPorts`](#parameter-ipaddressports) | array | Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`autoGeneratedDomainNameLabelScope`](#parameter-autogenerateddomainnamelabelscope) | string | Specify level of protection of the domain name label. |
+| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. |
+| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. |
+| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
+| [`dnsNameLabel`](#parameter-dnsnamelabel) | string | The Dns name label for the resource. |
+| [`dnsNameServers`](#parameter-dnsnameservers) | array | List of dns servers used by the containers for lookups. |
+| [`dnsSearchDomains`](#parameter-dnssearchdomains) | string | DNS search domain which will be appended to each DNS lookup. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`imageRegistryCredentials`](#parameter-imageregistrycredentials) | array | The image registry credentials by which the container group is created from. |
+| [`initContainers`](#parameter-initcontainers) | array | A list of container definitions which will be executed before the application container starts. |
+| [`ipAddressType`](#parameter-ipaddresstype) | string | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`osType`](#parameter-ostype) | string | The operating system type required by the containers in the container group. - Windows or Linux. |
+| [`restartPolicy`](#parameter-restartpolicy) | string | Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. |
+| [`sku`](#parameter-sku) | string | The container group SKU. |
+| [`subnetId`](#parameter-subnetid) | string | Resource ID of the subnet. Only specify when ipAddressType is Private. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+| [`volumes`](#parameter-volumes) | array | Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup. |
+
+### Parameter: `autoGeneratedDomainNameLabelScope`
+
+Specify level of protection of the domain name label.
+- Required: No
+- Type: string
+- Default: `'TenantReuse'`
+- Allowed: `[Noreuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse, Unsecure]`
+
+### Parameter: `cMKKeyName`
+
+The name of the customer managed key to use for encryption.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVaultResourceId`
+
+The resource ID of a key vault to reference a customer managed key for encryption from.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVersion`
+
+The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKUserAssignedIdentityResourceId`
+
+User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `containers`
+
+The containers and their respective config within the container group.
+- Required: Yes
+- Type: array
+
+### Parameter: `dnsNameLabel`
+
+The Dns name label for the resource.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `dnsNameServers`
+
+List of dns servers used by the containers for lookups.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `dnsSearchDomains`
+
+DNS search domain which will be appended to each DNS lookup.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `imageRegistryCredentials`
+
+The image registry credentials by which the container group is created from.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `initContainers`
+
+A list of container definitions which will be executed before the application container starts.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `ipAddressPorts`
+
+Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `ipAddressType`
+
+Specifies if the IP is exposed to the public internet or private VNET. - Public or Private.
+- Required: No
+- Type: string
+- Default: `'Public'`
+- Allowed: `[Private, Public]`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name for the container group.
+- Required: Yes
+- Type: string
+
+### Parameter: `osType`
+
+The operating system type required by the containers in the container group. - Windows or Linux.
+- Required: No
+- Type: string
+- Default: `'Linux'`
+
+### Parameter: `restartPolicy`
+
+Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never.
+- Required: No
+- Type: string
+- Default: `'Always'`
+- Allowed: `[Always, Never, OnFailure]`
+
+### Parameter: `sku`
+
+The container group SKU.
+- Required: No
+- Type: string
+- Default: `'Standard'`
+- Allowed: `[Dedicated, Standard]`
+
+### Parameter: `subnetId`
+
+Resource ID of the subnet. Only specify when ipAddressType is Private.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `volumes`
+
+Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup.
+- Required: No
+- Type: array
+- Default: `[]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `iPv4Address` | string | The IPv4 address of the container group. |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the container group. |
+| `resourceGroupName` | string | The resource group the container group was deployed into. |
+| `resourceId` | string | The resource ID of the container group. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+_None_
+
 ## Notes
 
 ### Parameter Usage: `imageRegistryCredentials`
diff --git a/modules/container-instance/container-group/main.json b/modules/container-instance/container-group/main.json
index cf3d24c34f..de3ed088b2 100644
--- a/modules/container-instance/container-group/main.json
+++ b/modules/container-instance/container-group/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "1590771633757024092"
+      "version": "0.22.6.54827",
+      "templateHash": "3196122826827836156"
     },
     "name": "Container Instances Container Groups",
     "description": "This module deploys a Container Instance Container Group.",
diff --git a/modules/container-registry/registry/.test/common/main.test.bicep b/modules/container-registry/registry/.test/common/main.test.bicep
index 46df910a1b..1cba142a21 100644
--- a/modules/container-registry/registry/.test/common/main.test.bicep
+++ b/modules/container-registry/registry/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/container-registry/registry/.test/min/main.test.bicep b/modules/container-registry/registry/.test/min/main.test.bicep
index b861c01634..0db5d24fdd 100644
--- a/modules/container-registry/registry/.test/min/main.test.bicep
+++ b/modules/container-registry/registry/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/container-registry/registry/README.md b/modules/container-registry/registry/README.md
index 0a5487152b..a9d87096e0 100644
--- a/modules/container-registry/registry/README.md
+++ b/modules/container-registry/registry/README.md
@@ -4,13 +4,13 @@ This module deploys an Azure Container Registry (ACR).
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -24,98 +24,31 @@ This module deploys an Azure Container Registry (ACR).
 | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) |
 | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of your Azure container registry. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Note, CMK requires the 'acrSku' to be 'Premium'. Required if 'cMKKeyName' is not empty. |
+## Usage examples
 
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `acrAdminUserEnabled` | bool | `False` |  | Enable admin user that have push / pull permission to the registry. |
-| `acrSku` | string | `'Basic'` | `[Basic, Premium, Standard]` | Tier of your Azure container registry. |
-| `anonymousPullEnabled` | bool | `False` |  | Enables registry-wide pull from unauthenticated clients. It's in preview and available in the Standard and Premium service tiers. |
-| `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. |
-| `cacheRules` | _[cacheRules](cache-rules/README.md)_ array | `[]` |  | Array of Cache Rules. Note: This is a preview feature ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache#cache-for-acr-preview)). |
-| `cMKKeyName` | string | `''` |  | The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. |
-| `cMKKeyVaultResourceId` | string | `''` |  | The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. |
-| `cMKKeyVersion` | string | `''` |  | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
-| `dataEndpointEnabled` | bool | `False` |  | Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the 'acrSku' to be 'Premium'. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ContainerRegistryLoginEvents, ContainerRegistryRepositoryEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` |  | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `exportPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the export policy is enabled or not. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `networkRuleBypassOptions` | string | `'AzureServices'` | `[AzureServices, None]` | Whether to allow trusted Azure services to access a network restricted registry. |
-| `networkRuleSetDefaultAction` | string | `'Deny'` | `[Allow, Deny]` | The default action of allow or deny when no other rules match. |
-| `networkRuleSetIpRules` | array | `[]` |  | The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. |
-| `privateEndpoints` | array | `[]` |  | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'acrSku' to be 'Premium'. |
-| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set.  Note, requires the 'acrSku' to be 'Premium'. |
-| `quarantinePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the quarantine policy is enabled or not. |
-| `replications` | array | `[]` |  | All replications to create. |
-| `retentionPolicyDays` | int | `15` |  | The number of days to retain an untagged manifest after which it gets purged. |
-| `retentionPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the retention policy is enabled or not. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `softDeletePolicyDays` | int | `7` |  | The number of days after which a soft-deleted item is permanently deleted. |
-| `softDeletePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | Soft Delete policy status. Default is disabled. |
-| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `trustPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the trust policy is enabled or not. |
-| `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. |
-| `webhooks` | array | `[]` |  | All webhooks to create. |
-| `zoneRedundancy` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether or not zone redundancy is enabled for this container registry. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `loginServer` | string | The reference to the Azure container registry. |
-| `name` | string | The Name of the Azure container registry. |
-| `resourceGroupName` | string | The name of the Azure container registry. |
-| `resourceId` | string | The resource ID of the Azure container registry. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/container-registry.registry:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Encr](#example-2-encr)
+- [Using only defaults](#example-3-using-only-defaults)
+- [Pe](#example-4-pe)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module registry './container-registry/registry/main.bicep' = {
+module registry 'br:bicep/modules/container-registry.registry:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-crrcom'
   params: {
     // Required parameters
@@ -347,14 +280,14 @@ module registry './container-registry/registry/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Encr</h3>
+### Example 2: _Encr_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module registry './container-registry/registry/main.bicep' = {
+module registry 'br:bicep/modules/container-registry.registry:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-crrencr'
   params: {
     // Required parameters
@@ -432,14 +365,17 @@ module registry './container-registry/registry/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 3: Min</h3>
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module registry './container-registry/registry/main.bicep' = {
+module registry 'br:bicep/modules/container-registry.registry:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-crrmin'
   params: {
     // Required parameters
@@ -477,14 +413,14 @@ module registry './container-registry/registry/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 4: Pe</h3>
+### Example 4: _Pe_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module registry './container-registry/registry/main.bicep' = {
+module registry 'br:bicep/modules/container-registry.registry:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-crrpe'
   params: {
     // Required parameters
@@ -571,3 +507,374 @@ module registry './container-registry/registry/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of your Azure container registry. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Note, CMK requires the 'acrSku' to be 'Premium'. Required if 'cMKKeyName' is not empty. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`acrAdminUserEnabled`](#parameter-acradminuserenabled) | bool | Enable admin user that have push / pull permission to the registry. |
+| [`acrSku`](#parameter-acrsku) | string | Tier of your Azure container registry. |
+| [`anonymousPullEnabled`](#parameter-anonymouspullenabled) | bool | Enables registry-wide pull from unauthenticated clients. It's in preview and available in the Standard and Premium service tiers. |
+| [`azureADAuthenticationAsArmPolicyStatus`](#parameter-azureadauthenticationasarmpolicystatus) | string | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. |
+| [`cacheRules`](#parameter-cacherules) | array | Array of Cache Rules. Note: This is a preview feature ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache#cache-for-acr-preview)). |
+| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. |
+| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. |
+| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
+| [`dataEndpointEnabled`](#parameter-dataendpointenabled) | bool | Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the 'acrSku' to be 'Premium'. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`exportPolicyStatus`](#parameter-exportpolicystatus) | string | The value that indicates whether the export policy is enabled or not. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`networkRuleBypassOptions`](#parameter-networkrulebypassoptions) | string | Whether to allow trusted Azure services to access a network restricted registry. |
+| [`networkRuleSetDefaultAction`](#parameter-networkrulesetdefaultaction) | string | The default action of allow or deny when no other rules match. |
+| [`networkRuleSetIpRules`](#parameter-networkrulesetiprules) | array | The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. |
+| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'acrSku' to be 'Premium'. |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set.  Note, requires the 'acrSku' to be 'Premium'. |
+| [`quarantinePolicyStatus`](#parameter-quarantinepolicystatus) | string | The value that indicates whether the quarantine policy is enabled or not. |
+| [`replications`](#parameter-replications) | array | All replications to create. |
+| [`retentionPolicyDays`](#parameter-retentionpolicydays) | int | The number of days to retain an untagged manifest after which it gets purged. |
+| [`retentionPolicyStatus`](#parameter-retentionpolicystatus) | string | The value that indicates whether the retention policy is enabled or not. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`softDeletePolicyDays`](#parameter-softdeletepolicydays) | int | The number of days after which a soft-deleted item is permanently deleted. |
+| [`softDeletePolicyStatus`](#parameter-softdeletepolicystatus) | string | Soft Delete policy status. Default is disabled. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`trustPolicyStatus`](#parameter-trustpolicystatus) | string | The value that indicates whether the trust policy is enabled or not. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+| [`webhooks`](#parameter-webhooks) | array | All webhooks to create. |
+| [`zoneRedundancy`](#parameter-zoneredundancy) | string | Whether or not zone redundancy is enabled for this container registry. |
+
+### Parameter: `acrAdminUserEnabled`
+
+Enable admin user that have push / pull permission to the registry.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `acrSku`
+
+Tier of your Azure container registry.
+- Required: No
+- Type: string
+- Default: `'Basic'`
+- Allowed: `[Basic, Premium, Standard]`
+
+### Parameter: `anonymousPullEnabled`
+
+Enables registry-wide pull from unauthenticated clients. It's in preview and available in the Standard and Premium service tiers.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `azureADAuthenticationAsArmPolicyStatus`
+
+The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled.
+- Required: No
+- Type: string
+- Default: `'enabled'`
+- Allowed: `[disabled, enabled]`
+
+### Parameter: `cacheRules`
+
+Array of Cache Rules. Note: This is a preview feature ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache#cache-for-acr-preview)).
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `cMKKeyName`
+
+The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVaultResourceId`
+
+The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVersion`
+
+The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKUserAssignedIdentityResourceId`
+
+User assigned identity to use when fetching the customer managed key. Note, CMK requires the 'acrSku' to be 'Premium'. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `dataEndpointEnabled`
+
+Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the 'acrSku' to be 'Premium'.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, ContainerRegistryLoginEvents, ContainerRegistryRepositoryEvents]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `exportPolicyStatus`
+
+The value that indicates whether the export policy is enabled or not.
+- Required: No
+- Type: string
+- Default: `'disabled'`
+- Allowed: `[disabled, enabled]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of your Azure container registry.
+- Required: Yes
+- Type: string
+
+### Parameter: `networkRuleBypassOptions`
+
+Whether to allow trusted Azure services to access a network restricted registry.
+- Required: No
+- Type: string
+- Default: `'AzureServices'`
+- Allowed: `[AzureServices, None]`
+
+### Parameter: `networkRuleSetDefaultAction`
+
+The default action of allow or deny when no other rules match.
+- Required: No
+- Type: string
+- Default: `'Deny'`
+- Allowed: `[Allow, Deny]`
+
+### Parameter: `networkRuleSetIpRules`
+
+The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `privateEndpoints`
+
+Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'acrSku' to be 'Premium'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `publicNetworkAccess`
+
+Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set.  Note, requires the 'acrSku' to be 'Premium'.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Disabled, Enabled]`
+
+### Parameter: `quarantinePolicyStatus`
+
+The value that indicates whether the quarantine policy is enabled or not.
+- Required: No
+- Type: string
+- Default: `'disabled'`
+- Allowed: `[disabled, enabled]`
+
+### Parameter: `replications`
+
+All replications to create.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `retentionPolicyDays`
+
+The number of days to retain an untagged manifest after which it gets purged.
+- Required: No
+- Type: int
+- Default: `15`
+
+### Parameter: `retentionPolicyStatus`
+
+The value that indicates whether the retention policy is enabled or not.
+- Required: No
+- Type: string
+- Default: `'enabled'`
+- Allowed: `[disabled, enabled]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `softDeletePolicyDays`
+
+The number of days after which a soft-deleted item is permanently deleted.
+- Required: No
+- Type: int
+- Default: `7`
+
+### Parameter: `softDeletePolicyStatus`
+
+Soft Delete policy status. Default is disabled.
+- Required: No
+- Type: string
+- Default: `'disabled'`
+- Allowed: `[disabled, enabled]`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `trustPolicyStatus`
+
+The value that indicates whether the trust policy is enabled or not.
+- Required: No
+- Type: string
+- Default: `'disabled'`
+- Allowed: `[disabled, enabled]`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `webhooks`
+
+All webhooks to create.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `zoneRedundancy`
+
+Whether or not zone redundancy is enabled for this container registry.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `loginServer` | string | The reference to the Azure container registry. |
+| `name` | string | The Name of the Azure container registry. |
+| `resourceGroupName` | string | The name of the Azure container registry. |
+| `resourceId` | string | The resource ID of the Azure container registry. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/private-endpoint` | Local reference |
diff --git a/modules/container-registry/registry/cache-rules/README.md b/modules/container-registry/registry/cache-rules/README.md
index 80f65eb47b..75303e848b 100644
--- a/modules/container-registry/registry/cache-rules/README.md
+++ b/modules/container-registry/registry/cache-rules/README.md
@@ -19,24 +19,64 @@ Cache for Azure Container Registry (Preview) feature allows users to cache conta
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `registryName` | string | The name of the parent registry. Required if the template is used in a standalone deployment. |
-| `sourceRepository` | string | Source repository pulled from upstream. |
+| [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. |
+| [`sourceRepository`](#parameter-sourcerepository) | string | Source repository pulled from upstream. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `credentialSetResourceId` | string | `''` | The resource ID of the credential store which is associated with the cache rule. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `name` | string | `[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]` | The name of the cache rule. Will be dereived from the source repository name if not defined. |
-| `targetRepository` | string | `[parameters('sourceRepository')]` | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`credentialSetResourceId`](#parameter-credentialsetresourceid) | string | The resource ID of the credential store which is associated with the cache rule. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`name`](#parameter-name) | string | The name of the cache rule. Will be dereived from the source repository name if not defined. |
+| [`targetRepository`](#parameter-targetrepository) | string | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. |
+
+### Parameter: `credentialSetResourceId`
+
+The resource ID of the credential store which is associated with the cache rule.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the cache rule. Will be dereived from the source repository name if not defined.
+- Required: No
+- Type: string
+- Default: `[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]`
+
+### Parameter: `registryName`
+
+The name of the parent registry. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `sourceRepository`
+
+Source repository pulled from upstream.
+- Required: Yes
+- Type: string
+
+### Parameter: `targetRepository`
+
+Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}.
+- Required: No
+- Type: string
+- Default: `[parameters('sourceRepository')]`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The Name of the Cache Rule. |
 | `resourceGroupName` | string | The name of the Cache Rule. |
diff --git a/modules/container-registry/registry/cache-rules/main.json b/modules/container-registry/registry/cache-rules/main.json
index 83a945758f..05e6d97ffd 100644
--- a/modules/container-registry/registry/cache-rules/main.json
+++ b/modules/container-registry/registry/cache-rules/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "8306764349327428733"
+      "version": "0.22.6.54827",
+      "templateHash": "6694265508496204217"
     },
     "name": "Container Registries Cache",
     "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).",
diff --git a/modules/container-registry/registry/main.json b/modules/container-registry/registry/main.json
index 6ffdf39a75..eb1edb3019 100644
--- a/modules/container-registry/registry/main.json
+++ b/modules/container-registry/registry/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "14469522788734895645"
+      "version": "0.22.6.54827",
+      "templateHash": "810724730181048401"
     },
     "name": "Azure Container Registries (ACR)",
     "description": "This module deploys an Azure Container Registry (ACR).",
@@ -505,8 +505,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "9951681110843116683"
+              "version": "0.22.6.54827",
+              "templateHash": "3105247041693395359"
             },
             "name": "Azure Container Registry (ACR) Replications",
             "description": "This module deploys an Azure Container Registry (ACR) Replication.",
@@ -661,8 +661,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "14358887700222348175"
+              "version": "0.22.6.54827",
+              "templateHash": "6694265508496204217"
             },
             "name": "Container Registries Cache",
             "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).",
@@ -804,8 +804,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "10631233428813928982"
+              "version": "0.22.6.54827",
+              "templateHash": "6585565654056170037"
             },
             "name": "Azure Container Registry (ACR) Webhooks",
             "description": "This module deploys an Azure Container Registry (ACR) Webhook.",
@@ -1014,8 +1014,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "10926055476825540288"
+              "version": "0.22.6.54827",
+              "templateHash": "16788652740395923269"
             }
           },
           "parameters": {
@@ -1180,8 +1180,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "14580007913383558904"
+              "version": "0.22.6.54827",
+              "templateHash": "2884140170473394983"
             },
             "name": "Private Endpoints",
             "description": "This module deploys a Private Endpoint.",
@@ -1380,8 +1380,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "2469208411936339153"
+                      "version": "0.22.6.54827",
+                      "templateHash": "5610247137574346230"
                     },
                     "name": "Private Endpoint Private DNS Zone Groups",
                     "description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -1518,8 +1518,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "13032708393704093995"
+                      "version": "0.22.6.54827",
+                      "templateHash": "14351187799927334028"
                     }
                   },
                   "parameters": {
diff --git a/modules/container-registry/registry/replication/README.md b/modules/container-registry/registry/replication/README.md
index 1c164a9f05..186c4b5e69 100644
--- a/modules/container-registry/registry/replication/README.md
+++ b/modules/container-registry/registry/replication/README.md
@@ -19,30 +19,78 @@ This module deploys an Azure Container Registry (ACR) Replication.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `name` | string | The name of the replication. |
+| [`name`](#parameter-name) | string | The name of the replication. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `registryName` | string | The name of the parent registry. Required if the template is used in a standalone deployment. |
+| [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `regionEndpointEnabled` | bool | `True` |  | Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `zoneRedundancy` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether or not zone redundancy is enabled for this container registry. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`regionEndpointEnabled`](#parameter-regionendpointenabled) | bool | Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`zoneRedundancy`](#parameter-zoneredundancy) | string | Whether or not zone redundancy is enabled for this container registry. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+The name of the replication.
+- Required: Yes
+- Type: string
+
+### Parameter: `regionEndpointEnabled`
+
+Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `registryName`
+
+The name of the parent registry. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `zoneRedundancy`
+
+Whether or not zone redundancy is enabled for this container registry.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `location` | string | The location the resource was deployed into. |
 | `name` | string | The name of the replication. |
diff --git a/modules/container-registry/registry/replication/main.json b/modules/container-registry/registry/replication/main.json
index f520fb4066..4e38206ba4 100644
--- a/modules/container-registry/registry/replication/main.json
+++ b/modules/container-registry/registry/replication/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "842274698238951310"
+      "version": "0.22.6.54827",
+      "templateHash": "3105247041693395359"
     },
     "name": "Azure Container Registry (ACR) Replications",
     "description": "This module deploys an Azure Container Registry (ACR) Replication.",
diff --git a/modules/container-registry/registry/webhook/README.md b/modules/container-registry/registry/webhook/README.md
index 34a74af6cc..a44a03ca55 100644
--- a/modules/container-registry/registry/webhook/README.md
+++ b/modules/container-registry/registry/webhook/README.md
@@ -19,33 +19,102 @@ This module deploys an Azure Container Registry (ACR) Webhook.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `serviceUri` | string | The service URI for the webhook to post notifications. |
+| [`serviceUri`](#parameter-serviceuri) | string | The service URI for the webhook to post notifications. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `registryName` | string | The name of the parent registry. Required if the template is used in a standalone deployment. |
+| [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `action` | array | `[chart_delete, chart_push, delete, push, quarantine]` |  | The list of actions that trigger the webhook to post notifications. |
-| `customHeaders` | object | `{object}` |  | Custom headers that will be added to the webhook notifications. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `name` | string | `[format('{0}webhook', parameters('registryName'))]` |  | The name of the registry webhook. |
-| `scope` | string | `''` |  | The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events. |
-| `status` | string | `'enabled'` | `[disabled, enabled]` | The status of the webhook at the time the operation was called. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`action`](#parameter-action) | array | The list of actions that trigger the webhook to post notifications. |
+| [`customHeaders`](#parameter-customheaders) | object | Custom headers that will be added to the webhook notifications. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`name`](#parameter-name) | string | The name of the registry webhook. |
+| [`scope`](#parameter-scope) | string | The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events. |
+| [`status`](#parameter-status) | string | The status of the webhook at the time the operation was called. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+
+### Parameter: `action`
+
+The list of actions that trigger the webhook to post notifications.
+- Required: No
+- Type: array
+- Default: `[chart_delete, chart_push, delete, push, quarantine]`
+
+### Parameter: `customHeaders`
+
+Custom headers that will be added to the webhook notifications.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+The name of the registry webhook.
+- Required: No
+- Type: string
+- Default: `[format('{0}webhook', parameters('registryName'))]`
+
+### Parameter: `registryName`
+
+The name of the parent registry. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `scope`
+
+The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `serviceUri`
+
+The service URI for the webhook to post notifications.
+- Required: Yes
+- Type: string
+
+### Parameter: `status`
+
+The status of the webhook at the time the operation was called.
+- Required: No
+- Type: string
+- Default: `'enabled'`
+- Allowed: `[disabled, enabled]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `actions` | array | The actions of the webhook. |
 | `location` | string | The location the resource was deployed into. |
diff --git a/modules/container-registry/registry/webhook/main.json b/modules/container-registry/registry/webhook/main.json
index 025bf2a393..13ceaa13ed 100644
--- a/modules/container-registry/registry/webhook/main.json
+++ b/modules/container-registry/registry/webhook/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "1820627526704627956"
+      "version": "0.22.6.54827",
+      "templateHash": "6585565654056170037"
     },
     "name": "Azure Container Registry (ACR) Webhooks",
     "description": "This module deploys an Azure Container Registry (ACR) Webhook.",
diff --git a/modules/container-service/managed-cluster/.test/min/main.test.bicep b/modules/container-service/managed-cluster/.test/min/main.test.bicep
index b63007e8a7..477264b2e2 100644
--- a/modules/container-service/managed-cluster/.test/min/main.test.bicep
+++ b/modules/container-service/managed-cluster/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/container-service/managed-cluster/README.md b/modules/container-service/managed-cluster/README.md
index fb3247fc75..7fb97bc130 100644
--- a/modules/container-service/managed-cluster/README.md
+++ b/modules/container-service/managed-cluster/README.md
@@ -4,14 +4,14 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 - [Notes](#Notes)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -23,164 +23,28 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.
 | `Microsoft.KubernetesConfiguration/extensions` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/extensions) |
 | `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/fluxConfigurations) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the AKS cluster. |
-| `primaryAgentPoolProfile` | array | Properties of the primary agent pool. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `aksServicePrincipalProfile` | object | `{object}` | Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster. |
-| `appGatewayResourceId` | string | `''` | Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `aadProfileAdminGroupObjectIDs` | array | `[]` |  | Specifies the AAD group object IDs that will have admin role of the cluster. |
-| `aadProfileClientAppID` | string | `''` |  | The client AAD application ID. |
-| `aadProfileEnableAzureRBAC` | bool | `[parameters('enableRBAC')]` |  | Specifies whether to enable Azure RBAC for Kubernetes authorization. |
-| `aadProfileManaged` | bool | `True` |  | Specifies whether to enable managed AAD integration. |
-| `aadProfileServerAppID` | string | `''` |  | The server AAD application ID. |
-| `aadProfileServerAppSecret` | string | `''` |  | The server AAD application secret. |
-| `aadProfileTenantId` | string | `[subscription().tenantId]` |  | Specifies the tenant ID of the Azure Active Directory used by the AKS cluster for authentication. |
-| `aciConnectorLinuxEnabled` | bool | `False` |  | Specifies whether the aciConnectorLinux add-on is enabled or not. |
-| `adminUsername` | string | `'azureuser'` |  | Specifies the administrator username of Linux virtual machines. |
-| `agentPools` | array | `[]` |  | Define one or more secondary/additional agent pools. |
-| `authorizedIPRanges` | array | `[]` |  | IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. |
-| `autoScalerProfileBalanceSimilarNodeGroups` | string | `'false'` | `[false, true]` | Specifies the balance of similar node groups for the auto-scaler of the AKS cluster. |
-| `autoScalerProfileExpander` | string | `'random'` | `[least-waste, most-pods, priority, random]` | Specifies the expand strategy for the auto-scaler of the AKS cluster. |
-| `autoScalerProfileMaxEmptyBulkDelete` | string | `'10'` |  | Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster. |
-| `autoScalerProfileMaxGracefulTerminationSec` | string | `'600'` |  | Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster. |
-| `autoScalerProfileMaxNodeProvisionTime` | string | `'15m'` |  | Specifies the maximum node provisioning time for the auto-scaler of the AKS cluster. Values must be an integer followed by an "m". No unit of time other than minutes (m) is supported. |
-| `autoScalerProfileMaxTotalUnreadyPercentage` | string | `'45'` |  | Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0. |
-| `autoScalerProfileNewPodScaleUpDelay` | string | `'0s'` |  | For scenarios like burst/batch scale where you do not want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they are a certain age. Values must be an integer followed by a unit ("s" for seconds, "m" for minutes, "h" for hours, etc). |
-| `autoScalerProfileOkTotalUnreadyCount` | string | `'3'` |  | Specifies the OK total unready count for the auto-scaler of the AKS cluster. |
-| `autoScalerProfileScaleDownDelayAfterAdd` | string | `'10m'` |  | Specifies the scale down delay after add of the auto-scaler of the AKS cluster. |
-| `autoScalerProfileScaleDownDelayAfterDelete` | string | `'20s'` |  | Specifies the scale down delay after delete of the auto-scaler of the AKS cluster. |
-| `autoScalerProfileScaleDownDelayAfterFailure` | string | `'3m'` |  | Specifies scale down delay after failure of the auto-scaler of the AKS cluster. |
-| `autoScalerProfileScaleDownUnneededTime` | string | `'10m'` |  | Specifies the scale down unneeded time of the auto-scaler of the AKS cluster. |
-| `autoScalerProfileScaleDownUnreadyTime` | string | `'20m'` |  | Specifies the scale down unready time of the auto-scaler of the AKS cluster. |
-| `autoScalerProfileScanInterval` | string | `'10s'` |  | Specifies the scan interval of the auto-scaler of the AKS cluster. |
-| `autoScalerProfileSkipNodesWithLocalStorage` | string | `'true'` | `[false, true]` | Specifies if nodes with local storage should be skipped for the auto-scaler of the AKS cluster. |
-| `autoScalerProfileSkipNodesWithSystemPods` | string | `'true'` | `[false, true]` | Specifies if nodes with system pods should be skipped for the auto-scaler of the AKS cluster. |
-| `autoScalerProfileUtilizationThreshold` | string | `'0.5'` |  | Specifies the utilization threshold of the auto-scaler of the AKS cluster. |
-| `autoUpgradeProfileUpgradeChannel` | string | `''` | `['', node-image, none, patch, rapid, stable]` | Auto-upgrade channel on the AKS cluster. |
-| `azurePolicyEnabled` | bool | `True` |  | Specifies whether the azurepolicy add-on is enabled or not. For security reasons, this setting should be enabled. |
-| `azurePolicyVersion` | string | `'v2'` |  | Specifies the azure policy version to use. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, cluster-autoscaler, guard, kube-apiserver, kube-audit, kube-audit-admin, kube-controller-manager, kube-scheduler]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` |  | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `disableLocalAccounts` | bool | `False` |  | If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. |
-| `disableRunCommand` | bool | `False` |  | Whether to disable run command for the cluster or not. |
-| `diskEncryptionSetID` | string | `''` |  | The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided. |
-| `dnsPrefix` | string | `[parameters('name')]` |  | Specifies the DNS prefix specified when creating the managed cluster. |
-| `dnsServiceIP` | string | `''` |  | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. |
-| `dnsZoneResourceId` | string | `''` |  | Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`. |
-| `enableAzureDefender` | bool | `False` |  | Whether to enable Azure Defender. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enableDnsZoneContributorRoleAssignment` | bool | `True` |  | Specifies whether assing the DNS zone contributor role to the cluster service principal. It will be ignored if `webApplicationRoutingEnabled` is set to `false` or `dnsZoneResourceId` not provided. |
-| `enableKeyvaultSecretsProvider` | bool | `False` |  | Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. |
-| `enableOidcIssuerProfile` | bool | `False` |  | Whether the The OIDC issuer profile of the Managed Cluster is enabled. |
-| `enablePodSecurityPolicy` | bool | `False` |  | Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription. |
-| `enablePrivateCluster` | bool | `False` |  | Specifies whether to create the cluster as a private cluster or not. |
-| `enablePrivateClusterPublicFQDN` | bool | `False` |  | Whether to create additional public FQDN for private cluster or not. |
-| `enableRBAC` | bool | `True` |  | Whether to enable Kubernetes Role-Based Access Control. |
-| `enableSecretRotation` | string | `'false'` | `[false, true]` | Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation. |
-| `enableStorageProfileBlobCSIDriver` | bool | `False` |  | Whether the AzureBlob CSI Driver for the storage profile is enabled. |
-| `enableStorageProfileDiskCSIDriver` | bool | `False` |  | Whether the AzureDisk CSI Driver for the storage profile is enabled. |
-| `enableStorageProfileFileCSIDriver` | bool | `False` |  | Whether the AzureFile CSI Driver for the storage profile is enabled. |
-| `enableStorageProfileSnapshotController` | bool | `False` |  | Whether the snapshot controller for the storage profile is enabled. |
-| `enableWorkloadIdentity` | bool | `False` |  | Whether to enable Workload Identity. Requires OIDC issuer profile to be enabled. |
-| `fluxConfigurationProtectedSettings` | secureObject | `{object}` |  | Configuration settings that are sensitive, as name-value pairs for configuring this extension. |
-| `fluxExtension` | object | `{object}` |  | Settings and configurations for the flux extension. |
-| `httpApplicationRoutingEnabled` | bool | `False` |  | Specifies whether the httpApplicationRouting add-on is enabled or not. |
-| `httpProxyConfig` | object | `{object}` |  | Configurations for provisioning the cluster with HTTP proxy servers. |
-| `identityProfile` | object | `{object}` |  | Identities associated with the cluster. |
-| `ingressApplicationGatewayEnabled` | bool | `False` |  | Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. |
-| `kubeDashboardEnabled` | bool | `False` |  | Specifies whether the kubeDashboard add-on is enabled or not. |
-| `kubernetesVersion` | string | `''` |  | Version of Kubernetes specified when creating the managed cluster. |
-| `loadBalancerSku` | string | `'standard'` | `[basic, standard]` | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. |
-| `location` | string | `[resourceGroup().location]` |  | Specifies the location of AKS cluster. It picks up Resource Group's location by default. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `managedOutboundIPCount` | int | `0` |  | Outbound IP Count for the Load balancer. |
-| `monitoringWorkspaceId` | string | `''` |  | Resource ID of the monitoring log analytics workspace. |
-| `networkDataplane` | string | `''` | `['', azure, cilium]` | Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. |
-| `networkPlugin` | string | `''` | `['', azure, kubenet]` | Specifies the network plugin used for building Kubernetes network. |
-| `networkPluginMode` | string | `''` | `['', overlay]` | Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. |
-| `networkPolicy` | string | `''` | `['', azure, calico]` | Specifies the network policy used for building Kubernetes network. - calico or azure. |
-| `nodeResourceGroup` | string | `[format('{0}_aks_{1}_nodes', resourceGroup().name, parameters('name'))]` |  | Name of the resource group containing agent pool nodes. |
-| `omsAgentEnabled` | bool | `True` |  | Specifies whether the OMS agent is enabled. |
-| `openServiceMeshEnabled` | bool | `False` |  | Specifies whether the openServiceMesh add-on is enabled or not. |
-| `outboundType` | string | `'loadBalancer'` | `[loadBalancer, userDefinedRouting]` | Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting. |
-| `podCidr` | string | `''` |  | Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used. |
-| `podIdentityProfileAllowNetworkPluginKubenet` | bool | `False` |  | Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. |
-| `podIdentityProfileEnable` | bool | `False` |  | Whether the pod identity addon is enabled. |
-| `podIdentityProfileUserAssignedIdentities` | array | `[]` |  | The pod identities to use in the cluster. |
-| `podIdentityProfileUserAssignedIdentityExceptions` | array | `[]` |  | The pod identity exceptions to allow. |
-| `privateDNSZone` | string | `''` |  | Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `serviceCidr` | string | `''` |  | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. |
-| `skuTier` | string | `'Free'` | `[Free, Premium, Standard]` | Tier of a managed cluster SKU. - Free or Standard. |
-| `sshPublicKey` | string | `''` |  | Specifies the SSH RSA public key string for the Linux nodes. |
-| `supportPlan` | string | `'KubernetesOfficial'` | `[AKSLongTermSupport, KubernetesOfficial]` | The support plan for the Managed Cluster. |
-| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. |
-| `webApplicationRoutingEnabled` | bool | `False` |  | Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `addonProfiles` | object | The addonProfiles of the Kubernetes cluster. |
-| `controlPlaneFQDN` | string | The control plane FQDN of the managed cluster. |
-| `keyvaultIdentityClientId` | string | The Client ID of the Key Vault Secrets Provider identity. |
-| `keyvaultIdentityObjectId` | string | The Object ID of the Key Vault Secrets Provider identity. |
-| `kubeletidentityObjectId` | string | The Object ID of the AKS identity. |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the managed cluster. |
-| `oidcIssuerUrl` | string | The OIDC token issuer URL. |
-| `omsagentIdentityObjectId` | string | The Object ID of the OMS agent identity. |
-| `resourceGroupName` | string | The resource group the managed cluster was deployed into. |
-| `resourceId` | string | The resource ID of the managed cluster. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
-
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+## Usage examples
 
-| Reference | Type |
-| :-- | :-- |
-| `kubernetes-configuration/extension` | Local reference |
-| `kubernetes-configuration/flux-configuration` | Local reference |
-
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
    >**Note**: The name of each example is based on the name of the file from which it is taken.
 
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Azure</h3>
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/container-service.managed-cluster:1.0.0`.
+
+- [Azure](#example-1-azure)
+- [Kubenet](#example-2-kubenet)
+- [Using only defaults](#example-3-using-only-defaults)
+- [Priv](#example-4-priv)
+
+### Example 1: _Azure_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module managedCluster './container-service/managed-cluster/main.bicep' = {
+module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-csmaz'
   params: {
     // Required parameters
@@ -624,14 +488,14 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Kubenet</h3>
+### Example 2: _Kubenet_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module managedCluster './container-service/managed-cluster/main.bicep' = {
+module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-csmkube'
   params: {
     // Required parameters
@@ -873,14 +737,17 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 3: Min</h3>
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module managedCluster './container-service/managed-cluster/main.bicep' = {
+module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-csmmin'
   params: {
     // Required parameters
@@ -940,14 +807,14 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 4: Priv</h3>
+### Example 4: _Priv_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module managedCluster './container-service/managed-cluster/main.bicep' = {
+module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-csmpriv'
   params: {
     // Required parameters
@@ -1194,6 +1061,857 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {
 <p>
 
 
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Specifies the name of the AKS cluster. |
+| [`primaryAgentPoolProfile`](#parameter-primaryagentpoolprofile) | array | Properties of the primary agent pool. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`aksServicePrincipalProfile`](#parameter-aksserviceprincipalprofile) | object | Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster. |
+| [`appGatewayResourceId`](#parameter-appgatewayresourceid) | string | Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`aadProfileAdminGroupObjectIDs`](#parameter-aadprofileadmingroupobjectids) | array | Specifies the AAD group object IDs that will have admin role of the cluster. |
+| [`aadProfileClientAppID`](#parameter-aadprofileclientappid) | string | The client AAD application ID. |
+| [`aadProfileEnableAzureRBAC`](#parameter-aadprofileenableazurerbac) | bool | Specifies whether to enable Azure RBAC for Kubernetes authorization. |
+| [`aadProfileManaged`](#parameter-aadprofilemanaged) | bool | Specifies whether to enable managed AAD integration. |
+| [`aadProfileServerAppID`](#parameter-aadprofileserverappid) | string | The server AAD application ID. |
+| [`aadProfileServerAppSecret`](#parameter-aadprofileserverappsecret) | string | The server AAD application secret. |
+| [`aadProfileTenantId`](#parameter-aadprofiletenantid) | string | Specifies the tenant ID of the Azure Active Directory used by the AKS cluster for authentication. |
+| [`aciConnectorLinuxEnabled`](#parameter-aciconnectorlinuxenabled) | bool | Specifies whether the aciConnectorLinux add-on is enabled or not. |
+| [`adminUsername`](#parameter-adminusername) | string | Specifies the administrator username of Linux virtual machines. |
+| [`agentPools`](#parameter-agentpools) | array | Define one or more secondary/additional agent pools. |
+| [`authorizedIPRanges`](#parameter-authorizedipranges) | array | IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. |
+| [`autoScalerProfileBalanceSimilarNodeGroups`](#parameter-autoscalerprofilebalancesimilarnodegroups) | string | Specifies the balance of similar node groups for the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileExpander`](#parameter-autoscalerprofileexpander) | string | Specifies the expand strategy for the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileMaxEmptyBulkDelete`](#parameter-autoscalerprofilemaxemptybulkdelete) | string | Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileMaxGracefulTerminationSec`](#parameter-autoscalerprofilemaxgracefulterminationsec) | string | Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileMaxNodeProvisionTime`](#parameter-autoscalerprofilemaxnodeprovisiontime) | string | Specifies the maximum node provisioning time for the auto-scaler of the AKS cluster. Values must be an integer followed by an "m". No unit of time other than minutes (m) is supported. |
+| [`autoScalerProfileMaxTotalUnreadyPercentage`](#parameter-autoscalerprofilemaxtotalunreadypercentage) | string | Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0. |
+| [`autoScalerProfileNewPodScaleUpDelay`](#parameter-autoscalerprofilenewpodscaleupdelay) | string | For scenarios like burst/batch scale where you do not want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they are a certain age. Values must be an integer followed by a unit ("s" for seconds, "m" for minutes, "h" for hours, etc). |
+| [`autoScalerProfileOkTotalUnreadyCount`](#parameter-autoscalerprofileoktotalunreadycount) | string | Specifies the OK total unready count for the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileScaleDownDelayAfterAdd`](#parameter-autoscalerprofilescaledowndelayafteradd) | string | Specifies the scale down delay after add of the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileScaleDownDelayAfterDelete`](#parameter-autoscalerprofilescaledowndelayafterdelete) | string | Specifies the scale down delay after delete of the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileScaleDownDelayAfterFailure`](#parameter-autoscalerprofilescaledowndelayafterfailure) | string | Specifies scale down delay after failure of the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileScaleDownUnneededTime`](#parameter-autoscalerprofilescaledownunneededtime) | string | Specifies the scale down unneeded time of the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileScaleDownUnreadyTime`](#parameter-autoscalerprofilescaledownunreadytime) | string | Specifies the scale down unready time of the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileScanInterval`](#parameter-autoscalerprofilescaninterval) | string | Specifies the scan interval of the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileSkipNodesWithLocalStorage`](#parameter-autoscalerprofileskipnodeswithlocalstorage) | string | Specifies if nodes with local storage should be skipped for the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileSkipNodesWithSystemPods`](#parameter-autoscalerprofileskipnodeswithsystempods) | string | Specifies if nodes with system pods should be skipped for the auto-scaler of the AKS cluster. |
+| [`autoScalerProfileUtilizationThreshold`](#parameter-autoscalerprofileutilizationthreshold) | string | Specifies the utilization threshold of the auto-scaler of the AKS cluster. |
+| [`autoUpgradeProfileUpgradeChannel`](#parameter-autoupgradeprofileupgradechannel) | string | Auto-upgrade channel on the AKS cluster. |
+| [`azurePolicyEnabled`](#parameter-azurepolicyenabled) | bool | Specifies whether the azurepolicy add-on is enabled or not. For security reasons, this setting should be enabled. |
+| [`azurePolicyVersion`](#parameter-azurepolicyversion) | string | Specifies the azure policy version to use. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`disableLocalAccounts`](#parameter-disablelocalaccounts) | bool | If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. |
+| [`disableRunCommand`](#parameter-disableruncommand) | bool | Whether to disable run command for the cluster or not. |
+| [`diskEncryptionSetID`](#parameter-diskencryptionsetid) | string | The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided. |
+| [`dnsPrefix`](#parameter-dnsprefix) | string | Specifies the DNS prefix specified when creating the managed cluster. |
+| [`dnsServiceIP`](#parameter-dnsserviceip) | string | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. |
+| [`dnsZoneResourceId`](#parameter-dnszoneresourceid) | string | Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`. |
+| [`enableAzureDefender`](#parameter-enableazuredefender) | bool | Whether to enable Azure Defender. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enableDnsZoneContributorRoleAssignment`](#parameter-enablednszonecontributorroleassignment) | bool | Specifies whether assing the DNS zone contributor role to the cluster service principal. It will be ignored if `webApplicationRoutingEnabled` is set to `false` or `dnsZoneResourceId` not provided. |
+| [`enableKeyvaultSecretsProvider`](#parameter-enablekeyvaultsecretsprovider) | bool | Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. |
+| [`enableOidcIssuerProfile`](#parameter-enableoidcissuerprofile) | bool | Whether the The OIDC issuer profile of the Managed Cluster is enabled. |
+| [`enablePodSecurityPolicy`](#parameter-enablepodsecuritypolicy) | bool | Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription. |
+| [`enablePrivateCluster`](#parameter-enableprivatecluster) | bool | Specifies whether to create the cluster as a private cluster or not. |
+| [`enablePrivateClusterPublicFQDN`](#parameter-enableprivateclusterpublicfqdn) | bool | Whether to create additional public FQDN for private cluster or not. |
+| [`enableRBAC`](#parameter-enablerbac) | bool | Whether to enable Kubernetes Role-Based Access Control. |
+| [`enableSecretRotation`](#parameter-enablesecretrotation) | string | Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation. |
+| [`enableStorageProfileBlobCSIDriver`](#parameter-enablestorageprofileblobcsidriver) | bool | Whether the AzureBlob CSI Driver for the storage profile is enabled. |
+| [`enableStorageProfileDiskCSIDriver`](#parameter-enablestorageprofilediskcsidriver) | bool | Whether the AzureDisk CSI Driver for the storage profile is enabled. |
+| [`enableStorageProfileFileCSIDriver`](#parameter-enablestorageprofilefilecsidriver) | bool | Whether the AzureFile CSI Driver for the storage profile is enabled. |
+| [`enableStorageProfileSnapshotController`](#parameter-enablestorageprofilesnapshotcontroller) | bool | Whether the snapshot controller for the storage profile is enabled. |
+| [`enableWorkloadIdentity`](#parameter-enableworkloadidentity) | bool | Whether to enable Workload Identity. Requires OIDC issuer profile to be enabled. |
+| [`fluxConfigurationProtectedSettings`](#parameter-fluxconfigurationprotectedsettings) | secureObject | Configuration settings that are sensitive, as name-value pairs for configuring this extension. |
+| [`fluxExtension`](#parameter-fluxextension) | object | Settings and configurations for the flux extension. |
+| [`httpApplicationRoutingEnabled`](#parameter-httpapplicationroutingenabled) | bool | Specifies whether the httpApplicationRouting add-on is enabled or not. |
+| [`httpProxyConfig`](#parameter-httpproxyconfig) | object | Configurations for provisioning the cluster with HTTP proxy servers. |
+| [`identityProfile`](#parameter-identityprofile) | object | Identities associated with the cluster. |
+| [`ingressApplicationGatewayEnabled`](#parameter-ingressapplicationgatewayenabled) | bool | Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. |
+| [`kubeDashboardEnabled`](#parameter-kubedashboardenabled) | bool | Specifies whether the kubeDashboard add-on is enabled or not. |
+| [`kubernetesVersion`](#parameter-kubernetesversion) | string | Version of Kubernetes specified when creating the managed cluster. |
+| [`loadBalancerSku`](#parameter-loadbalancersku) | string | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. |
+| [`location`](#parameter-location) | string | Specifies the location of AKS cluster. It picks up Resource Group's location by default. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`managedOutboundIPCount`](#parameter-managedoutboundipcount) | int | Outbound IP Count for the Load balancer. |
+| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. |
+| [`networkDataplane`](#parameter-networkdataplane) | string | Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. |
+| [`networkPlugin`](#parameter-networkplugin) | string | Specifies the network plugin used for building Kubernetes network. |
+| [`networkPluginMode`](#parameter-networkpluginmode) | string | Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. |
+| [`networkPolicy`](#parameter-networkpolicy) | string | Specifies the network policy used for building Kubernetes network. - calico or azure. |
+| [`nodeResourceGroup`](#parameter-noderesourcegroup) | string | Name of the resource group containing agent pool nodes. |
+| [`omsAgentEnabled`](#parameter-omsagentenabled) | bool | Specifies whether the OMS agent is enabled. |
+| [`openServiceMeshEnabled`](#parameter-openservicemeshenabled) | bool | Specifies whether the openServiceMesh add-on is enabled or not. |
+| [`outboundType`](#parameter-outboundtype) | string | Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting. |
+| [`podCidr`](#parameter-podcidr) | string | Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used. |
+| [`podIdentityProfileAllowNetworkPluginKubenet`](#parameter-podidentityprofileallownetworkpluginkubenet) | bool | Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. |
+| [`podIdentityProfileEnable`](#parameter-podidentityprofileenable) | bool | Whether the pod identity addon is enabled. |
+| [`podIdentityProfileUserAssignedIdentities`](#parameter-podidentityprofileuserassignedidentities) | array | The pod identities to use in the cluster. |
+| [`podIdentityProfileUserAssignedIdentityExceptions`](#parameter-podidentityprofileuserassignedidentityexceptions) | array | The pod identity exceptions to allow. |
+| [`privateDNSZone`](#parameter-privatednszone) | string | Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`serviceCidr`](#parameter-servicecidr) | string | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. |
+| [`skuTier`](#parameter-skutier) | string | Tier of a managed cluster SKU. - Free or Standard. |
+| [`sshPublicKey`](#parameter-sshpublickey) | string | Specifies the SSH RSA public key string for the Linux nodes. |
+| [`supportPlan`](#parameter-supportplan) | string | The support plan for the Managed Cluster. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+| [`webApplicationRoutingEnabled`](#parameter-webapplicationroutingenabled) | bool | Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. |
+
+### Parameter: `aadProfileAdminGroupObjectIDs`
+
+Specifies the AAD group object IDs that will have admin role of the cluster.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `aadProfileClientAppID`
+
+The client AAD application ID.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `aadProfileEnableAzureRBAC`
+
+Specifies whether to enable Azure RBAC for Kubernetes authorization.
+- Required: No
+- Type: bool
+- Default: `[parameters('enableRBAC')]`
+
+### Parameter: `aadProfileManaged`
+
+Specifies whether to enable managed AAD integration.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `aadProfileServerAppID`
+
+The server AAD application ID.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `aadProfileServerAppSecret`
+
+The server AAD application secret.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `aadProfileTenantId`
+
+Specifies the tenant ID of the Azure Active Directory used by the AKS cluster for authentication.
+- Required: No
+- Type: string
+- Default: `[subscription().tenantId]`
+
+### Parameter: `aciConnectorLinuxEnabled`
+
+Specifies whether the aciConnectorLinux add-on is enabled or not.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `adminUsername`
+
+Specifies the administrator username of Linux virtual machines.
+- Required: No
+- Type: string
+- Default: `'azureuser'`
+
+### Parameter: `agentPools`
+
+Define one or more secondary/additional agent pools.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `aksServicePrincipalProfile`
+
+Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `appGatewayResourceId`
+
+Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `authorizedIPRanges`
+
+IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `autoScalerProfileBalanceSimilarNodeGroups`
+
+Specifies the balance of similar node groups for the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'false'`
+- Allowed: `[false, true]`
+
+### Parameter: `autoScalerProfileExpander`
+
+Specifies the expand strategy for the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'random'`
+- Allowed: `[least-waste, most-pods, priority, random]`
+
+### Parameter: `autoScalerProfileMaxEmptyBulkDelete`
+
+Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'10'`
+
+### Parameter: `autoScalerProfileMaxGracefulTerminationSec`
+
+Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'600'`
+
+### Parameter: `autoScalerProfileMaxNodeProvisionTime`
+
+Specifies the maximum node provisioning time for the auto-scaler of the AKS cluster. Values must be an integer followed by an "m". No unit of time other than minutes (m) is supported.
+- Required: No
+- Type: string
+- Default: `'15m'`
+
+### Parameter: `autoScalerProfileMaxTotalUnreadyPercentage`
+
+Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0.
+- Required: No
+- Type: string
+- Default: `'45'`
+
+### Parameter: `autoScalerProfileNewPodScaleUpDelay`
+
+For scenarios like burst/batch scale where you do not want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they are a certain age. Values must be an integer followed by a unit ("s" for seconds, "m" for minutes, "h" for hours, etc).
+- Required: No
+- Type: string
+- Default: `'0s'`
+
+### Parameter: `autoScalerProfileOkTotalUnreadyCount`
+
+Specifies the OK total unready count for the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'3'`
+
+### Parameter: `autoScalerProfileScaleDownDelayAfterAdd`
+
+Specifies the scale down delay after add of the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'10m'`
+
+### Parameter: `autoScalerProfileScaleDownDelayAfterDelete`
+
+Specifies the scale down delay after delete of the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'20s'`
+
+### Parameter: `autoScalerProfileScaleDownDelayAfterFailure`
+
+Specifies scale down delay after failure of the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'3m'`
+
+### Parameter: `autoScalerProfileScaleDownUnneededTime`
+
+Specifies the scale down unneeded time of the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'10m'`
+
+### Parameter: `autoScalerProfileScaleDownUnreadyTime`
+
+Specifies the scale down unready time of the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'20m'`
+
+### Parameter: `autoScalerProfileScanInterval`
+
+Specifies the scan interval of the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'10s'`
+
+### Parameter: `autoScalerProfileSkipNodesWithLocalStorage`
+
+Specifies if nodes with local storage should be skipped for the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'true'`
+- Allowed: `[false, true]`
+
+### Parameter: `autoScalerProfileSkipNodesWithSystemPods`
+
+Specifies if nodes with system pods should be skipped for the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'true'`
+- Allowed: `[false, true]`
+
+### Parameter: `autoScalerProfileUtilizationThreshold`
+
+Specifies the utilization threshold of the auto-scaler of the AKS cluster.
+- Required: No
+- Type: string
+- Default: `'0.5'`
+
+### Parameter: `autoUpgradeProfileUpgradeChannel`
+
+Auto-upgrade channel on the AKS cluster.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', node-image, none, patch, rapid, stable]`
+
+### Parameter: `azurePolicyEnabled`
+
+Specifies whether the azurepolicy add-on is enabled or not. For security reasons, this setting should be enabled.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `azurePolicyVersion`
+
+Specifies the azure policy version to use.
+- Required: No
+- Type: string
+- Default: `'v2'`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, cluster-autoscaler, guard, kube-apiserver, kube-audit, kube-audit-admin, kube-controller-manager, kube-scheduler]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `disableLocalAccounts`
+
+If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `disableRunCommand`
+
+Whether to disable run command for the cluster or not.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `diskEncryptionSetID`
+
+The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `dnsPrefix`
+
+Specifies the DNS prefix specified when creating the managed cluster.
+- Required: No
+- Type: string
+- Default: `[parameters('name')]`
+
+### Parameter: `dnsServiceIP`
+
+Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `dnsZoneResourceId`
+
+Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableAzureDefender`
+
+Whether to enable Azure Defender.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableDnsZoneContributorRoleAssignment`
+
+Specifies whether assing the DNS zone contributor role to the cluster service principal. It will be ignored if `webApplicationRoutingEnabled` is set to `false` or `dnsZoneResourceId` not provided.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableKeyvaultSecretsProvider`
+
+Specifies whether the KeyvaultSecretsProvider add-on is enabled or not.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableOidcIssuerProfile`
+
+Whether the The OIDC issuer profile of the Managed Cluster is enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enablePodSecurityPolicy`
+
+Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enablePrivateCluster`
+
+Specifies whether to create the cluster as a private cluster or not.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enablePrivateClusterPublicFQDN`
+
+Whether to create additional public FQDN for private cluster or not.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableRBAC`
+
+Whether to enable Kubernetes Role-Based Access Control.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableSecretRotation`
+
+Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation.
+- Required: No
+- Type: string
+- Default: `'false'`
+- Allowed: `[false, true]`
+
+### Parameter: `enableStorageProfileBlobCSIDriver`
+
+Whether the AzureBlob CSI Driver for the storage profile is enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableStorageProfileDiskCSIDriver`
+
+Whether the AzureDisk CSI Driver for the storage profile is enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableStorageProfileFileCSIDriver`
+
+Whether the AzureFile CSI Driver for the storage profile is enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableStorageProfileSnapshotController`
+
+Whether the snapshot controller for the storage profile is enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableWorkloadIdentity`
+
+Whether to enable Workload Identity. Requires OIDC issuer profile to be enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `fluxConfigurationProtectedSettings`
+
+Configuration settings that are sensitive, as name-value pairs for configuring this extension.
+- Required: No
+- Type: secureObject
+- Default: `{object}`
+
+### Parameter: `fluxExtension`
+
+Settings and configurations for the flux extension.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `httpApplicationRoutingEnabled`
+
+Specifies whether the httpApplicationRouting add-on is enabled or not.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `httpProxyConfig`
+
+Configurations for provisioning the cluster with HTTP proxy servers.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `identityProfile`
+
+Identities associated with the cluster.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `ingressApplicationGatewayEnabled`
+
+Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `kubeDashboardEnabled`
+
+Specifies whether the kubeDashboard add-on is enabled or not.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `kubernetesVersion`
+
+Version of Kubernetes specified when creating the managed cluster.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `loadBalancerSku`
+
+Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools.
+- Required: No
+- Type: string
+- Default: `'standard'`
+- Allowed: `[basic, standard]`
+
+### Parameter: `location`
+
+Specifies the location of AKS cluster. It picks up Resource Group's location by default.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `managedOutboundIPCount`
+
+Outbound IP Count for the Load balancer.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `monitoringWorkspaceId`
+
+Resource ID of the monitoring log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+Specifies the name of the AKS cluster.
+- Required: Yes
+- Type: string
+
+### Parameter: `networkDataplane`
+
+Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', azure, cilium]`
+
+### Parameter: `networkPlugin`
+
+Specifies the network plugin used for building Kubernetes network.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', azure, kubenet]`
+
+### Parameter: `networkPluginMode`
+
+Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', overlay]`
+
+### Parameter: `networkPolicy`
+
+Specifies the network policy used for building Kubernetes network. - calico or azure.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', azure, calico]`
+
+### Parameter: `nodeResourceGroup`
+
+Name of the resource group containing agent pool nodes.
+- Required: No
+- Type: string
+- Default: `[format('{0}_aks_{1}_nodes', resourceGroup().name, parameters('name'))]`
+
+### Parameter: `omsAgentEnabled`
+
+Specifies whether the OMS agent is enabled.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `openServiceMeshEnabled`
+
+Specifies whether the openServiceMesh add-on is enabled or not.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `outboundType`
+
+Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting.
+- Required: No
+- Type: string
+- Default: `'loadBalancer'`
+- Allowed: `[loadBalancer, userDefinedRouting]`
+
+### Parameter: `podCidr`
+
+Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `podIdentityProfileAllowNetworkPluginKubenet`
+
+Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `podIdentityProfileEnable`
+
+Whether the pod identity addon is enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `podIdentityProfileUserAssignedIdentities`
+
+The pod identities to use in the cluster.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `podIdentityProfileUserAssignedIdentityExceptions`
+
+The pod identity exceptions to allow.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `primaryAgentPoolProfile`
+
+Properties of the primary agent pool.
+- Required: Yes
+- Type: array
+
+### Parameter: `privateDNSZone`
+
+Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `serviceCidr`
+
+A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `skuTier`
+
+Tier of a managed cluster SKU. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Premium, Standard]`
+
+### Parameter: `sshPublicKey`
+
+Specifies the SSH RSA public key string for the Linux nodes.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `supportPlan`
+
+The support plan for the Managed Cluster.
+- Required: No
+- Type: string
+- Default: `'KubernetesOfficial'`
+- Allowed: `[AKSLongTermSupport, KubernetesOfficial]`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `webApplicationRoutingEnabled`
+
+Specifies whether the webApplicationRoutingEnabled add-on is enabled or not.
+- Required: No
+- Type: bool
+- Default: `False`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `addonProfiles` | object | The addonProfiles of the Kubernetes cluster. |
+| `controlPlaneFQDN` | string | The control plane FQDN of the managed cluster. |
+| `keyvaultIdentityClientId` | string | The Client ID of the Key Vault Secrets Provider identity. |
+| `keyvaultIdentityObjectId` | string | The Object ID of the Key Vault Secrets Provider identity. |
+| `kubeletidentityObjectId` | string | The Object ID of the AKS identity. |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the managed cluster. |
+| `oidcIssuerUrl` | string | The OIDC token issuer URL. |
+| `omsagentIdentityObjectId` | string | The Object ID of the OMS agent identity. |
+| `resourceGroupName` | string | The resource group the managed cluster was deployed into. |
+| `resourceId` | string | The resource ID of the managed cluster. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/kubernetes-configuration/extension` | Local reference |
+| `modules/kubernetes-configuration/flux-configuration` | Local reference |
+
 ## Notes
 
 ### Parameter Usage: `httpProxyConfig`
diff --git a/modules/container-service/managed-cluster/agent-pool/README.md b/modules/container-service/managed-cluster/agent-pool/README.md
index 56fd616524..3c02efae7a 100644
--- a/modules/container-service/managed-cluster/agent-pool/README.md
+++ b/modules/container-service/managed-cluster/agent-pool/README.md
@@ -4,12 +4,12 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -19,60 +19,324 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `name` | string | Name of the agent pool. |
+| [`name`](#parameter-name) | string | Name of the agent pool. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `managedClusterName` | string | The name of the parent managed cluster. Required if the template is used in a standalone deployment. |
+| [`managedClusterName`](#parameter-managedclustername) | string | The name of the parent managed cluster. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `availabilityZones` | array | `[]` |  | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets". |
-| `count` | int | `1` |  | Desired Number of agents (VMs) specified to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. |
-| `enableAutoScaling` | bool | `False` |  | Whether to enable auto-scaler. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enableEncryptionAtHost` | bool | `False` |  | This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption. For security reasons, this setting should be enabled. |
-| `enableFIPS` | bool | `False` |  | See Add a FIPS-enabled node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. |
-| `enableNodePublicIP` | bool | `False` |  | Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). |
-| `enableUltraSSD` | bool | `False` |  | Whether to enable UltraSSD. |
-| `gpuInstanceProfile` | string | `''` | `['', MIG1g, MIG2g, MIG3g, MIG4g, MIG7g]` | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. |
-| `kubeletDiskType` | string | `''` |  | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. |
-| `maxCount` | int | `-1` |  | The maximum number of nodes for auto-scaling. |
-| `maxPods` | int | `-1` |  | The maximum number of pods that can run on a node. |
-| `maxSurge` | string | `''` |  | This can either be set to an integer (e.g. "5") or a percentage (e.g. "50%"). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: /azure/aks/upgrade-cluster#customize-node-surge-upgrade. |
-| `minCount` | int | `-1` |  | The minimum number of nodes for auto-scaling. |
-| `mode` | string | `''` |  | A cluster must have at least one "System" Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools. |
-| `nodeLabels` | object | `{object}` |  | The node labels to be persisted across all nodes in agent pool. |
-| `nodePublicIpPrefixId` | string | `''` |  | ResourceId of the node PublicIPPrefix. |
-| `nodeTaints` | array | `[]` |  | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. |
-| `orchestratorVersion` | string | `''` |  | As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). |
-| `osDiskSizeGB` | int | `0` |  | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. |
-| `osDiskType` | string | `''` | `['', Ephemeral, Managed]` | The default is "Ephemeral" if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to "Managed". May not be changed after creation. For more information see Ephemeral OS (https://learn.microsoft.com/en-us/azure/aks/cluster-configuration#ephemeral-os). |
-| `osSku` | string | `''` | `['', AzureLinux, CBLMariner, Ubuntu, Windows2019, Windows2022]` | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. |
-| `osType` | string | `'Linux'` | `[Linux, Windows]` | The operating system type. The default is Linux. |
-| `podSubnetId` | string | `''` |  | Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. |
-| `proximityPlacementGroupResourceId` | string | `''` |  | The ID for the Proximity Placement Group. |
-| `scaleDownMode` | string | `'Delete'` | `[Deallocate, Delete]` | Describes how VMs are added to or removed from Agent Pools. See billing states (https://learn.microsoft.com/en-us/azure/virtual-machines/states-billing). |
-| `scaleSetEvictionPolicy` | string | `'Delete'` | `[Deallocate, Delete]` | The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs. |
-| `scaleSetPriority` | string | `''` | `['', Regular, Spot]` | The Virtual Machine Scale Set priority. |
-| `sourceResourceId` | string | `''` |  | This is the ARM ID of the source object to be used to create the target object. |
-| `spotMaxPrice` | int | `-1` |  | Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing (https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms#pricing). |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `type` | string | `''` |  | The type of Agent Pool. |
-| `vmSize` | string | `'Standard_D2s_v3'` |  | VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions. |
-| `vnetSubnetId` | string | `''` |  | Node Subnet ID. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. |
-| `workloadRuntime` | string | `''` |  | Determines the type of workload a node can run. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`availabilityZones`](#parameter-availabilityzones) | array | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets". |
+| [`count`](#parameter-count) | int | Desired Number of agents (VMs) specified to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. |
+| [`enableAutoScaling`](#parameter-enableautoscaling) | bool | Whether to enable auto-scaler. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enableEncryptionAtHost`](#parameter-enableencryptionathost) | bool | This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption. For security reasons, this setting should be enabled. |
+| [`enableFIPS`](#parameter-enablefips) | bool | See Add a FIPS-enabled node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. |
+| [`enableNodePublicIP`](#parameter-enablenodepublicip) | bool | Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). |
+| [`enableUltraSSD`](#parameter-enableultrassd) | bool | Whether to enable UltraSSD. |
+| [`gpuInstanceProfile`](#parameter-gpuinstanceprofile) | string | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. |
+| [`kubeletDiskType`](#parameter-kubeletdisktype) | string | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. |
+| [`maxCount`](#parameter-maxcount) | int | The maximum number of nodes for auto-scaling. |
+| [`maxPods`](#parameter-maxpods) | int | The maximum number of pods that can run on a node. |
+| [`maxSurge`](#parameter-maxsurge) | string | This can either be set to an integer (e.g. "5") or a percentage (e.g. "50%"). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: /azure/aks/upgrade-cluster#customize-node-surge-upgrade. |
+| [`minCount`](#parameter-mincount) | int | The minimum number of nodes for auto-scaling. |
+| [`mode`](#parameter-mode) | string | A cluster must have at least one "System" Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools. |
+| [`nodeLabels`](#parameter-nodelabels) | object | The node labels to be persisted across all nodes in agent pool. |
+| [`nodePublicIpPrefixId`](#parameter-nodepublicipprefixid) | string | ResourceId of the node PublicIPPrefix. |
+| [`nodeTaints`](#parameter-nodetaints) | array | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. |
+| [`orchestratorVersion`](#parameter-orchestratorversion) | string | As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). |
+| [`osDiskSizeGB`](#parameter-osdisksizegb) | int | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. |
+| [`osDiskType`](#parameter-osdisktype) | string | The default is "Ephemeral" if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to "Managed". May not be changed after creation. For more information see Ephemeral OS (https://learn.microsoft.com/en-us/azure/aks/cluster-configuration#ephemeral-os). |
+| [`osSku`](#parameter-ossku) | string | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. |
+| [`osType`](#parameter-ostype) | string | The operating system type. The default is Linux. |
+| [`podSubnetId`](#parameter-podsubnetid) | string | Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. |
+| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | The ID for the Proximity Placement Group. |
+| [`scaleDownMode`](#parameter-scaledownmode) | string | Describes how VMs are added to or removed from Agent Pools. See billing states (https://learn.microsoft.com/en-us/azure/virtual-machines/states-billing). |
+| [`scaleSetEvictionPolicy`](#parameter-scalesetevictionpolicy) | string | The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs. |
+| [`scaleSetPriority`](#parameter-scalesetpriority) | string | The Virtual Machine Scale Set priority. |
+| [`sourceResourceId`](#parameter-sourceresourceid) | string | This is the ARM ID of the source object to be used to create the target object. |
+| [`spotMaxPrice`](#parameter-spotmaxprice) | int | Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing (https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms#pricing). |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`type`](#parameter-type) | string | The type of Agent Pool. |
+| [`vmSize`](#parameter-vmsize) | string | VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions. |
+| [`vnetSubnetId`](#parameter-vnetsubnetid) | string | Node Subnet ID. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. |
+| [`workloadRuntime`](#parameter-workloadruntime) | string | Determines the type of workload a node can run. |
+
+### Parameter: `availabilityZones`
+
+The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets".
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `count`
+
+Desired Number of agents (VMs) specified to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `enableAutoScaling`
+
+Whether to enable auto-scaler.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableEncryptionAtHost`
+
+This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption. For security reasons, this setting should be enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableFIPS`
+
+See Add a FIPS-enabled node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableNodePublicIP`
+
+Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools).
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableUltraSSD`
+
+Whether to enable UltraSSD.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `gpuInstanceProfile`
+
+GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', MIG1g, MIG2g, MIG3g, MIG4g, MIG7g]`
+
+### Parameter: `kubeletDiskType`
+
+Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `managedClusterName`
+
+The name of the parent managed cluster. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `maxCount`
+
+The maximum number of nodes for auto-scaling.
+- Required: No
+- Type: int
+- Default: `-1`
+
+### Parameter: `maxPods`
+
+The maximum number of pods that can run on a node.
+- Required: No
+- Type: int
+- Default: `-1`
+
+### Parameter: `maxSurge`
+
+This can either be set to an integer (e.g. "5") or a percentage (e.g. "50%"). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: /azure/aks/upgrade-cluster#customize-node-surge-upgrade.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `minCount`
+
+The minimum number of nodes for auto-scaling.
+- Required: No
+- Type: int
+- Default: `-1`
+
+### Parameter: `mode`
+
+A cluster must have at least one "System" Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+Name of the agent pool.
+- Required: Yes
+- Type: string
+
+### Parameter: `nodeLabels`
+
+The node labels to be persisted across all nodes in agent pool.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `nodePublicIpPrefixId`
+
+ResourceId of the node PublicIPPrefix.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `nodeTaints`
+
+The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `orchestratorVersion`
+
+As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `osDiskSizeGB`
+
+OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `osDiskType`
+
+The default is "Ephemeral" if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to "Managed". May not be changed after creation. For more information see Ephemeral OS (https://learn.microsoft.com/en-us/azure/aks/cluster-configuration#ephemeral-os).
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Ephemeral, Managed]`
+
+### Parameter: `osSku`
+
+Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', AzureLinux, CBLMariner, Ubuntu, Windows2019, Windows2022]`
+
+### Parameter: `osType`
+
+The operating system type. The default is Linux.
+- Required: No
+- Type: string
+- Default: `'Linux'`
+- Allowed: `[Linux, Windows]`
+
+### Parameter: `podSubnetId`
+
+Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `proximityPlacementGroupResourceId`
+
+The ID for the Proximity Placement Group.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `scaleDownMode`
+
+Describes how VMs are added to or removed from Agent Pools. See billing states (https://learn.microsoft.com/en-us/azure/virtual-machines/states-billing).
+- Required: No
+- Type: string
+- Default: `'Delete'`
+- Allowed: `[Deallocate, Delete]`
+
+### Parameter: `scaleSetEvictionPolicy`
+
+The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs.
+- Required: No
+- Type: string
+- Default: `'Delete'`
+- Allowed: `[Deallocate, Delete]`
+
+### Parameter: `scaleSetPriority`
+
+The Virtual Machine Scale Set priority.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Regular, Spot]`
+
+### Parameter: `sourceResourceId`
+
+This is the ARM ID of the source object to be used to create the target object.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `spotMaxPrice`
+
+Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing (https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms#pricing).
+- Required: No
+- Type: int
+- Default: `-1`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `type`
+
+The type of Agent Pool.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `vmSize`
+
+VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions.
+- Required: No
+- Type: string
+- Default: `'Standard_D2s_v3'`
+
+### Parameter: `vnetSubnetId`
+
+Node Subnet ID. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `workloadRuntime`
+
+Determines the type of workload a node can run.
+- Required: No
+- Type: string
+- Default: `''`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the agent pool. |
 | `resourceGroupName` | string | The resource group the agent pool was deployed into. |
diff --git a/modules/container-service/managed-cluster/agent-pool/main.json b/modules/container-service/managed-cluster/agent-pool/main.json
index a99f675bf9..9325db5ebe 100644
--- a/modules/container-service/managed-cluster/agent-pool/main.json
+++ b/modules/container-service/managed-cluster/agent-pool/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "15838012443949702483"
+      "version": "0.22.6.54827",
+      "templateHash": "4102221439423294777"
     },
     "name": "Azure Kubernetes Service (AKS) Managed Cluster Agent Pools",
     "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool.",
diff --git a/modules/container-service/managed-cluster/main.json b/modules/container-service/managed-cluster/main.json
index ee3d0499c8..ad17d46755 100644
--- a/modules/container-service/managed-cluster/main.json
+++ b/modules/container-service/managed-cluster/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "1411508113014099928"
+      "version": "0.22.6.54827",
+      "templateHash": "5840083578872726906"
     },
     "name": "Azure Kubernetes Service (AKS) Managed Clusters",
     "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.",
@@ -1102,8 +1102,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "15838012443949702483"
+              "version": "0.22.6.54827",
+              "templateHash": "4102221439423294777"
             },
             "name": "Azure Kubernetes Service (AKS) Managed Cluster Agent Pools",
             "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool.",
@@ -1545,8 +1545,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "14913275975998013893"
+              "version": "0.22.6.54827",
+              "templateHash": "5002606439705018990"
             },
             "name": "Kubernetes Configuration Extensions",
             "description": "This module deploys a Kubernetes Configuration Extension.",
@@ -1708,8 +1708,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "11648869363176032755"
+                      "version": "0.22.6.54827",
+                      "templateHash": "6686104224333946371"
                     },
                     "name": "Kubernetes Configuration Flux Configurations",
                     "description": "This module deploys a Kubernetes Configuration Flux Configuration.",
@@ -1929,8 +1929,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "11132457537180081397"
+              "version": "0.22.6.54827",
+              "templateHash": "921005320898310167"
             }
           },
           "parameters": {
diff --git a/modules/data-factory/factory/.test/common/main.test.bicep b/modules/data-factory/factory/.test/common/main.test.bicep
index 31c1fa8500..9d7ac74872 100644
--- a/modules/data-factory/factory/.test/common/main.test.bicep
+++ b/modules/data-factory/factory/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/data-factory/factory/.test/min/main.test.bicep b/modules/data-factory/factory/.test/min/main.test.bicep
index 9f0e43eef7..f5dadd9372 100644
--- a/modules/data-factory/factory/.test/min/main.test.bicep
+++ b/modules/data-factory/factory/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/data-factory/factory/README.md b/modules/data-factory/factory/README.md
index 02ca57084e..63240b312e 100644
--- a/modules/data-factory/factory/README.md
+++ b/modules/data-factory/factory/README.md
@@ -4,14 +4,14 @@ This module deploys a Data Factory.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 - [Notes](#Notes)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -25,91 +25,29 @@ This module deploys a Data Factory.
 | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) |
 | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the Azure Factory to create. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
-| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `cMKKeyName` | string | `''` |  | The name of the customer managed key to use for encryption. |
-| `cMKKeyVersion` | string | `''` |  | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', ActivityRuns, allLogs, PipelineRuns, SSISIntegrationRuntimeLogs, SSISPackageEventMessageContext, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, TriggerRuns]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` |  | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `gitAccountName` | string | `''` |  | The account name. |
-| `gitCollaborationBranch` | string | `'main'` |  | The collaboration branch name. Default is 'main'. |
-| `gitConfigureLater` | bool | `True` |  | Boolean to define whether or not to configure git during template deployment. |
-| `gitDisablePublish` | bool | `False` |  | Disable manual publish operation in ADF studio to favor automated publish. |
-| `gitHostName` | string | `''` |  | The GitHub Enterprise Server host (prefixed with 'https://'). Only relevant for 'FactoryGitHubConfiguration'. |
-| `gitProjectName` | string | `''` |  | The project name. Only relevant for 'FactoryVSTSConfiguration'. |
-| `gitRepositoryName` | string | `''` |  | The repository name. |
-| `gitRepoType` | string | `'FactoryVSTSConfiguration'` |  | Repository type - can be 'FactoryVSTSConfiguration' or 'FactoryGitHubConfiguration'. Default is 'FactoryVSTSConfiguration'. |
-| `gitRootFolder` | string | `'/'` |  | The root folder path name. Default is '/'. |
-| `globalParameters` | object | `{object}` |  | List of Global Parameters for the factory. |
-| `integrationRuntimes` | array | `[]` |  | An array of objects for the configuration of an Integration Runtime. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all Resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `managedPrivateEndpoints` | array | `[]` |  | An array of managed private endpoints objects created in the Data Factory managed virtual network. |
-| `managedVirtualNetworkName` | string | `''` |  | The name of the Managed Virtual Network. |
-| `privateEndpoints` | array | `[]` |  | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
-| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. |
-
-
-## Outputs
+## Usage examples
 
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The Name of the Azure Data Factory instance. |
-| `resourceGroupName` | string | The name of the Resource Group with the Data factory. |
-| `resourceId` | string | The Resource ID of the Data factory. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/data-factory.factory:1.0.0`.
 
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-## Deployment examples
+### Example 1: _Using large parameter set_
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+This instance deploys the module with most of its features enabled.
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module factory './data-factory/factory/main.bicep' = {
+module factory 'br:bicep/modules/data-factory.factory:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dffcom'
   params: {
     // Required parameters
@@ -333,14 +271,17 @@ module factory './data-factory/factory/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module factory './data-factory/factory/main.bicep' = {
+module factory 'br:bicep/modules/data-factory.factory:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dffmin'
   params: {
     // Required parameters
@@ -379,6 +320,317 @@ module factory './data-factory/factory/main.bicep' = {
 <p>
 
 
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the Azure Factory to create. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
+| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. |
+| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`gitAccountName`](#parameter-gitaccountname) | string | The account name. |
+| [`gitCollaborationBranch`](#parameter-gitcollaborationbranch) | string | The collaboration branch name. Default is 'main'. |
+| [`gitConfigureLater`](#parameter-gitconfigurelater) | bool | Boolean to define whether or not to configure git during template deployment. |
+| [`gitDisablePublish`](#parameter-gitdisablepublish) | bool | Disable manual publish operation in ADF studio to favor automated publish. |
+| [`gitHostName`](#parameter-githostname) | string | The GitHub Enterprise Server host (prefixed with 'https://'). Only relevant for 'FactoryGitHubConfiguration'. |
+| [`gitProjectName`](#parameter-gitprojectname) | string | The project name. Only relevant for 'FactoryVSTSConfiguration'. |
+| [`gitRepositoryName`](#parameter-gitrepositoryname) | string | The repository name. |
+| [`gitRepoType`](#parameter-gitrepotype) | string | Repository type - can be 'FactoryVSTSConfiguration' or 'FactoryGitHubConfiguration'. Default is 'FactoryVSTSConfiguration'. |
+| [`gitRootFolder`](#parameter-gitrootfolder) | string | The root folder path name. Default is '/'. |
+| [`globalParameters`](#parameter-globalparameters) | object | List of Global Parameters for the factory. |
+| [`integrationRuntimes`](#parameter-integrationruntimes) | array | An array of objects for the configuration of an Integration Runtime. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`managedPrivateEndpoints`](#parameter-managedprivateendpoints) | array | An array of managed private endpoints objects created in the Data Factory managed virtual network. |
+| [`managedVirtualNetworkName`](#parameter-managedvirtualnetworkname) | string | The name of the Managed Virtual Network. |
+| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+
+### Parameter: `cMKKeyName`
+
+The name of the customer managed key to use for encryption.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVaultResourceId`
+
+The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVersion`
+
+The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKUserAssignedIdentityResourceId`
+
+User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', ActivityRuns, allLogs, PipelineRuns, SSISIntegrationRuntimeLogs, SSISPackageEventMessageContext, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, TriggerRuns]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `gitAccountName`
+
+The account name.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `gitCollaborationBranch`
+
+The collaboration branch name. Default is 'main'.
+- Required: No
+- Type: string
+- Default: `'main'`
+
+### Parameter: `gitConfigureLater`
+
+Boolean to define whether or not to configure git during template deployment.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `gitDisablePublish`
+
+Disable manual publish operation in ADF studio to favor automated publish.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `gitHostName`
+
+The GitHub Enterprise Server host (prefixed with 'https://'). Only relevant for 'FactoryGitHubConfiguration'.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `gitProjectName`
+
+The project name. Only relevant for 'FactoryVSTSConfiguration'.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `gitRepositoryName`
+
+The repository name.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `gitRepoType`
+
+Repository type - can be 'FactoryVSTSConfiguration' or 'FactoryGitHubConfiguration'. Default is 'FactoryVSTSConfiguration'.
+- Required: No
+- Type: string
+- Default: `'FactoryVSTSConfiguration'`
+
+### Parameter: `gitRootFolder`
+
+The root folder path name. Default is '/'.
+- Required: No
+- Type: string
+- Default: `'/'`
+
+### Parameter: `globalParameters`
+
+List of Global Parameters for the factory.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `integrationRuntimes`
+
+An array of objects for the configuration of an Integration Runtime.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `managedPrivateEndpoints`
+
+An array of managed private endpoints objects created in the Data Factory managed virtual network.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `managedVirtualNetworkName`
+
+The name of the Managed Virtual Network.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+The name of the Azure Factory to create.
+- Required: Yes
+- Type: string
+
+### Parameter: `privateEndpoints`
+
+Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `publicNetworkAccess`
+
+Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Disabled, Enabled]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The Name of the Azure Data Factory instance. |
+| `resourceGroupName` | string | The name of the Resource Group with the Data factory. |
+| `resourceId` | string | The Resource ID of the Data factory. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/private-endpoint` | Local reference |
+
 ## Notes
 
 ### Parameter Usage: `managedPrivateEndpoints`
diff --git a/modules/data-factory/factory/integration-runtime/README.md b/modules/data-factory/factory/integration-runtime/README.md
index 420d090782..27111ad237 100644
--- a/modules/data-factory/factory/integration-runtime/README.md
+++ b/modules/data-factory/factory/integration-runtime/README.md
@@ -4,13 +4,13 @@ This module deploys a Data Factory Managed or Self-Hosted Integration Runtime.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
 - [Notes](#Notes)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -20,29 +20,69 @@ This module deploys a Data Factory Managed or Self-Hosted Integration Runtime.
 
 **Required parameters**
 
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `name` | string |  | The name of the Integration Runtime. |
-| `type` | string | `[Managed, SelfHosted]` | The type of Integration Runtime. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the Integration Runtime. |
+| [`type`](#parameter-type) | string | The type of Integration Runtime. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `dataFactoryName` | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. |
+| [`dataFactoryName`](#parameter-datafactoryname) | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `managedVirtualNetworkName` | string | `''` | The name of the Managed Virtual Network if using type "Managed" . |
-| `typeProperties` | object | `{object}` | Integration Runtime type properties. Required if type is "Managed". |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`managedVirtualNetworkName`](#parameter-managedvirtualnetworkname) | string | The name of the Managed Virtual Network if using type "Managed" . |
+| [`typeProperties`](#parameter-typeproperties) | object | Integration Runtime type properties. Required if type is "Managed". |
+
+### Parameter: `dataFactoryName`
+
+The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `managedVirtualNetworkName`
+
+The name of the Managed Virtual Network if using type "Managed" .
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+The name of the Integration Runtime.
+- Required: Yes
+- Type: string
+
+### Parameter: `type`
+
+The type of Integration Runtime.
+- Required: Yes
+- Type: string
+- Allowed: `[Managed, SelfHosted]`
+
+### Parameter: `typeProperties`
+
+Integration Runtime type properties. Required if type is "Managed".
+- Required: No
+- Type: object
+- Default: `{object}`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the Integration Runtime. |
 | `resourceGroupName` | string | The name of the Resource Group the Integration Runtime was created in. |
diff --git a/modules/data-factory/factory/integration-runtime/main.json b/modules/data-factory/factory/integration-runtime/main.json
index bb811c619f..1622eb4e06 100644
--- a/modules/data-factory/factory/integration-runtime/main.json
+++ b/modules/data-factory/factory/integration-runtime/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "3532154338917341406"
+      "version": "0.22.6.54827",
+      "templateHash": "2407789138740487733"
     },
     "name": "Data Factory Integration RunTimes",
     "description": "This module deploys a Data Factory Managed or Self-Hosted Integration Runtime.",
diff --git a/modules/data-factory/factory/main.json b/modules/data-factory/factory/main.json
index 377ac5f940..ca428834bc 100644
--- a/modules/data-factory/factory/main.json
+++ b/modules/data-factory/factory/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "636961564143694705"
+      "version": "0.22.6.54827",
+      "templateHash": "5636410891768038353"
     },
     "name": "Data Factories",
     "description": "This module deploys a Data Factory.",
@@ -396,8 +396,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "7244200630080980053"
+              "version": "0.22.6.54827",
+              "templateHash": "14273608975905052502"
             },
             "name": "Data Factory Managed Virtual Networks",
             "description": "This module deploys a Data Factory Managed Virtual Network.",
@@ -497,8 +497,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "8218881783737158619"
+                      "version": "0.22.6.54827",
+                      "templateHash": "1490870890954327678"
                     },
                     "name": "Data Factory Managed Virtual Network Managed PrivateEndpoints",
                     "description": "This module deploys a Data Factory Managed Virtual Network Managed Private Endpoint.",
@@ -666,8 +666,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "1297850532911310740"
+              "version": "0.22.6.54827",
+              "templateHash": "2407789138740487733"
             },
             "name": "Data Factory Integration RunTimes",
             "description": "This module deploys a Data Factory Managed or Self-Hosted Integration Runtime.",
@@ -810,8 +810,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "18228102662712097574"
+              "version": "0.22.6.54827",
+              "templateHash": "18126264566074899156"
             }
           },
           "parameters": {
@@ -971,8 +971,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "14580007913383558904"
+              "version": "0.22.6.54827",
+              "templateHash": "2884140170473394983"
             },
             "name": "Private Endpoints",
             "description": "This module deploys a Private Endpoint.",
@@ -1171,8 +1171,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "2469208411936339153"
+                      "version": "0.22.6.54827",
+                      "templateHash": "5610247137574346230"
                     },
                     "name": "Private Endpoint Private DNS Zone Groups",
                     "description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -1309,8 +1309,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "13032708393704093995"
+                      "version": "0.22.6.54827",
+                      "templateHash": "14351187799927334028"
                     }
                   },
                   "parameters": {
diff --git a/modules/data-factory/factory/managed-virtual-network/README.md b/modules/data-factory/factory/managed-virtual-network/README.md
index cda18555b9..59b92e31fe 100644
--- a/modules/data-factory/factory/managed-virtual-network/README.md
+++ b/modules/data-factory/factory/managed-virtual-network/README.md
@@ -4,13 +4,13 @@ This module deploys a Data Factory Managed Virtual Network.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
 - [Notes](#Notes)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -21,27 +21,53 @@ This module deploys a Data Factory Managed Virtual Network.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `name` | string | The name of the Managed Virtual Network. |
+| [`name`](#parameter-name) | string | The name of the Managed Virtual Network. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `dataFactoryName` | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. |
+| [`dataFactoryName`](#parameter-datafactoryname) | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `managedPrivateEndpoints` | array | `[]` | An array of managed private endpoints objects created in the Data Factory managed virtual network. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`managedPrivateEndpoints`](#parameter-managedprivateendpoints) | array | An array of managed private endpoints objects created in the Data Factory managed virtual network. |
+
+### Parameter: `dataFactoryName`
+
+The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `managedPrivateEndpoints`
+
+An array of managed private endpoints objects created in the Data Factory managed virtual network.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `name`
+
+The name of the Managed Virtual Network.
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the Managed Virtual Network. |
 | `resourceGroupName` | string | The name of the Resource Group the Managed Virtual Network was created in. |
diff --git a/modules/data-factory/factory/managed-virtual-network/main.json b/modules/data-factory/factory/managed-virtual-network/main.json
index 2885cf59b4..96dc5dd33b 100644
--- a/modules/data-factory/factory/managed-virtual-network/main.json
+++ b/modules/data-factory/factory/managed-virtual-network/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "12310194736024387290"
+      "version": "0.22.6.54827",
+      "templateHash": "14273608975905052502"
     },
     "name": "Data Factory Managed Virtual Networks",
     "description": "This module deploys a Data Factory Managed Virtual Network.",
@@ -105,8 +105,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.20.4.51522",
-              "templateHash": "17089196483393073819"
+              "version": "0.22.6.54827",
+              "templateHash": "1490870890954327678"
             },
             "name": "Data Factory Managed Virtual Network Managed PrivateEndpoints",
             "description": "This module deploys a Data Factory Managed Virtual Network Managed Private Endpoint.",
diff --git a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md
index 7d3631961a..8d1265830d 100644
--- a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md
+++ b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md
@@ -19,30 +19,73 @@ This module deploys a Data Factory Managed Virtual Network Managed Private Endpo
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `fqdns` | array | Fully qualified domain names. |
-| `groupId` | string | The groupId to which the managed private endpoint is created. |
-| `managedVirtualNetworkName` | string | The name of the parent managed virtual network. |
-| `name` | string | The managed private endpoint resource name. |
-| `privateLinkResourceId` | string | The ARM resource ID of the resource to which the managed private endpoint is created. |
+| [`fqdns`](#parameter-fqdns) | array | Fully qualified domain names. |
+| [`groupId`](#parameter-groupid) | string | The groupId to which the managed private endpoint is created. |
+| [`managedVirtualNetworkName`](#parameter-managedvirtualnetworkname) | string | The name of the parent managed virtual network. |
+| [`name`](#parameter-name) | string | The managed private endpoint resource name. |
+| [`privateLinkResourceId`](#parameter-privatelinkresourceid) | string | The ARM resource ID of the resource to which the managed private endpoint is created. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `dataFactoryName` | string | The name of the parent data factory. Required if the template is used in a standalone deployment. |
+| [`dataFactoryName`](#parameter-datafactoryname) | string | The name of the parent data factory. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+
+### Parameter: `dataFactoryName`
+
+The name of the parent data factory. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `fqdns`
+
+Fully qualified domain names.
+- Required: Yes
+- Type: array
+
+### Parameter: `groupId`
+
+The groupId to which the managed private endpoint is created.
+- Required: Yes
+- Type: string
+
+### Parameter: `managedVirtualNetworkName`
+
+The name of the parent managed virtual network.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The managed private endpoint resource name.
+- Required: Yes
+- Type: string
+
+### Parameter: `privateLinkResourceId`
+
+The ARM resource ID of the resource to which the managed private endpoint is created.
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the deployed managed private endpoint. |
 | `resourceGroupName` | string | The resource group of the deployed managed private endpoint. |
diff --git a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json
index aa4a6643bf..96606099ca 100644
--- a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json
+++ b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "17089196483393073819"
+      "version": "0.22.6.54827",
+      "templateHash": "1490870890954327678"
     },
     "name": "Data Factory Managed Virtual Network Managed PrivateEndpoints",
     "description": "This module deploys a Data Factory Managed Virtual Network Managed Private Endpoint.",
diff --git a/modules/data-protection/backup-vault/.test/common/main.test.bicep b/modules/data-protection/backup-vault/.test/common/main.test.bicep
index 218affe3d4..18be93ad16 100644
--- a/modules/data-protection/backup-vault/.test/common/main.test.bicep
+++ b/modules/data-protection/backup-vault/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/data-protection/backup-vault/.test/min/main.test.bicep b/modules/data-protection/backup-vault/.test/min/main.test.bicep
index 8fdcfd95c0..e96ec60caf 100644
--- a/modules/data-protection/backup-vault/.test/min/main.test.bicep
+++ b/modules/data-protection/backup-vault/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/data-protection/backup-vault/README.md b/modules/data-protection/backup-vault/README.md
index f0e7d4caee..0e772779bd 100644
--- a/modules/data-protection/backup-vault/README.md
+++ b/modules/data-protection/backup-vault/README.md
@@ -5,10 +5,10 @@ This module deploys a Data Protection Backup Vault.
 ## Navigation
 
 - [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 - [Notes](#Notes)
 
 ## Resource Types
@@ -20,61 +20,29 @@ This module deploys a Data Protection Backup Vault.
 | `Microsoft.DataProtection/backupVaults` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DataProtection/backupVaults) |
 | `Microsoft.DataProtection/backupVaults/backupPolicies` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DataProtection/backupVaults/backupPolicies) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Backup Vault. |
+## Usage examples
 
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `azureMonitorAlertSettingsAlertsForAllJobFailures` | string | `'Enabled'` | `[Disabled, Enabled]` | Settings for Azure Monitor based alerts for job failures. |
-| `backupPolicies` | array | `[]` |  | List of all backup policies. |
-| `dataStoreType` | string | `'VaultStore'` | `[ArchiveStore, OperationalStore, VaultStore]` | The datastore type to use. ArchiveStore does not support ZoneRedundancy. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `featureSettings` | object | `{object}` |  | Feature settings for the backup vault. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `securitySettings` | object | `{object}` |  | Security settings for the backup vault. |
-| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` |  | Tags of the Recovery Service Vault resource. |
-| `type` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ZoneRedundant]` | The vault redundancy level to use. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The Name of the backup vault. |
-| `resourceGroupName` | string | The name of the resource group the recovery services vault was created in. |
-| `resourceId` | string | The resource ID of the backup vault. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/data-protection.backup-vault:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module backupVault './data-protection/backup-vault/main.bicep' = {
+module backupVault 'br:bicep/modules/data-protection.backup-vault:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dpbvcom'
   params: {
     // Required parameters
@@ -282,14 +250,17 @@ module backupVault './data-protection/backup-vault/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module backupVault './data-protection/backup-vault/main.bicep' = {
+module backupVault 'br:bicep/modules/data-protection.backup-vault:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dpbvmin'
   params: {
     // Required parameters
@@ -328,6 +299,140 @@ module backupVault './data-protection/backup-vault/main.bicep' = {
 <p>
 
 
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Backup Vault. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`azureMonitorAlertSettingsAlertsForAllJobFailures`](#parameter-azuremonitoralertsettingsalertsforalljobfailures) | string | Settings for Azure Monitor based alerts for job failures. |
+| [`backupPolicies`](#parameter-backuppolicies) | array | List of all backup policies. |
+| [`dataStoreType`](#parameter-datastoretype) | string | The datastore type to use. ArchiveStore does not support ZoneRedundancy. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`featureSettings`](#parameter-featuresettings) | object | Feature settings for the backup vault. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`securitySettings`](#parameter-securitysettings) | object | Security settings for the backup vault. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the Recovery Service Vault resource. |
+| [`type`](#parameter-type) | string | The vault redundancy level to use. |
+
+### Parameter: `azureMonitorAlertSettingsAlertsForAllJobFailures`
+
+Settings for Azure Monitor based alerts for job failures.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `backupPolicies`
+
+List of all backup policies.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `dataStoreType`
+
+The datastore type to use. ArchiveStore does not support ZoneRedundancy.
+- Required: No
+- Type: string
+- Default: `'VaultStore'`
+- Allowed: `[ArchiveStore, OperationalStore, VaultStore]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `featureSettings`
+
+Feature settings for the backup vault.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of the Backup Vault.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `securitySettings`
+
+Security settings for the backup vault.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the Recovery Service Vault resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `type`
+
+The vault redundancy level to use.
+- Required: No
+- Type: string
+- Default: `'GeoRedundant'`
+- Allowed: `[GeoRedundant, LocallyRedundant, ZoneRedundant]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The Name of the backup vault. |
+| `resourceGroupName` | string | The name of the resource group the recovery services vault was created in. |
+| `resourceId` | string | The resource ID of the backup vault. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+_None_
+
 ## Notes
 
 ### Parameter Usage: `backupPolicies`
diff --git a/modules/data-protection/backup-vault/backup-policy/README.md b/modules/data-protection/backup-vault/backup-policy/README.md
index dea9657139..169a76f3d5 100644
--- a/modules/data-protection/backup-vault/backup-policy/README.md
+++ b/modules/data-protection/backup-vault/backup-policy/README.md
@@ -20,22 +20,49 @@ This module deploys a Data Protection Backup Vault Backup Policy.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `backupVaultName` | string | The name of the backup vault. |
+| [`backupVaultName`](#parameter-backupvaultname) | string | The name of the backup vault. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `name` | string | `'DefaultPolicy'` | The name of the backup policy. |
-| `properties` | object | `{object}` | The properties of the backup policy. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`name`](#parameter-name) | string | The name of the backup policy. |
+| [`properties`](#parameter-properties) | object | The properties of the backup policy. |
+
+### Parameter: `backupVaultName`
+
+The name of the backup vault.
+- Required: Yes
+- Type: string
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the backup policy.
+- Required: No
+- Type: string
+- Default: `'DefaultPolicy'`
+
+### Parameter: `properties`
+
+The properties of the backup policy.
+- Required: No
+- Type: object
+- Default: `{object}`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the backup policy. |
 | `resourceGroupName` | string | The name of the resource group the backup policy was created in. |
diff --git a/modules/data-protection/backup-vault/backup-policy/main.json b/modules/data-protection/backup-vault/backup-policy/main.json
index 259cf9ab04..9717619f41 100644
--- a/modules/data-protection/backup-vault/backup-policy/main.json
+++ b/modules/data-protection/backup-vault/backup-policy/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "13351591046039775322"
+      "version": "0.22.6.54827",
+      "templateHash": "4068293382331739919"
     },
     "name": "Data Protection Backup Vault Backup Policies",
     "description": "This module deploys a Data Protection Backup Vault Backup Policy.",
diff --git a/modules/data-protection/backup-vault/main.json b/modules/data-protection/backup-vault/main.json
index 6f38347abd..0251fbd6b9 100644
--- a/modules/data-protection/backup-vault/main.json
+++ b/modules/data-protection/backup-vault/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "9192043285599381556"
+      "version": "0.22.6.54827",
+      "templateHash": "758221244478675783"
     },
     "name": "Data Protection Backup Vaults",
     "description": "This module deploys a Data Protection Backup Vault.",
@@ -212,8 +212,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "7012714576885585177"
+              "version": "0.22.6.54827",
+              "templateHash": "4068293382331739919"
             },
             "name": "Data Protection Backup Vault Backup Policies",
             "description": "This module deploys a Data Protection Backup Vault Backup Policy.",
@@ -333,8 +333,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "5799522460784182968"
+              "version": "0.22.6.54827",
+              "templateHash": "14959625805292931026"
             }
           },
           "parameters": {
diff --git a/modules/databricks/access-connector/.test/common/main.test.bicep b/modules/databricks/access-connector/.test/common/main.test.bicep
index e6854b68ae..81dfb69963 100644
--- a/modules/databricks/access-connector/.test/common/main.test.bicep
+++ b/modules/databricks/access-connector/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/databricks/access-connector/.test/min/main.test.bicep b/modules/databricks/access-connector/.test/min/main.test.bicep
index 3a950aaa5f..1c8b923b29 100644
--- a/modules/databricks/access-connector/.test/min/main.test.bicep
+++ b/modules/databricks/access-connector/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/databricks/access-connector/README.md b/modules/databricks/access-connector/README.md
index d530fdb979..0d47ea63d1 100644
--- a/modules/databricks/access-connector/README.md
+++ b/modules/databricks/access-connector/README.md
@@ -5,10 +5,10 @@ This module deploys an Azure Databricks Access Connector.
 ## Navigation
 
 - [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
 ## Resource Types
 
@@ -18,55 +18,29 @@ This module deploys an Azure Databricks Access Connector.
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 | `Microsoft.Databricks/accessConnectors` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Databricks/2022-10-01-preview/accessConnectors) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the Azure Databricks access connector to create. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` |  | Location for all Resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `userAssignedIdentities` | object | `{object}` |  | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. |
+## Usage examples
 
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the deployed access connector. |
-| `resourceGroupName` | string | The resource group of the deployed access connector. |
-| `resourceId` | string | The resource ID of the deployed access connector. |
-
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/databricks.access-connector:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module accessConnector './databricks/access-connector/main.bicep' = {
+module accessConnector 'br:bicep/modules/databricks.access-connector:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-daccom'
   params: {
     // Required parameters
@@ -156,14 +130,17 @@ module accessConnector './databricks/access-connector/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module accessConnector './databricks/access-connector/main.bicep' = {
+module accessConnector 'br:bicep/modules/databricks.access-connector:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dacmin'
   params: {
     // Required parameters
@@ -200,3 +177,94 @@ module accessConnector './databricks/access-connector/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the Azure Databricks access connector to create. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the Azure Databricks access connector to create.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the deployed access connector. |
+| `resourceGroupName` | string | The resource group of the deployed access connector. |
+| `resourceId` | string | The resource ID of the deployed access connector. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/databricks/access-connector/main.json b/modules/databricks/access-connector/main.json
index 0dff655dda..e7e834fff8 100644
--- a/modules/databricks/access-connector/main.json
+++ b/modules/databricks/access-connector/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "18141386081798006601"
+      "version": "0.22.6.54827",
+      "templateHash": "8282781227910546878"
     },
     "name": "Azure Databricks Access Connectors",
     "description": "This module deploys an Azure Databricks Access Connector.",
@@ -149,8 +149,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "8744521398620405286"
+              "version": "0.22.6.54827",
+              "templateHash": "9290418788736930611"
             }
           },
           "parameters": {
diff --git a/modules/databricks/workspace/.test/common/main.test.bicep b/modules/databricks/workspace/.test/common/main.test.bicep
index 9dbc424bf9..cd9bef2b09 100644
--- a/modules/databricks/workspace/.test/common/main.test.bicep
+++ b/modules/databricks/workspace/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/databricks/workspace/.test/min/main.test.bicep b/modules/databricks/workspace/.test/min/main.test.bicep
index 85cd2ef8dc..00e0a9cd89 100644
--- a/modules/databricks/workspace/.test/min/main.test.bicep
+++ b/modules/databricks/workspace/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/databricks/workspace/README.md b/modules/databricks/workspace/README.md
index 064f045a46..9a20519101 100644
--- a/modules/databricks/workspace/README.md
+++ b/modules/databricks/workspace/README.md
@@ -4,14 +4,14 @@ This module deploys an Azure Databricks Workspace.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 - [Notes](#Notes)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -22,94 +22,29 @@ This module deploys an Azure Databricks Workspace.
 | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) |
 | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the Azure Databricks workspace to create. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `cMKManagedDisksKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
-| `cMKManagedServicesKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
+## Usage examples
 
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `amlWorkspaceResourceId` | string | `''` |  | The resource ID of a Azure Machine Learning workspace to link with Databricks workspace. |
-| `cMKManagedDisksKeyName` | string | `''` |  | The name of the customer managed key to use for encryption. |
-| `cMKManagedDisksKeyRotationToLatestKeyVersionEnabled` | bool | `True` |  | Enable Auto Rotation of Key. |
-| `cMKManagedDisksKeyVersion` | string | `''` |  | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
-| `cMKManagedServicesKeyName` | string | `''` |  | The name of the customer managed key to use for encryption. |
-| `cMKManagedServicesKeyVersion` | string | `''` |  | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
-| `customPrivateSubnetName` | string | `''` |  | The name of the Private Subnet within the Virtual Network. |
-| `customPublicSubnetName` | string | `''` |  | The name of a Public Subnet within the Virtual Network. |
-| `customVirtualNetworkResourceId` | string | `''` |  | The resource ID of a Virtual Network where this Databricks Cluster should be created. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', accounts, allLogs, clusters, dbfs, instancePools, jobs, notebook, secrets, sqlPermissions, ssh, workspace]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticSettingsName` | string | `''` |  | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `disablePublicIp` | bool | `False` |  | Disable Public IP. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `loadBalancerBackendPoolName` | string | `''` |  | Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). |
-| `loadBalancerResourceId` | string | `''` |  | Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all Resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `managedResourceGroupResourceId` | string | `''` |  | The managed resource group ID. It is created by the module as per the to-be resource ID you provide. |
-| `natGatewayName` | string | `''` |  | Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. |
-| `prepareEncryption` | bool | `False` |  | Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. |
-| `privateEndpoints` | array | `[]` |  | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
-| `publicIpName` | string | `''` |  | Name of the Public IP for No Public IP workspace with managed vNet. |
-| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | 	The network access type for accessing workspace. Set value to disabled to access workspace only via private link. |
-| `requiredNsgRules` | string | `'AllRules'` | `[AllRules, NoAzureDatabricksRules]` | Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. |
-| `requireInfrastructureEncryption` | bool | `False` |  | A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `skuName` | string | `'premium'` | `[premium, standard, trial]` | The pricing tier of workspace. |
-| `storageAccountName` | string | `''` |  | Default DBFS storage account name. |
-| `storageAccountSkuName` | string | `'Standard_GRS'` |  | Storage account SKU name. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `vnetAddressPrefix` | string | `'10.139'` |  | Address prefix for Managed virtual network. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the deployed databricks workspace. |
-| `resourceGroupName` | string | The resource group of the deployed databricks workspace. |
-| `resourceId` | string | The resource ID of the deployed databricks workspace. |
-
-## Cross-referenced modules
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/databricks.workspace:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module workspace './databricks/workspace/main.bicep' = {
+module workspace 'br:bicep/modules/databricks.workspace:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dwcom'
   params: {
     // Required parameters
@@ -341,14 +276,17 @@ module workspace './databricks/workspace/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module workspace './databricks/workspace/main.bicep' = {
+module workspace 'br:bicep/modules/databricks.workspace:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dwmin'
   params: {
     // Required parameters
@@ -387,6 +325,349 @@ module workspace './databricks/workspace/main.bicep' = {
 <p>
 
 
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the Azure Databricks workspace to create. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKManagedDisksKeyVaultResourceId`](#parameter-cmkmanageddiskskeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
+| [`cMKManagedServicesKeyVaultResourceId`](#parameter-cmkmanagedserviceskeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`amlWorkspaceResourceId`](#parameter-amlworkspaceresourceid) | string | The resource ID of a Azure Machine Learning workspace to link with Databricks workspace. |
+| [`cMKManagedDisksKeyName`](#parameter-cmkmanageddiskskeyname) | string | The name of the customer managed key to use for encryption. |
+| [`cMKManagedDisksKeyRotationToLatestKeyVersionEnabled`](#parameter-cmkmanageddiskskeyrotationtolatestkeyversionenabled) | bool | Enable Auto Rotation of Key. |
+| [`cMKManagedDisksKeyVersion`](#parameter-cmkmanageddiskskeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
+| [`cMKManagedServicesKeyName`](#parameter-cmkmanagedserviceskeyname) | string | The name of the customer managed key to use for encryption. |
+| [`cMKManagedServicesKeyVersion`](#parameter-cmkmanagedserviceskeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
+| [`customPrivateSubnetName`](#parameter-customprivatesubnetname) | string | The name of the Private Subnet within the Virtual Network. |
+| [`customPublicSubnetName`](#parameter-custompublicsubnetname) | string | The name of a Public Subnet within the Virtual Network. |
+| [`customVirtualNetworkResourceId`](#parameter-customvirtualnetworkresourceid) | string | The resource ID of a Virtual Network where this Databricks Cluster should be created. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`disablePublicIp`](#parameter-disablepublicip) | bool | Disable Public IP. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`loadBalancerBackendPoolName`](#parameter-loadbalancerbackendpoolname) | string | Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). |
+| [`loadBalancerResourceId`](#parameter-loadbalancerresourceid) | string | Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`managedResourceGroupResourceId`](#parameter-managedresourcegroupresourceid) | string | The managed resource group ID. It is created by the module as per the to-be resource ID you provide. |
+| [`natGatewayName`](#parameter-natgatewayname) | string | Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. |
+| [`prepareEncryption`](#parameter-prepareencryption) | bool | Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. |
+| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
+| [`publicIpName`](#parameter-publicipname) | string | Name of the Public IP for No Public IP workspace with managed vNet. |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | 	The network access type for accessing workspace. Set value to disabled to access workspace only via private link. |
+| [`requiredNsgRules`](#parameter-requirednsgrules) | string | Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. |
+| [`requireInfrastructureEncryption`](#parameter-requireinfrastructureencryption) | bool | A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`skuName`](#parameter-skuname) | string | The pricing tier of workspace. |
+| [`storageAccountName`](#parameter-storageaccountname) | string | Default DBFS storage account name. |
+| [`storageAccountSkuName`](#parameter-storageaccountskuname) | string | Storage account SKU name. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`vnetAddressPrefix`](#parameter-vnetaddressprefix) | string | Address prefix for Managed virtual network. |
+
+### Parameter: `amlWorkspaceResourceId`
+
+The resource ID of a Azure Machine Learning workspace to link with Databricks workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKManagedDisksKeyName`
+
+The name of the customer managed key to use for encryption.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKManagedDisksKeyRotationToLatestKeyVersionEnabled`
+
+Enable Auto Rotation of Key.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `cMKManagedDisksKeyVaultResourceId`
+
+The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKManagedDisksKeyVersion`
+
+The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKManagedServicesKeyName`
+
+The name of the customer managed key to use for encryption.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKManagedServicesKeyVaultResourceId`
+
+The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKManagedServicesKeyVersion`
+
+The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `customPrivateSubnetName`
+
+The name of the Private Subnet within the Virtual Network.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `customPublicSubnetName`
+
+The name of a Public Subnet within the Virtual Network.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `customVirtualNetworkResourceId`
+
+The resource ID of a Virtual Network where this Databricks Cluster should be created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', accounts, allLogs, clusters, dbfs, instancePools, jobs, notebook, secrets, sqlPermissions, ssh, workspace]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `disablePublicIp`
+
+Disable Public IP.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `loadBalancerBackendPoolName`
+
+Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP).
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `loadBalancerResourceId`
+
+Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `managedResourceGroupResourceId`
+
+The managed resource group ID. It is created by the module as per the to-be resource ID you provide.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+The name of the Azure Databricks workspace to create.
+- Required: Yes
+- Type: string
+
+### Parameter: `natGatewayName`
+
+Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `prepareEncryption`
+
+Prepare the workspace for encryption. Enables the Managed Identity for managed storage account.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `privateEndpoints`
+
+Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `publicIpName`
+
+Name of the Public IP for No Public IP workspace with managed vNet.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `publicNetworkAccess`
+
+	The network access type for accessing workspace. Set value to disabled to access workspace only via private link.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `requiredNsgRules`
+
+Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint.
+- Required: No
+- Type: string
+- Default: `'AllRules'`
+- Allowed: `[AllRules, NoAzureDatabricksRules]`
+
+### Parameter: `requireInfrastructureEncryption`
+
+A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `skuName`
+
+The pricing tier of workspace.
+- Required: No
+- Type: string
+- Default: `'premium'`
+- Allowed: `[premium, standard, trial]`
+
+### Parameter: `storageAccountName`
+
+Default DBFS storage account name.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `storageAccountSkuName`
+
+Storage account SKU name.
+- Required: No
+- Type: string
+- Default: `'Standard_GRS'`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `vnetAddressPrefix`
+
+Address prefix for Managed virtual network.
+- Required: No
+- Type: string
+- Default: `'10.139'`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the deployed databricks workspace. |
+| `resourceGroupName` | string | The resource group of the deployed databricks workspace. |
+| `resourceId` | string | The resource ID of the deployed databricks workspace. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/private-endpoint` | Local reference |
+
 ## Notes
 
 ### Parameter Usage: `customPublicSubnetName` and `customPrivateSubnetName`
diff --git a/modules/databricks/workspace/main.json b/modules/databricks/workspace/main.json
index f9dd854434..c729c6ec4f 100644
--- a/modules/databricks/workspace/main.json
+++ b/modules/databricks/workspace/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "4229571861676210045"
+      "version": "0.22.6.54827",
+      "templateHash": "11204795410714061974"
     },
     "name": "Azure Databricks Workspaces",
     "description": "This module deploys an Azure Databricks Workspace.",
@@ -423,8 +423,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "6437441931020419683"
+              "version": "0.22.6.54827",
+              "templateHash": "3551736854871241675"
             }
           },
           "parameters": {
@@ -583,8 +583,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "14580007913383558904"
+              "version": "0.22.6.54827",
+              "templateHash": "2884140170473394983"
             },
             "name": "Private Endpoints",
             "description": "This module deploys a Private Endpoint.",
@@ -783,8 +783,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "2469208411936339153"
+                      "version": "0.22.6.54827",
+                      "templateHash": "5610247137574346230"
                     },
                     "name": "Private Endpoint Private DNS Zone Groups",
                     "description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -921,8 +921,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.21.1.54444",
-                      "templateHash": "13032708393704093995"
+                      "version": "0.22.6.54827",
+                      "templateHash": "14351187799927334028"
                     }
                   },
                   "parameters": {
diff --git a/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep b/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep
index 49cc626f3d..61b5a01a27 100644
--- a/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep
+++ b/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/db-for-my-sql/flexible-server/README.md b/modules/db-for-my-sql/flexible-server/README.md
index 613aacfd8d..54064d38b2 100644
--- a/modules/db-for-my-sql/flexible-server/README.md
+++ b/modules/db-for-my-sql/flexible-server/README.md
@@ -5,10 +5,10 @@ This module deploys a DBforMySQL Flexible Server.
 ## Navigation
 
 - [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
 ## Resource Types
 
@@ -22,97 +22,30 @@ This module deploys a DBforMySQL Flexible Server.
 | `Microsoft.DBforMySQL/flexibleServers/firewallRules` | [2022-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2022-01-01/flexibleServers/firewallRules) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `name` | string |  | The name of the MySQL flexible server. |
-| `skuName` | string |  | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. |
-| `tier` | string | `[Burstable, GeneralPurpose, MemoryOptimized]` | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `cMKKeyVaultResourceId` | string | `''` |  | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. |
-| `cMKUserAssignedIdentityResourceId` | string | `''` |  | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. |
-| `geoBackupCMKKeyVaultResourceId` | string | `''` |  | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". |
-| `geoBackupCMKUserAssignedIdentityResourceId` | string | `''` |  | Geo backup user identity resource ID as identity cant cross region, need identity in same region as geo backup. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". |
-| `privateDnsZoneResourceId` | string | `''` |  | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server. |
-| `restorePointInTime` | string | `''` |  | Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore". |
-| `sourceServerResourceId` | string | `''` |  | The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore". |
-| `storageAutoGrow` | string | `'Disabled'` | `[Disabled, Enabled]` | Enable Storage Auto Grow or not. Storage auto-growth prevents a server from running out of storage and becoming read-only. Required if "highAvailability" is not "Disabled". |
-| `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. Required if "cMKKeyName" is not empty. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `administratorLogin` | string | `''` |  | The administrator login name of a server. Can only be specified when the MySQL server is being created. |
-| `administratorLoginPassword` | securestring | `''` |  | The administrator login password. |
-| `administrators` | array | `[]` |  | The Azure AD administrators when AAD authentication enabled. |
-| `availabilityZone` | string | `''` | `['', 1, 2, 3]` | Availability zone information of the server. Default will have no preference set. |
-| `backupRetentionDays` | int | `7` |  | Backup retention days for the server. |
-| `cMKKeyName` | string | `''` |  | The name of the customer managed key to use for encryption. |
-| `cMKKeyVersion` | string | `''` |  | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
-| `createMode` | string | `'Default'` | `[Default, GeoRestore, PointInTimeRestore, Replica]` | The mode to create a new MySQL server. |
-| `databases` | array | `[]` |  | The databases to create in the server. |
-| `delegatedSubnetResourceId` | string | `''` |  | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. Delegation must be enabled on the subnet for MySQL Flexible Servers and subnet CIDR size is /29. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, MySqlAuditLogs, MySqlSlowLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` |  | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `firewallRules` | array | `[]` |  | The firewall rules to create in the MySQL flexible server. |
-| `geoBackupCMKKeyName` | string | `''` |  | The name of the customer managed key to use for encryption when geoRedundantBackup is "Enabled". |
-| `geoBackupCMKKeyVersion` | string | `''` |  | The version of the customer managed key to reference for encryption when geoRedundantBackup is "Enabled". If not provided, the latest key version is used. |
-| `geoRedundantBackup` | string | `'Disabled'` | `[Disabled, Enabled]` | A value indicating whether Geo-Redundant backup is enabled on the server. If "Enabled" and "cMKKeyName" is not empty, then "geoBackupCMKKeyVaultResourceId" and "cMKUserAssignedIdentityResourceId" are also required. |
-| `highAvailability` | string | `'Disabled'` | `[Disabled, SameZone, ZoneRedundant]` | The mode for High Availability (HA). It is not supported for the Burstable pricing tier and Zone redundant HA can only be set during server provisioning. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `maintenanceWindow` | object | `{object}` |  | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". |
-| `replicationRole` | string | `'None'` | `[None, Replica, Source]` | The replication role. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the "roleDefinitionIdOrName" and "principalId" to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11". |
-| `storageAutoIoScaling` | string | `'Disabled'` | `[Disabled, Enabled]` | Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs. |
-| `storageIOPS` | int | `1000` |  | Storage IOPS for a server. Max IOPS are determined by compute size. |
-| `storageSizeGB` | int | `64` | `[20, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]` | Max storage allowed for a server. In all compute tiers, the minimum storage supported is 20 GiB and maximum is 16 TiB. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `version` | string | `'5.7'` | `[5.7, 8.0.21]` | MySQL Server version. |
-
-
-## Outputs
+## Usage examples
 
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the deployed MySQL Flexible server. |
-| `resourceGroupName` | string | The resource group of the deployed MySQL Flexible server. |
-| `resourceId` | string | The resource ID of the deployed MySQL Flexible server. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/db-for-my-sql.flexible-server:1.0.0`.
 
-## Deployment examples
+- [Using only defaults](#example-1-using-only-defaults)
+- [Private](#example-2-private)
+- [Public](#example-3-public)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using only defaults_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with the minimum set of required parameters.
 
-<h3>Example 1: Min</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
+module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dfmsfsmin'
   params: {
     // Required parameters
@@ -166,14 +99,14 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Private</h3>
+### Example 2: _Private_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
+module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dfmsfspvt'
   params: {
     // Required parameters
@@ -351,14 +284,14 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 3: Public</h3>
+### Example 3: _Public_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
+module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dfmsfsp'
   params: {
     // Required parameters
@@ -595,3 +528,405 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the MySQL flexible server. |
+| [`skuName`](#parameter-skuname) | string | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. |
+| [`tier`](#parameter-tier) | string | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. |
+| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. |
+| [`geoBackupCMKKeyVaultResourceId`](#parameter-geobackupcmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". |
+| [`geoBackupCMKUserAssignedIdentityResourceId`](#parameter-geobackupcmkuserassignedidentityresourceid) | string | Geo backup user identity resource ID as identity cant cross region, need identity in same region as geo backup. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". |
+| [`privateDnsZoneResourceId`](#parameter-privatednszoneresourceid) | string | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server. |
+| [`restorePointInTime`](#parameter-restorepointintime) | string | Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore". |
+| [`sourceServerResourceId`](#parameter-sourceserverresourceid) | string | The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore". |
+| [`storageAutoGrow`](#parameter-storageautogrow) | string | Enable Storage Auto Grow or not. Storage auto-growth prevents a server from running out of storage and becoming read-only. Required if "highAvailability" is not "Disabled". |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if "cMKKeyName" is not empty. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`administratorLogin`](#parameter-administratorlogin) | string | The administrator login name of a server. Can only be specified when the MySQL server is being created. |
+| [`administratorLoginPassword`](#parameter-administratorloginpassword) | securestring | The administrator login password. |
+| [`administrators`](#parameter-administrators) | array | The Azure AD administrators when AAD authentication enabled. |
+| [`availabilityZone`](#parameter-availabilityzone) | string | Availability zone information of the server. Default will have no preference set. |
+| [`backupRetentionDays`](#parameter-backupretentiondays) | int | Backup retention days for the server. |
+| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. |
+| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
+| [`createMode`](#parameter-createmode) | string | The mode to create a new MySQL server. |
+| [`databases`](#parameter-databases) | array | The databases to create in the server. |
+| [`delegatedSubnetResourceId`](#parameter-delegatedsubnetresourceid) | string | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. Delegation must be enabled on the subnet for MySQL Flexible Servers and subnet CIDR size is /29. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`firewallRules`](#parameter-firewallrules) | array | The firewall rules to create in the MySQL flexible server. |
+| [`geoBackupCMKKeyName`](#parameter-geobackupcmkkeyname) | string | The name of the customer managed key to use for encryption when geoRedundantBackup is "Enabled". |
+| [`geoBackupCMKKeyVersion`](#parameter-geobackupcmkkeyversion) | string | The version of the customer managed key to reference for encryption when geoRedundantBackup is "Enabled". If not provided, the latest key version is used. |
+| [`geoRedundantBackup`](#parameter-georedundantbackup) | string | A value indicating whether Geo-Redundant backup is enabled on the server. If "Enabled" and "cMKKeyName" is not empty, then "geoBackupCMKKeyVaultResourceId" and "cMKUserAssignedIdentityResourceId" are also required. |
+| [`highAvailability`](#parameter-highavailability) | string | The mode for High Availability (HA). It is not supported for the Burstable pricing tier and Zone redundant HA can only be set during server provisioning. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`maintenanceWindow`](#parameter-maintenancewindow) | object | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". |
+| [`replicationRole`](#parameter-replicationrole) | string | The replication role. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the "roleDefinitionIdOrName" and "principalId" to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11". |
+| [`storageAutoIoScaling`](#parameter-storageautoioscaling) | string | Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs. |
+| [`storageIOPS`](#parameter-storageiops) | int | Storage IOPS for a server. Max IOPS are determined by compute size. |
+| [`storageSizeGB`](#parameter-storagesizegb) | int | Max storage allowed for a server. In all compute tiers, the minimum storage supported is 20 GiB and maximum is 16 TiB. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`version`](#parameter-version) | string | MySQL Server version. |
+
+### Parameter: `administratorLogin`
+
+The administrator login name of a server. Can only be specified when the MySQL server is being created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `administratorLoginPassword`
+
+The administrator login password.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `administrators`
+
+The Azure AD administrators when AAD authentication enabled.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `availabilityZone`
+
+Availability zone information of the server. Default will have no preference set.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', 1, 2, 3]`
+
+### Parameter: `backupRetentionDays`
+
+Backup retention days for the server.
+- Required: No
+- Type: int
+- Default: `7`
+
+### Parameter: `cMKKeyName`
+
+The name of the customer managed key to use for encryption.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVaultResourceId`
+
+The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVersion`
+
+The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKUserAssignedIdentityResourceId`
+
+User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `createMode`
+
+The mode to create a new MySQL server.
+- Required: No
+- Type: string
+- Default: `'Default'`
+- Allowed: `[Default, GeoRestore, PointInTimeRestore, Replica]`
+
+### Parameter: `databases`
+
+The databases to create in the server.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `delegatedSubnetResourceId`
+
+Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. Delegation must be enabled on the subnet for MySQL Flexible Servers and subnet CIDR size is /29.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, MySqlAuditLogs, MySqlSlowLogs]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `firewallRules`
+
+The firewall rules to create in the MySQL flexible server.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `geoBackupCMKKeyName`
+
+The name of the customer managed key to use for encryption when geoRedundantBackup is "Enabled".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `geoBackupCMKKeyVaultResourceId`
+
+The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `geoBackupCMKKeyVersion`
+
+The version of the customer managed key to reference for encryption when geoRedundantBackup is "Enabled". If not provided, the latest key version is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `geoBackupCMKUserAssignedIdentityResourceId`
+
+Geo backup user identity resource ID as identity cant cross region, need identity in same region as geo backup. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `geoRedundantBackup`
+
+A value indicating whether Geo-Redundant backup is enabled on the server. If "Enabled" and "cMKKeyName" is not empty, then "geoBackupCMKKeyVaultResourceId" and "cMKUserAssignedIdentityResourceId" are also required.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `highAvailability`
+
+The mode for High Availability (HA). It is not supported for the Burstable pricing tier and Zone redundant HA can only be set during server provisioning.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, SameZone, ZoneRedundant]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `maintenanceWindow`
+
+Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled".
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+The name of the MySQL flexible server.
+- Required: Yes
+- Type: string
+
+### Parameter: `privateDnsZoneResourceId`
+
+Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `replicationRole`
+
+The replication role.
+- Required: No
+- Type: string
+- Default: `'None'`
+- Allowed: `[None, Replica, Source]`
+
+### Parameter: `restorePointInTime`
+
+Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the "roleDefinitionIdOrName" and "principalId" to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11".
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `skuName`
+
+The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3.
+- Required: Yes
+- Type: string
+
+### Parameter: `sourceServerResourceId`
+
+The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `storageAutoGrow`
+
+Enable Storage Auto Grow or not. Storage auto-growth prevents a server from running out of storage and becoming read-only. Required if "highAvailability" is not "Disabled".
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `storageAutoIoScaling`
+
+Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `storageIOPS`
+
+Storage IOPS for a server. Max IOPS are determined by compute size.
+- Required: No
+- Type: int
+- Default: `1000`
+
+### Parameter: `storageSizeGB`
+
+Max storage allowed for a server. In all compute tiers, the minimum storage supported is 20 GiB and maximum is 16 TiB.
+- Required: No
+- Type: int
+- Default: `64`
+- Allowed: `[20, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `tier`
+
+The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3".
+- Required: Yes
+- Type: string
+- Allowed: `[Burstable, GeneralPurpose, MemoryOptimized]`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource. Required if "cMKKeyName" is not empty.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `version`
+
+MySQL Server version.
+- Required: No
+- Type: string
+- Default: `'5.7'`
+- Allowed: `[5.7, 8.0.21]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the deployed MySQL Flexible server. |
+| `resourceGroupName` | string | The resource group of the deployed MySQL Flexible server. |
+| `resourceId` | string | The resource ID of the deployed MySQL Flexible server. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/db-for-my-sql/flexible-server/administrator/README.md b/modules/db-for-my-sql/flexible-server/administrator/README.md
index fe8dbf343e..247e680d29 100644
--- a/modules/db-for-my-sql/flexible-server/administrator/README.md
+++ b/modules/db-for-my-sql/flexible-server/administrator/README.md
@@ -19,30 +19,75 @@ This module deploys a DBforMySQL Flexible Server Administrator.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `identityResourceId` | string | The resource ID of the identity used for AAD Authentication. |
-| `login` | string | Login name of the server administrator. |
-| `sid` | string | SID (object ID) of the server administrator. |
+| [`identityResourceId`](#parameter-identityresourceid) | string | The resource ID of the identity used for AAD Authentication. |
+| [`login`](#parameter-login) | string | Login name of the server administrator. |
+| [`sid`](#parameter-sid) | string | SID (object ID) of the server administrator. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `flexibleServerName` | string | The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. |
+| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | Location for all resources. |
-| `tenantId` | string | `[tenant().tenantId]` | The tenantId of the Active Directory administrator. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`tenantId`](#parameter-tenantid) | string | The tenantId of the Active Directory administrator. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `flexibleServerName`
+
+The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `identityResourceId`
+
+The resource ID of the identity used for AAD Authentication.
+- Required: Yes
+- Type: string
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `login`
+
+Login name of the server administrator.
+- Required: Yes
+- Type: string
+
+### Parameter: `sid`
+
+SID (object ID) of the server administrator.
+- Required: Yes
+- Type: string
+
+### Parameter: `tenantId`
+
+The tenantId of the Active Directory administrator.
+- Required: No
+- Type: string
+- Default: `[tenant().tenantId]`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the deployed administrator. |
 | `resourceGroupName` | string | The resource group of the deployed administrator. |
diff --git a/modules/db-for-my-sql/flexible-server/administrator/main.json b/modules/db-for-my-sql/flexible-server/administrator/main.json
index 926f61fac5..41ee008d22 100644
--- a/modules/db-for-my-sql/flexible-server/administrator/main.json
+++ b/modules/db-for-my-sql/flexible-server/administrator/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "6026324512499502510"
+      "version": "0.22.6.54827",
+      "templateHash": "16367563858411209197"
     },
     "name": "DBforMySQL Flexible Server Administrators",
     "description": "This module deploys a DBforMySQL Flexible Server Administrator.",
diff --git a/modules/db-for-my-sql/flexible-server/database/README.md b/modules/db-for-my-sql/flexible-server/database/README.md
index f6394d9998..f2cced0ae4 100644
--- a/modules/db-for-my-sql/flexible-server/database/README.md
+++ b/modules/db-for-my-sql/flexible-server/database/README.md
@@ -19,29 +19,69 @@ This module deploys a DBforMySQL Flexible Server Database.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `name` | string | The name of the database. |
+| [`name`](#parameter-name) | string | The name of the database. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `flexibleServerName` | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. |
+| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `charset` | string | `'utf8_general_ci'` | The charset of the database. |
-| `collation` | string | `'utf8'` | The collation of the database. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | Location for all resources. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`charset`](#parameter-charset) | string | The charset of the database. |
+| [`collation`](#parameter-collation) | string | The collation of the database. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+
+### Parameter: `charset`
+
+The charset of the database.
+- Required: No
+- Type: string
+- Default: `'utf8_general_ci'`
+
+### Parameter: `collation`
+
+The collation of the database.
+- Required: No
+- Type: string
+- Default: `'utf8'`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `flexibleServerName`
+
+The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+The name of the database.
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the deployed database. |
 | `resourceGroupName` | string | The resource group of the deployed database. |
diff --git a/modules/db-for-my-sql/flexible-server/database/main.json b/modules/db-for-my-sql/flexible-server/database/main.json
index a2fa950dd3..4a68e48562 100644
--- a/modules/db-for-my-sql/flexible-server/database/main.json
+++ b/modules/db-for-my-sql/flexible-server/database/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "12647720847614647024"
+      "version": "0.22.6.54827",
+      "templateHash": "16649222900362138505"
     },
     "name": "DBforMySQL Flexible Server Databases",
     "description": "This module deploys a DBforMySQL Flexible Server Database.",
diff --git a/modules/db-for-my-sql/flexible-server/firewall-rule/README.md b/modules/db-for-my-sql/flexible-server/firewall-rule/README.md
index 6c3b17dcdf..ee7be0779a 100644
--- a/modules/db-for-my-sql/flexible-server/firewall-rule/README.md
+++ b/modules/db-for-my-sql/flexible-server/firewall-rule/README.md
@@ -19,28 +19,59 @@ This module deploys a DBforMySQL Flexible Server Firewall Rule.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `endIpAddress` | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. |
-| `name` | string | The name of the MySQL flexible server Firewall Rule. |
-| `startIpAddress` | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. |
+| [`endIpAddress`](#parameter-endipaddress) | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. |
+| [`name`](#parameter-name) | string | The name of the MySQL flexible server Firewall Rule. |
+| [`startIpAddress`](#parameter-startipaddress) | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `flexibleServerName` | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. |
+| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `endIpAddress`
+
+The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses.
+- Required: Yes
+- Type: string
+
+### Parameter: `flexibleServerName`
+
+The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The name of the MySQL flexible server Firewall Rule.
+- Required: Yes
+- Type: string
+
+### Parameter: `startIpAddress`
+
+The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses.
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the deployed firewall rule. |
 | `resourceGroupName` | string | The resource group of the deployed firewall rule. |
diff --git a/modules/db-for-my-sql/flexible-server/firewall-rule/main.json b/modules/db-for-my-sql/flexible-server/firewall-rule/main.json
index c6c49e9e71..4b909f3882 100644
--- a/modules/db-for-my-sql/flexible-server/firewall-rule/main.json
+++ b/modules/db-for-my-sql/flexible-server/firewall-rule/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "5263296307327888660"
+      "version": "0.22.6.54827",
+      "templateHash": "12840531816938690352"
     },
     "name": "DBforMySQL Flexible Server Firewall Rules",
     "description": "This module deploys a DBforMySQL Flexible Server Firewall Rule.",
diff --git a/modules/db-for-my-sql/flexible-server/main.json b/modules/db-for-my-sql/flexible-server/main.json
index c3f53162a6..da56c4087f 100644
--- a/modules/db-for-my-sql/flexible-server/main.json
+++ b/modules/db-for-my-sql/flexible-server/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "11042164284975783101"
+      "version": "0.22.6.54827",
+      "templateHash": "1515305312622683890"
     },
     "name": "DBforMySQL Flexible Servers",
     "description": "This module deploys a DBforMySQL Flexible Server.",
@@ -548,8 +548,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "17154165990398141081"
+              "version": "0.22.6.54827",
+              "templateHash": "17516117596765839904"
             }
           },
           "parameters": {
@@ -695,8 +695,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "17356615394418311167"
+              "version": "0.22.6.54827",
+              "templateHash": "16649222900362138505"
             },
             "name": "DBforMySQL Flexible Server Databases",
             "description": "This module deploys a DBforMySQL Flexible Server Database.",
@@ -834,8 +834,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "10162316213188664200"
+              "version": "0.22.6.54827",
+              "templateHash": "12840531816938690352"
             },
             "name": "DBforMySQL Flexible Server Firewall Rules",
             "description": "This module deploys a DBforMySQL Flexible Server Firewall Rule.",
@@ -962,8 +962,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "6026324512499502510"
+              "version": "0.22.6.54827",
+              "templateHash": "16367563858411209197"
             },
             "name": "DBforMySQL Flexible Server Administrators",
             "description": "This module deploys a DBforMySQL Flexible Server Administrator.",
diff --git a/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep b/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep
index 788d7c3423..1386d47e69 100644
--- a/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep
+++ b/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/db-for-postgre-sql/flexible-server/README.md b/modules/db-for-postgre-sql/flexible-server/README.md
index bb12fbcf62..9df28d3705 100644
--- a/modules/db-for-postgre-sql/flexible-server/README.md
+++ b/modules/db-for-postgre-sql/flexible-server/README.md
@@ -5,10 +5,10 @@ This module deploys a DBforPostgreSQL Flexible Server.
 ## Navigation
 
 - [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
 ## Resource Types
 
@@ -23,93 +23,30 @@ This module deploys a DBforPostgreSQL Flexible Server.
 | `Microsoft.DBforPostgreSQL/flexibleServers/firewallRules` | [2022-12-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforPostgreSQL/2022-12-01/flexibleServers/firewallRules) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `name` | string |  | The name of the PostgreSQL flexible server. |
-| `skuName` | string |  | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. |
-| `tier` | string | `[Burstable, GeneralPurpose, MemoryOptimized]` | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
-| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if 'cMKKeyName' is not empty. |
-| `pointInTimeUTC` | string | `''` | Required if "createMode" is set to "PointInTimeRestore". |
-| `sourceServerResourceId` | string | `''` | Required if "createMode" is set to "PointInTimeRestore". |
-| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if 'cMKKeyName' is not empty. |
+## Usage examples
 
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `activeDirectoryAuth` | string | `'Enabled'` | `[Disabled, Enabled]` | If Enabled, Azure Active Directory authentication is enabled. |
-| `administratorLogin` | string | `''` |  | The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. |
-| `administratorLoginPassword` | securestring | `''` |  | The administrator login password. |
-| `administrators` | array | `[]` |  | The Azure AD administrators when AAD authentication enabled. |
-| `availabilityZone` | string | `''` | `['', 1, 2, 3]` | Availability zone information of the server. Default will have no preference set. |
-| `backupRetentionDays` | int | `7` |  | Backup retention days for the server. |
-| `cMKKeyName` | string | `''` |  | The name of the customer managed key to use for encryption. |
-| `cMKKeyVersion` | string | `''` |  | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
-| `configurations` | array | `[]` |  | The configurations to create in the server. |
-| `createMode` | string | `'Default'` | `[Create, Default, PointInTimeRestore, Update]` | The mode to create a new PostgreSQL server. |
-| `databases` | array | `[]` |  | The databases to create in the server. |
-| `delegatedSubnetResourceId` | string | `''` |  | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, PostgreSQLFlexDatabaseXacts, PostgreSQLFlexQueryStoreRuntime, PostgreSQLFlexQueryStoreWaitStats, PostgreSQLFlexSessions, PostgreSQLFlexTableStats, PostgreSQLLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` |  | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `firewallRules` | array | `[]` |  | The firewall rules to create in the PostgreSQL flexible server. |
-| `geoRedundantBackup` | string | `'Disabled'` | `[Disabled, Enabled]` | A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty. |
-| `highAvailability` | string | `'Disabled'` | `[Disabled, SameZone, ZoneRedundant]` | The mode for high availability. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `maintenanceWindow` | object | `{object}` |  | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". |
-| `passwordAuth` | string | `'Disabled'` | `[Disabled, Enabled]` | If Enabled, password authentication is enabled. |
-| `privateDnsZoneArmResourceId` | string | `''` |  | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId". |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `storageSizeGB` | int | `32` | `[32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]` | Max storage allowed for a server. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `tenantId` | string | `''` |  | Tenant id of the server. |
-| `version` | string | `'15'` | `[11, 12, 13, 14, 15]` | PostgreSQL Server version. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the deployed PostgreSQL Flexible server. |
-| `resourceGroupName` | string | The resource group of the deployed PostgreSQL Flexible server. |
-| `resourceId` | string | The resource ID of the deployed PostgreSQL Flexible server. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0`.
 
-## Deployment examples
+- [Using only defaults](#example-1-using-only-defaults)
+- [Private](#example-2-private)
+- [Public](#example-3-public)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using only defaults_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with the minimum set of required parameters.
 
-<h3>Example 1: Min</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {
+module flexibleServer 'br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dfpsfsmin'
   params: {
     // Required parameters
@@ -163,14 +100,14 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Private</h3>
+### Example 2: _Private_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {
+module flexibleServer 'br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dfpsfspvt'
   params: {
     // Required parameters
@@ -312,14 +249,14 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 3: Public</h3>
+### Example 3: _Public_
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {
+module flexibleServer 'br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dfpsfsp'
   params: {
     // Required parameters
@@ -530,3 +467,372 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the PostgreSQL flexible server. |
+| [`skuName`](#parameter-skuname) | string | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. |
+| [`tier`](#parameter-tier) | string | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
+| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if 'cMKKeyName' is not empty. |
+| [`pointInTimeUTC`](#parameter-pointintimeutc) | string | Required if "createMode" is set to "PointInTimeRestore". |
+| [`sourceServerResourceId`](#parameter-sourceserverresourceid) | string | Required if "createMode" is set to "PointInTimeRestore". |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if 'cMKKeyName' is not empty. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`activeDirectoryAuth`](#parameter-activedirectoryauth) | string | If Enabled, Azure Active Directory authentication is enabled. |
+| [`administratorLogin`](#parameter-administratorlogin) | string | The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. |
+| [`administratorLoginPassword`](#parameter-administratorloginpassword) | securestring | The administrator login password. |
+| [`administrators`](#parameter-administrators) | array | The Azure AD administrators when AAD authentication enabled. |
+| [`availabilityZone`](#parameter-availabilityzone) | string | Availability zone information of the server. Default will have no preference set. |
+| [`backupRetentionDays`](#parameter-backupretentiondays) | int | Backup retention days for the server. |
+| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. |
+| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
+| [`configurations`](#parameter-configurations) | array | The configurations to create in the server. |
+| [`createMode`](#parameter-createmode) | string | The mode to create a new PostgreSQL server. |
+| [`databases`](#parameter-databases) | array | The databases to create in the server. |
+| [`delegatedSubnetResourceId`](#parameter-delegatedsubnetresourceid) | string | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`firewallRules`](#parameter-firewallrules) | array | The firewall rules to create in the PostgreSQL flexible server. |
+| [`geoRedundantBackup`](#parameter-georedundantbackup) | string | A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty. |
+| [`highAvailability`](#parameter-highavailability) | string | The mode for high availability. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`maintenanceWindow`](#parameter-maintenancewindow) | object | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". |
+| [`passwordAuth`](#parameter-passwordauth) | string | If Enabled, password authentication is enabled. |
+| [`privateDnsZoneArmResourceId`](#parameter-privatednszonearmresourceid) | string | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId". |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`storageSizeGB`](#parameter-storagesizegb) | int | Max storage allowed for a server. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`tenantId`](#parameter-tenantid) | string | Tenant id of the server. |
+| [`version`](#parameter-version) | string | PostgreSQL Server version. |
+
+### Parameter: `activeDirectoryAuth`
+
+If Enabled, Azure Active Directory authentication is enabled.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `administratorLogin`
+
+The administrator login name of a server. Can only be specified when the PostgreSQL server is being created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `administratorLoginPassword`
+
+The administrator login password.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `administrators`
+
+The Azure AD administrators when AAD authentication enabled.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `availabilityZone`
+
+Availability zone information of the server. Default will have no preference set.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', 1, 2, 3]`
+
+### Parameter: `backupRetentionDays`
+
+Backup retention days for the server.
+- Required: No
+- Type: int
+- Default: `7`
+
+### Parameter: `cMKKeyName`
+
+The name of the customer managed key to use for encryption.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVaultResourceId`
+
+The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVersion`
+
+The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKUserAssignedIdentityResourceId`
+
+User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `configurations`
+
+The configurations to create in the server.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `createMode`
+
+The mode to create a new PostgreSQL server.
+- Required: No
+- Type: string
+- Default: `'Default'`
+- Allowed: `[Create, Default, PointInTimeRestore, Update]`
+
+### Parameter: `databases`
+
+The databases to create in the server.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `delegatedSubnetResourceId`
+
+Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, PostgreSQLFlexDatabaseXacts, PostgreSQLFlexQueryStoreRuntime, PostgreSQLFlexQueryStoreWaitStats, PostgreSQLFlexSessions, PostgreSQLFlexTableStats, PostgreSQLLogs]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `firewallRules`
+
+The firewall rules to create in the PostgreSQL flexible server.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `geoRedundantBackup`
+
+A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `highAvailability`
+
+The mode for high availability.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, SameZone, ZoneRedundant]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `maintenanceWindow`
+
+Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled".
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+The name of the PostgreSQL flexible server.
+- Required: Yes
+- Type: string
+
+### Parameter: `passwordAuth`
+
+If Enabled, password authentication is enabled.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `pointInTimeUTC`
+
+Required if "createMode" is set to "PointInTimeRestore".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `privateDnsZoneArmResourceId`
+
+Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `skuName`
+
+The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3.
+- Required: Yes
+- Type: string
+
+### Parameter: `sourceServerResourceId`
+
+Required if "createMode" is set to "PointInTimeRestore".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `storageSizeGB`
+
+Max storage allowed for a server.
+- Required: No
+- Type: int
+- Default: `32`
+- Allowed: `[32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `tenantId`
+
+Tenant id of the server.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `tier`
+
+The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3".
+- Required: Yes
+- Type: string
+- Allowed: `[Burstable, GeneralPurpose, MemoryOptimized]`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `version`
+
+PostgreSQL Server version.
+- Required: No
+- Type: string
+- Default: `'15'`
+- Allowed: `[11, 12, 13, 14, 15]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the deployed PostgreSQL Flexible server. |
+| `resourceGroupName` | string | The resource group of the deployed PostgreSQL Flexible server. |
+| `resourceId` | string | The resource ID of the deployed PostgreSQL Flexible server. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/README.md b/modules/db-for-postgre-sql/flexible-server/administrator/README.md
index 34cfa2b0b7..64e08316bd 100644
--- a/modules/db-for-postgre-sql/flexible-server/administrator/README.md
+++ b/modules/db-for-postgre-sql/flexible-server/administrator/README.md
@@ -19,30 +19,76 @@ This module deploys a DBforPostgreSQL Flexible Server Administrator.
 
 **Required parameters**
 
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `objectId` | string |  | The objectId of the Active Directory administrator. |
-| `principalName` | string |  | Active Directory administrator principal name. |
-| `principalType` | string | `[Group, ServicePrincipal, Unknown, User]` | The principal type used to represent the type of Active Directory Administrator. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`objectId`](#parameter-objectid) | string | The objectId of the Active Directory administrator. |
+| [`principalName`](#parameter-principalname) | string | Active Directory administrator principal name. |
+| [`principalType`](#parameter-principaltype) | string | The principal type used to represent the type of Active Directory Administrator. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. |
+| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | Location for all resources. |
-| `tenantId` | string | `[tenant().tenantId]` | The tenantId of the Active Directory administrator. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`tenantId`](#parameter-tenantid) | string | The tenantId of the Active Directory administrator. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `flexibleServerName`
+
+The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `objectId`
+
+The objectId of the Active Directory administrator.
+- Required: Yes
+- Type: string
+
+### Parameter: `principalName`
+
+Active Directory administrator principal name.
+- Required: Yes
+- Type: string
+
+### Parameter: `principalType`
+
+The principal type used to represent the type of Active Directory Administrator.
+- Required: Yes
+- Type: string
+- Allowed: `[Group, ServicePrincipal, Unknown, User]`
+
+### Parameter: `tenantId`
+
+The tenantId of the Active Directory administrator.
+- Required: No
+- Type: string
+- Default: `[tenant().tenantId]`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the deployed administrator. |
 | `resourceGroupName` | string | The resource group of the deployed administrator. |
diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/main.json b/modules/db-for-postgre-sql/flexible-server/administrator/main.json
index eb10947fcc..6ac911a9e5 100644
--- a/modules/db-for-postgre-sql/flexible-server/administrator/main.json
+++ b/modules/db-for-postgre-sql/flexible-server/administrator/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "14812998248518641282"
+      "version": "0.22.6.54827",
+      "templateHash": "3514176123135146796"
     },
     "name": "DBforPostgreSQL Flexible Server Administrators",
     "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.",
diff --git a/modules/db-for-postgre-sql/flexible-server/configuration/README.md b/modules/db-for-postgre-sql/flexible-server/configuration/README.md
index 5a98fdc548..d156b0635a 100644
--- a/modules/db-for-postgre-sql/flexible-server/configuration/README.md
+++ b/modules/db-for-postgre-sql/flexible-server/configuration/README.md
@@ -19,29 +19,69 @@ This module deploys a DBforPostgreSQL Flexible Server Configuration.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `name` | string | The name of the configuration. |
+| [`name`](#parameter-name) | string | The name of the configuration. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. |
+| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | Location for all resources. |
-| `source` | string | `''` | Source of the configuration. |
-| `value` | string | `''` | Value of the configuration. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`source`](#parameter-source) | string | Source of the configuration. |
+| [`value`](#parameter-value) | string | Value of the configuration. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `flexibleServerName`
+
+The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+The name of the configuration.
+- Required: Yes
+- Type: string
+
+### Parameter: `source`
+
+Source of the configuration.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `value`
+
+Value of the configuration.
+- Required: No
+- Type: string
+- Default: `''`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the deployed configuration. |
 | `resourceGroupName` | string | The resource group of the deployed configuration. |
diff --git a/modules/db-for-postgre-sql/flexible-server/configuration/main.json b/modules/db-for-postgre-sql/flexible-server/configuration/main.json
index 92aa1e45be..54b8e1f4b7 100644
--- a/modules/db-for-postgre-sql/flexible-server/configuration/main.json
+++ b/modules/db-for-postgre-sql/flexible-server/configuration/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "5586008567080780040"
+      "version": "0.22.6.54827",
+      "templateHash": "12961146168624492771"
     },
     "name": "DBforPostgreSQL Flexible Server Configurations",
     "description": "This module deploys a DBforPostgreSQL Flexible Server Configuration.",
diff --git a/modules/db-for-postgre-sql/flexible-server/database/README.md b/modules/db-for-postgre-sql/flexible-server/database/README.md
index 700caebc88..57ba0b45a5 100644
--- a/modules/db-for-postgre-sql/flexible-server/database/README.md
+++ b/modules/db-for-postgre-sql/flexible-server/database/README.md
@@ -19,29 +19,69 @@ This module deploys a DBforPostgreSQL Flexible Server Database.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `name` | string | The name of the database. |
+| [`name`](#parameter-name) | string | The name of the database. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. |
+| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `charset` | string | `''` | The charset of the database. |
-| `collation` | string | `''` | The collation of the database. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | Location for all resources. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`charset`](#parameter-charset) | string | The charset of the database. |
+| [`collation`](#parameter-collation) | string | The collation of the database. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+
+### Parameter: `charset`
+
+The charset of the database.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `collation`
+
+The collation of the database.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `flexibleServerName`
+
+The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+The name of the database.
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the deployed database. |
 | `resourceGroupName` | string | The resource group of the deployed database. |
diff --git a/modules/db-for-postgre-sql/flexible-server/database/main.json b/modules/db-for-postgre-sql/flexible-server/database/main.json
index 0b0f806020..bc43485c4f 100644
--- a/modules/db-for-postgre-sql/flexible-server/database/main.json
+++ b/modules/db-for-postgre-sql/flexible-server/database/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "7432917940199201712"
+      "version": "0.22.6.54827",
+      "templateHash": "15866259518448635553"
     },
     "name": "DBforPostgreSQL Flexible Server Databases",
     "description": "This module deploys a DBforPostgreSQL Flexible Server Database.",
diff --git a/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md b/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md
index d4f092e9f6..de0f21fadf 100644
--- a/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md
+++ b/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md
@@ -19,28 +19,59 @@ This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `endIpAddress` | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. |
-| `name` | string | The name of the PostgreSQL flexible server Firewall Rule. |
-| `startIpAddress` | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. |
+| [`endIpAddress`](#parameter-endipaddress) | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. |
+| [`name`](#parameter-name) | string | The name of the PostgreSQL flexible server Firewall Rule. |
+| [`startIpAddress`](#parameter-startipaddress) | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. |
+| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `endIpAddress`
+
+The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses.
+- Required: Yes
+- Type: string
+
+### Parameter: `flexibleServerName`
+
+The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The name of the PostgreSQL flexible server Firewall Rule.
+- Required: Yes
+- Type: string
+
+### Parameter: `startIpAddress`
+
+The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses.
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the deployed firewall rule. |
 | `resourceGroupName` | string | The resource group of the deployed firewall rule. |
diff --git a/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json b/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json
index 19cc04b358..79c31b0bfb 100644
--- a/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json
+++ b/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "3071080362723739241"
+      "version": "0.22.6.54827",
+      "templateHash": "13418631602887252631"
     },
     "name": "DBforPostgreSQL Flexible Server Firewall Rules",
     "description": "This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.",
diff --git a/modules/db-for-postgre-sql/flexible-server/main.json b/modules/db-for-postgre-sql/flexible-server/main.json
index 316363a8c8..e737116aa5 100644
--- a/modules/db-for-postgre-sql/flexible-server/main.json
+++ b/modules/db-for-postgre-sql/flexible-server/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "16240139018001575474"
+      "version": "0.22.6.54827",
+      "templateHash": "2675797994216094359"
     },
     "name": "DBforPostgreSQL Flexible Servers",
     "description": "This module deploys a DBforPostgreSQL Flexible Server.",
@@ -521,8 +521,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "4898014763123062752"
+              "version": "0.22.6.54827",
+              "templateHash": "6100419547048418453"
             }
           },
           "parameters": {
@@ -667,8 +667,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "16660732763595780206"
+              "version": "0.22.6.54827",
+              "templateHash": "15866259518448635553"
             },
             "name": "DBforPostgreSQL Flexible Server Databases",
             "description": "This module deploys a DBforPostgreSQL Flexible Server Database.",
@@ -806,8 +806,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "7935033505380784919"
+              "version": "0.22.6.54827",
+              "templateHash": "13418631602887252631"
             },
             "name": "DBforPostgreSQL Flexible Server Firewall Rules",
             "description": "This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.",
@@ -904,7 +904,9 @@
     {
       "copy": {
         "name": "flexibleServer_configurations",
-        "count": "[length(parameters('configurations'))]"
+        "count": "[length(parameters('configurations'))]",
+        "mode": "serial",
+        "batchSize": 1
       },
       "type": "Microsoft.Resources/deployments",
       "apiVersion": "2022-09-01",
@@ -933,8 +935,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "10954863077388190830"
+              "version": "0.22.6.54827",
+              "templateHash": "12961146168624492771"
             },
             "name": "DBforPostgreSQL Flexible Server Configurations",
             "description": "This module deploys a DBforPostgreSQL Flexible Server Configuration.",
@@ -1071,8 +1073,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "14812998248518641282"
+              "version": "0.22.6.54827",
+              "templateHash": "3514176123135146796"
             },
             "name": "DBforPostgreSQL Flexible Server Administrators",
             "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.",
diff --git a/modules/desktop-virtualization/application-group/.test/common/main.test.bicep b/modules/desktop-virtualization/application-group/.test/common/main.test.bicep
index 959990ac7c..673b79551f 100644
--- a/modules/desktop-virtualization/application-group/.test/common/main.test.bicep
+++ b/modules/desktop-virtualization/application-group/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/desktop-virtualization/application-group/.test/min/main.test.bicep b/modules/desktop-virtualization/application-group/.test/min/main.test.bicep
index e5a99a1d1e..8dae8dc2d4 100644
--- a/modules/desktop-virtualization/application-group/.test/min/main.test.bicep
+++ b/modules/desktop-virtualization/application-group/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/desktop-virtualization/application-group/README.md b/modules/desktop-virtualization/application-group/README.md
index 696349103d..29c5853ae4 100644
--- a/modules/desktop-virtualization/application-group/README.md
+++ b/modules/desktop-virtualization/application-group/README.md
@@ -4,13 +4,13 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -20,64 +20,29 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group.
 | `Microsoft.DesktopVirtualization/applicationGroups/applications` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/applicationGroups/applications) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `applicationGroupType` | string | `[Desktop, RemoteApp]` | The type of the Application Group to be created. Allowed values: RemoteApp or Desktop. |
-| `hostpoolName` | string |  | Name of the Host Pool to be linked to this Application Group. |
-| `name` | string |  | Name of the Application Group to create this application in. |
-
-**Optional parameters**
+## Usage examples
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `applications` | array | `[]` |  | List of applications to be created in the Application Group. |
-| `description` | string | `''` |  | The description of the Application Group to be created. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Checkpoint, Error, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticSettingsName` | string | `''` |  | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of log analytics. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `friendlyName` | string | `''` |  | The friendly name of the Application Group to be created. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the AVD application group. |
-| `resourceGroupName` | string | The resource group the AVD application group was deployed into. |
-| `resourceId` | string | The resource ID of the AVD application group. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.application-group:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module applicationGroup './desktop-virtualization/application-group/main.bicep' = {
+module applicationGroup 'br:bicep/modules/desktop-virtualization.application-group:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dvagcom'
   params: {
     // Required parameters
@@ -225,14 +190,17 @@ module applicationGroup './desktop-virtualization/application-group/main.bicep'
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module applicationGroup './desktop-virtualization/application-group/main.bicep' = {
+module applicationGroup 'br:bicep/modules/desktop-virtualization.application-group:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dvagmin'
   params: {
     // Required parameters
@@ -277,3 +245,166 @@ module applicationGroup './desktop-virtualization/application-group/main.bicep'
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`applicationGroupType`](#parameter-applicationgrouptype) | string | The type of the Application Group to be created. Allowed values: RemoteApp or Desktop. |
+| [`hostpoolName`](#parameter-hostpoolname) | string | Name of the Host Pool to be linked to this Application Group. |
+| [`name`](#parameter-name) | string | Name of the Application Group to create this application in. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`applications`](#parameter-applications) | array | List of applications to be created in the Application Group. |
+| [`description`](#parameter-description) | string | The description of the Application Group to be created. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of log analytics. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Application Group to be created. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+
+### Parameter: `applicationGroupType`
+
+The type of the Application Group to be created. Allowed values: RemoteApp or Desktop.
+- Required: Yes
+- Type: string
+- Allowed: `[Desktop, RemoteApp]`
+
+### Parameter: `applications`
+
+List of applications to be created in the Application Group.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `description`
+
+The description of the Application Group to be created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, Checkpoint, Error, Management]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of log analytics.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `friendlyName`
+
+The friendly name of the Application Group to be created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `hostpoolName`
+
+Name of the Host Pool to be linked to this Application Group.
+- Required: Yes
+- Type: string
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of the Application Group to create this application in.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the AVD application group. |
+| `resourceGroupName` | string | The resource group the AVD application group was deployed into. |
+| `resourceId` | string | The resource ID of the AVD application group. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/desktop-virtualization/application-group/application/README.md b/modules/desktop-virtualization/application-group/application/README.md
index 7d87db5d0c..cc46be1fbe 100644
--- a/modules/desktop-virtualization/application-group/application/README.md
+++ b/modules/desktop-virtualization/application-group/application/README.md
@@ -4,12 +4,12 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group Application
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -19,34 +19,108 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group Application
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `filePath` | string | Specifies a path for the executable file for the application. |
-| `friendlyName` | string | Friendly name of Application.. |
-| `name` | string | Name of the Application to be created in the Application Group. |
+| [`filePath`](#parameter-filepath) | string | Specifies a path for the executable file for the application. |
+| [`friendlyName`](#parameter-friendlyname) | string | Friendly name of Application.. |
+| [`name`](#parameter-name) | string | Name of the Application to be created in the Application Group. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `appGroupName` | string | The name of the parent Application Group to create the application(s) in. Required if the template is used in a standalone deployment. |
+| [`appGroupName`](#parameter-appgroupname) | string | The name of the parent Application Group to create the application(s) in. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `commandLineArguments` | string | `''` |  | Command-Line Arguments for Application. |
-| `commandLineSetting` | string | `'DoNotAllow'` | `[Allow, DoNotAllow, Require]` | Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all. |
-| `description` | string | `''` |  | Description of Application.. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `iconIndex` | int | `0` |  | Index of the icon. |
-| `iconPath` | string | `''` |  | Path to icon. |
-| `showInPortal` | bool | `False` |  | Specifies whether to show the RemoteApp program in the RD Web Access server. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`commandLineArguments`](#parameter-commandlinearguments) | string | Command-Line Arguments for Application. |
+| [`commandLineSetting`](#parameter-commandlinesetting) | string | Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all. |
+| [`description`](#parameter-description) | string | Description of Application.. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`iconIndex`](#parameter-iconindex) | int | Index of the icon. |
+| [`iconPath`](#parameter-iconpath) | string | Path to icon. |
+| [`showInPortal`](#parameter-showinportal) | bool | Specifies whether to show the RemoteApp program in the RD Web Access server. |
+
+### Parameter: `appGroupName`
+
+The name of the parent Application Group to create the application(s) in. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `commandLineArguments`
+
+Command-Line Arguments for Application.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `commandLineSetting`
+
+Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all.
+- Required: No
+- Type: string
+- Default: `'DoNotAllow'`
+- Allowed: `[Allow, DoNotAllow, Require]`
+
+### Parameter: `description`
+
+Description of Application..
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `filePath`
+
+Specifies a path for the executable file for the application.
+- Required: Yes
+- Type: string
+
+### Parameter: `friendlyName`
+
+Friendly name of Application..
+- Required: Yes
+- Type: string
+
+### Parameter: `iconIndex`
+
+Index of the icon.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `iconPath`
+
+Path to icon.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+Name of the Application to be created in the Application Group.
+- Required: Yes
+- Type: string
+
+### Parameter: `showInPortal`
+
+Specifies whether to show the RemoteApp program in the RD Web Access server.
+- Required: No
+- Type: bool
+- Default: `False`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The Name of the Application Group to register the Application in. |
 | `resourceGroupName` | string | The name of the Resource Group the AVD Application was created in. |
diff --git a/modules/desktop-virtualization/application-group/application/main.json b/modules/desktop-virtualization/application-group/application/main.json
index 2621a89ffe..70e339a8b2 100644
--- a/modules/desktop-virtualization/application-group/application/main.json
+++ b/modules/desktop-virtualization/application-group/application/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "7619639220591936340"
+      "version": "0.22.6.54827",
+      "templateHash": "10616827856455579307"
     },
     "name": "Azure Virtual Desktop (AVD) Application Group Applications",
     "description": "This module deploys an Azure Virtual Desktop (AVD) Application Group Application.",
diff --git a/modules/desktop-virtualization/application-group/main.json b/modules/desktop-virtualization/application-group/main.json
index 351595b955..a84976fdda 100644
--- a/modules/desktop-virtualization/application-group/main.json
+++ b/modules/desktop-virtualization/application-group/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "6445435320297948317"
+      "version": "0.22.6.54827",
+      "templateHash": "8705022781837382520"
     },
     "name": "Azure Virtual Desktop (AVD) Application Groups",
     "description": "This module deploys an Azure Virtual Desktop (AVD) Application Group.",
@@ -261,8 +261,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "110356307048121387"
+              "version": "0.22.6.54827",
+              "templateHash": "10616827856455579307"
             },
             "name": "Azure Virtual Desktop (AVD) Application Group Applications",
             "description": "This module deploys an Azure Virtual Desktop (AVD) Application Group Application.",
@@ -442,8 +442,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "9771114878684828045"
+              "version": "0.22.6.54827",
+              "templateHash": "16875966944342044136"
             }
           },
           "parameters": {
diff --git a/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep b/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep
index 6f581c0315..ae07838fee 100644
--- a/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep
+++ b/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep b/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep
index 9a7bbfd580..7691ccaa51 100644
--- a/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep
+++ b/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/desktop-virtualization/host-pool/README.md b/modules/desktop-virtualization/host-pool/README.md
index 9d96667dba..004589bda7 100644
--- a/modules/desktop-virtualization/host-pool/README.md
+++ b/modules/desktop-virtualization/host-pool/README.md
@@ -4,13 +4,13 @@ This module deploys an Azure Virtual Desktop (AVD) Host Pool.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -19,90 +19,29 @@ This module deploys an Azure Virtual Desktop (AVD) Host Pool.
 | `Microsoft.DesktopVirtualization/hostPools` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/hostPools) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Host Pool. |
+## Usage examples
 
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `agentUpdate` | object | `{object}` |  | The session host configuration for updating agent, monitoring agent, and stack component. |
-| `agentUpdateMaintenanceWindowDayOfWeek` | string | `'Sunday'` | `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]` | Update day for scheduled agent updates. |
-| `agentUpdateMaintenanceWindowHour` | int | `22` |  | Update hour for scheduled agent updates. |
-| `agentUpdateMaintenanceWindows` | array | `[System.Management.Automation.OrderedHashtable]` |  | List of maintenance windows for scheduled agent updates. |
-| `agentUpdateMaintenanceWindowTimeZone` | string | `'Central Standard Time'` |  | Time zone for scheduled agent updates. |
-| `agentUpdateType` | string | `'Default'` | `[Default, Scheduled]` | Enable scheduled agent updates, Default means agent updates will automatically be installed by AVD when they become available. |
-| `agentUpdateUseSessionHostLocalTime` | bool | `False` |  | Whether to use localTime of the virtual machine for scheduled agent updates. |
-| `customRdpProperty` | string | `'audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;'` |  | Host Pool RDP properties. |
-| `description` | string | `''` |  | The description of the Host Pool to be created. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', AgentHealthStatus, allLogs, Checkpoint, Connection, Error, HostRegistration, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticSettingsName` | string | `''` |  | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `friendlyName` | string | `''` |  | The friendly name of the Host Pool to be created. |
-| `loadBalancerType` | string | `'BreadthFirst'` | `[BreadthFirst, DepthFirst, Persistent]` | Type of load balancer algorithm. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `maxSessionLimit` | int | `99999` |  | Maximum number of sessions. |
-| `personalDesktopAssignmentType` | string | `''` | `['', Automatic, Direct]` | Set the type of assignment for a Personal Host Pool type. |
-| `preferredAppGroupType` | string | `'Desktop'` | `[Desktop, None, RailApplications]` | The type of preferred application group type, default to Desktop Application Group. |
-| `ring` | int | `-1` |  | The ring number of HostPool. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `ssoadfsAuthority` | string | `''` |  | URL to customer ADFS server for signing WVD SSO certificates. |
-| `ssoClientId` | string | `''` |  | ClientId for the registered Relying Party used to issue WVD SSO certificates. |
-| `ssoClientSecretKeyVaultPath` | string | `''` |  | Path to Azure KeyVault storing the secret used for communication to ADFS. |
-| `ssoSecretType` | string | `''` | `['', Certificate, CertificateInKeyVault, SharedKey, SharedKeyInKeyVault]` | The type of single sign on Secret Type. |
-| `startVMOnConnect` | bool | `False` |  | Enable Start VM on connect to allow users to start the virtual machine from a deallocated state. Important: Custom RBAC role required to power manage VMs. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `tokenValidityLength` | string | `'PT8H'` |  | Host Pool token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the token will be valid for 8 hours. |
-| `type` | string | `'Pooled'` | `[Personal, Pooled]` | Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled. |
-| `validationEnvironment` | bool | `False` |  | Validation host pools allows you to test service changes before they are deployed to production. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Defaults to false that stands for the stable, production-ready environment. |
-| `vmTemplate` | object | `{object}` |  | The necessary information for adding more VMs to this Host Pool. The object is converted to an in-line string when handed over to the resource deployment, since that only takes strings. |
-
-**Generated parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `baseTime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a registration token. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the AVD host pool. |
-| `resourceGroupName` | string | The resource group the AVD host pool was deployed into. |
-| `resourceId` | string | The resource ID of the AVD host pool. |
-| `tokenExpirationTime` | string | The expiration time for the registration token. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.host-pool:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module hostPool './desktop-virtualization/host-pool/main.bicep' = {
+module hostPool 'br:bicep/modules/desktop-virtualization.host-pool:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dvhpcom'
   params: {
     // Required parameters
@@ -292,14 +231,17 @@ module hostPool './desktop-virtualization/host-pool/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module hostPool './desktop-virtualization/host-pool/main.bicep' = {
+module hostPool 'br:bicep/modules/desktop-virtualization.host-pool:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dvhpmin'
   params: {
     // Required parameters
@@ -336,3 +278,340 @@ module hostPool './desktop-virtualization/host-pool/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Host Pool. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`agentUpdate`](#parameter-agentupdate) | object | The session host configuration for updating agent, monitoring agent, and stack component. |
+| [`agentUpdateMaintenanceWindowDayOfWeek`](#parameter-agentupdatemaintenancewindowdayofweek) | string | Update day for scheduled agent updates. |
+| [`agentUpdateMaintenanceWindowHour`](#parameter-agentupdatemaintenancewindowhour) | int | Update hour for scheduled agent updates. |
+| [`agentUpdateMaintenanceWindows`](#parameter-agentupdatemaintenancewindows) | array | List of maintenance windows for scheduled agent updates. |
+| [`agentUpdateMaintenanceWindowTimeZone`](#parameter-agentupdatemaintenancewindowtimezone) | string | Time zone for scheduled agent updates. |
+| [`agentUpdateType`](#parameter-agentupdatetype) | string | Enable scheduled agent updates, Default means agent updates will automatically be installed by AVD when they become available. |
+| [`agentUpdateUseSessionHostLocalTime`](#parameter-agentupdateusesessionhostlocaltime) | bool | Whether to use localTime of the virtual machine for scheduled agent updates. |
+| [`customRdpProperty`](#parameter-customrdpproperty) | string | Host Pool RDP properties. |
+| [`description`](#parameter-description) | string | The description of the Host Pool to be created. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Host Pool to be created. |
+| [`loadBalancerType`](#parameter-loadbalancertype) | string | Type of load balancer algorithm. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`maxSessionLimit`](#parameter-maxsessionlimit) | int | Maximum number of sessions. |
+| [`personalDesktopAssignmentType`](#parameter-personaldesktopassignmenttype) | string | Set the type of assignment for a Personal Host Pool type. |
+| [`preferredAppGroupType`](#parameter-preferredappgrouptype) | string | The type of preferred application group type, default to Desktop Application Group. |
+| [`ring`](#parameter-ring) | int | The ring number of HostPool. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`ssoadfsAuthority`](#parameter-ssoadfsauthority) | string | URL to customer ADFS server for signing WVD SSO certificates. |
+| [`ssoClientId`](#parameter-ssoclientid) | string | ClientId for the registered Relying Party used to issue WVD SSO certificates. |
+| [`ssoClientSecretKeyVaultPath`](#parameter-ssoclientsecretkeyvaultpath) | string | Path to Azure KeyVault storing the secret used for communication to ADFS. |
+| [`ssoSecretType`](#parameter-ssosecrettype) | string | The type of single sign on Secret Type. |
+| [`startVMOnConnect`](#parameter-startvmonconnect) | bool | Enable Start VM on connect to allow users to start the virtual machine from a deallocated state. Important: Custom RBAC role required to power manage VMs. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`tokenValidityLength`](#parameter-tokenvaliditylength) | string | Host Pool token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the token will be valid for 8 hours. |
+| [`type`](#parameter-type) | string | Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled. |
+| [`validationEnvironment`](#parameter-validationenvironment) | bool | Validation host pools allows you to test service changes before they are deployed to production. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Defaults to false that stands for the stable, production-ready environment. |
+| [`vmTemplate`](#parameter-vmtemplate) | object | The necessary information for adding more VMs to this Host Pool. The object is converted to an in-line string when handed over to the resource deployment, since that only takes strings. |
+
+**Generated parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. |
+
+### Parameter: `agentUpdate`
+
+The session host configuration for updating agent, monitoring agent, and stack component.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `agentUpdateMaintenanceWindowDayOfWeek`
+
+Update day for scheduled agent updates.
+- Required: No
+- Type: string
+- Default: `'Sunday'`
+- Allowed: `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]`
+
+### Parameter: `agentUpdateMaintenanceWindowHour`
+
+Update hour for scheduled agent updates.
+- Required: No
+- Type: int
+- Default: `22`
+
+### Parameter: `agentUpdateMaintenanceWindows`
+
+List of maintenance windows for scheduled agent updates.
+- Required: No
+- Type: array
+- Default: `[System.Management.Automation.OrderedHashtable]`
+
+### Parameter: `agentUpdateMaintenanceWindowTimeZone`
+
+Time zone for scheduled agent updates.
+- Required: No
+- Type: string
+- Default: `'Central Standard Time'`
+
+### Parameter: `agentUpdateType`
+
+Enable scheduled agent updates, Default means agent updates will automatically be installed by AVD when they become available.
+- Required: No
+- Type: string
+- Default: `'Default'`
+- Allowed: `[Default, Scheduled]`
+
+### Parameter: `agentUpdateUseSessionHostLocalTime`
+
+Whether to use localTime of the virtual machine for scheduled agent updates.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `baseTime`
+
+Do not provide a value! This date value is used to generate a registration token.
+- Required: No
+- Type: string
+- Default: `[utcNow('u')]`
+
+### Parameter: `customRdpProperty`
+
+Host Pool RDP properties.
+- Required: No
+- Type: string
+- Default: `'audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;'`
+
+### Parameter: `description`
+
+The description of the Host Pool to be created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', AgentHealthStatus, allLogs, Checkpoint, Connection, Error, HostRegistration, Management]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `friendlyName`
+
+The friendly name of the Host Pool to be created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `loadBalancerType`
+
+Type of load balancer algorithm.
+- Required: No
+- Type: string
+- Default: `'BreadthFirst'`
+- Allowed: `[BreadthFirst, DepthFirst, Persistent]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `maxSessionLimit`
+
+Maximum number of sessions.
+- Required: No
+- Type: int
+- Default: `99999`
+
+### Parameter: `name`
+
+Name of the Host Pool.
+- Required: Yes
+- Type: string
+
+### Parameter: `personalDesktopAssignmentType`
+
+Set the type of assignment for a Personal Host Pool type.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Automatic, Direct]`
+
+### Parameter: `preferredAppGroupType`
+
+The type of preferred application group type, default to Desktop Application Group.
+- Required: No
+- Type: string
+- Default: `'Desktop'`
+- Allowed: `[Desktop, None, RailApplications]`
+
+### Parameter: `ring`
+
+The ring number of HostPool.
+- Required: No
+- Type: int
+- Default: `-1`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `ssoadfsAuthority`
+
+URL to customer ADFS server for signing WVD SSO certificates.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `ssoClientId`
+
+ClientId for the registered Relying Party used to issue WVD SSO certificates.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `ssoClientSecretKeyVaultPath`
+
+Path to Azure KeyVault storing the secret used for communication to ADFS.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `ssoSecretType`
+
+The type of single sign on Secret Type.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Certificate, CertificateInKeyVault, SharedKey, SharedKeyInKeyVault]`
+
+### Parameter: `startVMOnConnect`
+
+Enable Start VM on connect to allow users to start the virtual machine from a deallocated state. Important: Custom RBAC role required to power manage VMs.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `tokenValidityLength`
+
+Host Pool token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the token will be valid for 8 hours.
+- Required: No
+- Type: string
+- Default: `'PT8H'`
+
+### Parameter: `type`
+
+Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled.
+- Required: No
+- Type: string
+- Default: `'Pooled'`
+- Allowed: `[Personal, Pooled]`
+
+### Parameter: `validationEnvironment`
+
+Validation host pools allows you to test service changes before they are deployed to production. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Defaults to false that stands for the stable, production-ready environment.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `vmTemplate`
+
+The necessary information for adding more VMs to this Host Pool. The object is converted to an in-line string when handed over to the resource deployment, since that only takes strings.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the AVD host pool. |
+| `resourceGroupName` | string | The resource group the AVD host pool was deployed into. |
+| `resourceId` | string | The resource ID of the AVD host pool. |
+| `tokenExpirationTime` | string | The expiration time for the registration token. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep b/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep
index 5423566864..b346cfc8ad 100644
--- a/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep
+++ b/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep b/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep
index d2476d9b7b..9eac3af179 100644
--- a/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep
+++ b/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/desktop-virtualization/scaling-plan/README.md b/modules/desktop-virtualization/scaling-plan/README.md
index 3476b8e9f1..605198db62 100644
--- a/modules/desktop-virtualization/scaling-plan/README.md
+++ b/modules/desktop-virtualization/scaling-plan/README.md
@@ -5,10 +5,10 @@ This module deploys an Azure Virtual Desktop (AVD) Scaling Plan.
 ## Navigation
 
 - [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
 ## Resource Types
 
@@ -18,64 +18,29 @@ This module deploys an Azure Virtual Desktop (AVD) Scaling Plan.
 | `Microsoft.DesktopVirtualization/scalingPlans` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/scalingPlans) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 
-## Parameters
-
-**Required parameters**
+## Usage examples
 
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the scaling plan. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `description` | string | `[parameters('name')]` |  | Description of the scaling plan. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Autoscale]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `exclusionTag` | string | `''` |  | Provide a tag to be used for hosts that should not be affected by the scaling plan. |
-| `friendlyName` | string | `[parameters('name')]` |  | Friendly Name of the scaling plan. |
-| `hostPoolReferences` | array | `[]` |  | An array of references to hostpools. |
-| `hostPoolType` | string | `'Pooled'` | `[Pooled]` | The type of hostpool where this scaling plan should be applied. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `schedules` | array | `[System.Management.Automation.OrderedHashtable]` |  | The schedules related to this scaling plan. If no value is provided a default schedule will be provided. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `timeZone` | string | `'W. Europe Standard Time'` |  | Timezone to be used for the scaling plan. |
-
-
-## Outputs
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the AVD scaling plan. |
-| `resourceGroupName` | string | The resource group the AVD scaling plan was deployed into. |
-| `resourceId` | string | The resource ID of the AVD scaling plan. |
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-## Cross-referenced modules
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.scaling-plan:1.0.0`.
 
-_None_
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-## Deployment examples
+### Example 1: _Using large parameter set_
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+This instance deploys the module with most of its features enabled.
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = {
+module scalingPlan 'br:bicep/modules/desktop-virtualization.scaling-plan:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dvspcom'
   params: {
     // Required parameters
@@ -255,14 +220,17 @@ module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = {
+module scalingPlan 'br:bicep/modules/desktop-virtualization.scaling-plan:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dvspmin'
   params: {
     // Required parameters
@@ -299,3 +267,167 @@ module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the scaling plan. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | Description of the scaling plan. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`exclusionTag`](#parameter-exclusiontag) | string | Provide a tag to be used for hosts that should not be affected by the scaling plan. |
+| [`friendlyName`](#parameter-friendlyname) | string | Friendly Name of the scaling plan. |
+| [`hostPoolReferences`](#parameter-hostpoolreferences) | array | An array of references to hostpools. |
+| [`hostPoolType`](#parameter-hostpooltype) | string | The type of hostpool where this scaling plan should be applied. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`schedules`](#parameter-schedules) | array | The schedules related to this scaling plan. If no value is provided a default schedule will be provided. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`timeZone`](#parameter-timezone) | string | Timezone to be used for the scaling plan. |
+
+### Parameter: `description`
+
+Description of the scaling plan.
+- Required: No
+- Type: string
+- Default: `[parameters('name')]`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, Autoscale]`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `exclusionTag`
+
+Provide a tag to be used for hosts that should not be affected by the scaling plan.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `friendlyName`
+
+Friendly Name of the scaling plan.
+- Required: No
+- Type: string
+- Default: `[parameters('name')]`
+
+### Parameter: `hostPoolReferences`
+
+An array of references to hostpools.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `hostPoolType`
+
+The type of hostpool where this scaling plan should be applied.
+- Required: No
+- Type: string
+- Default: `'Pooled'`
+- Allowed: `[Pooled]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+Name of the scaling plan.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `schedules`
+
+The schedules related to this scaling plan. If no value is provided a default schedule will be provided.
+- Required: No
+- Type: array
+- Default: `[System.Management.Automation.OrderedHashtable]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `timeZone`
+
+Timezone to be used for the scaling plan.
+- Required: No
+- Type: string
+- Default: `'W. Europe Standard Time'`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the AVD scaling plan. |
+| `resourceGroupName` | string | The resource group the AVD scaling plan was deployed into. |
+| `resourceId` | string | The resource ID of the AVD scaling plan. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/desktop-virtualization/workspace/.test/common/main.test.bicep b/modules/desktop-virtualization/workspace/.test/common/main.test.bicep
index 6a603dc442..d98e112b0f 100644
--- a/modules/desktop-virtualization/workspace/.test/common/main.test.bicep
+++ b/modules/desktop-virtualization/workspace/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/desktop-virtualization/workspace/.test/min/main.test.bicep b/modules/desktop-virtualization/workspace/.test/min/main.test.bicep
index 845f5ef455..78df110582 100644
--- a/modules/desktop-virtualization/workspace/.test/min/main.test.bicep
+++ b/modules/desktop-virtualization/workspace/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/desktop-virtualization/workspace/README.md b/modules/desktop-virtualization/workspace/README.md
index 6512110609..afa296c1a2 100644
--- a/modules/desktop-virtualization/workspace/README.md
+++ b/modules/desktop-virtualization/workspace/README.md
@@ -4,13 +4,13 @@ This module deploys an Azure Virtual Desktop (AVD) Workspace.
 
 ## Navigation
 
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
-## Resource types
+## Resource Types
 
 | Resource Type | API Version |
 | :-- | :-- |
@@ -19,62 +19,29 @@ This module deploys an Azure Virtual Desktop (AVD) Workspace.
 | `Microsoft.DesktopVirtualization/workspaces` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/workspaces) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the workspace to be attach to new Application Group. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `appGroupResourceIds` | array | `[]` |  | Resource IDs for the existing Application groups this workspace will group together. |
-| `description` | string | `''` |  | The description of the Workspace to be created. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Checkpoint, Error, Feed, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticSettingsName` | string | `''` |  | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `friendlyName` | string | `''` |  | The friendly name of the Workspace to be created. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
+## Usage examples
 
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Outputs
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the AVD workspace. |
-| `resourceGroupName` | string | The resource group the AVD workspace was deployed into. |
-| `resourceId` | string | The resource ID of the AVD workspace. |
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.workspace:1.0.0`.
 
-## Cross-referenced modules
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-_None_
+### Example 1: _Using large parameter set_
 
-## Deployment examples
+This instance deploys the module with most of its features enabled.
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
-
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module workspace './desktop-virtualization/workspace/main.bicep' = {
+module workspace 'br:bicep/modules/desktop-virtualization.workspace:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dvwcom'
   params: {
     // Required parameters
@@ -184,14 +151,17 @@ module workspace './desktop-virtualization/workspace/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module workspace './desktop-virtualization/workspace/main.bicep' = {
+module workspace 'br:bicep/modules/desktop-virtualization.workspace:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dvwmin'
   params: {
     // Required parameters
@@ -228,3 +198,151 @@ module workspace './desktop-virtualization/workspace/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the workspace to be attach to new Application Group. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`appGroupResourceIds`](#parameter-appgroupresourceids) | array | Resource IDs for the existing Application groups this workspace will group together. |
+| [`description`](#parameter-description) | string | The description of the Workspace to be created. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Workspace to be created. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+
+### Parameter: `appGroupResourceIds`
+
+Resource IDs for the existing Application groups this workspace will group together.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `description`
+
+The description of the Workspace to be created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, Checkpoint, Error, Feed, Management]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "<resourceName>-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `friendlyName`
+
+The friendly name of the Workspace to be created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the workspace to be attach to new Application Group.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the AVD workspace. |
+| `resourceGroupName` | string | The resource group the AVD workspace was deployed into. |
+| `resourceId` | string | The resource ID of the AVD workspace. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/desktop-virtualization/workspace/main.json b/modules/desktop-virtualization/workspace/main.json
index 6c0aa6b332..b96c1b5e6c 100644
--- a/modules/desktop-virtualization/workspace/main.json
+++ b/modules/desktop-virtualization/workspace/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "10679736874154725054"
+      "version": "0.22.6.54827",
+      "templateHash": "8129248040868416848"
     },
     "name": "Azure Virtual Desktop (AVD) Workspaces",
     "description": "This module deploys an Azure Virtual Desktop (AVD) Workspace.",
@@ -237,8 +237,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "12071774351316031070"
+              "version": "0.22.6.54827",
+              "templateHash": "10387281728055526723"
             }
           },
           "parameters": {
diff --git a/modules/dev-test-lab/lab/.test/common/main.test.bicep b/modules/dev-test-lab/lab/.test/common/main.test.bicep
index 2f0565eb03..c63a75d0ae 100644
--- a/modules/dev-test-lab/lab/.test/common/main.test.bicep
+++ b/modules/dev-test-lab/lab/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/dev-test-lab/lab/.test/min/main.test.bicep b/modules/dev-test-lab/lab/.test/min/main.test.bicep
index 70e5d551d1..7989d9f4d2 100644
--- a/modules/dev-test-lab/lab/.test/min/main.test.bicep
+++ b/modules/dev-test-lab/lab/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/dev-test-lab/lab/README.md b/modules/dev-test-lab/lab/README.md
index 9b21814ef3..d6cd84d920 100644
--- a/modules/dev-test-lab/lab/README.md
+++ b/modules/dev-test-lab/lab/README.md
@@ -5,10 +5,10 @@ This module deploys a DevTest Lab.
 ## Navigation
 
 - [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
 ## Resource Types
 
@@ -24,83 +24,29 @@ This module deploys a DevTest Lab.
 | `Microsoft.DevTestLab/labs/schedules` | [2018-09-15](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DevTestLab/2018-09-15/labs/schedules) |
 | `Microsoft.DevTestLab/labs/virtualnetworks` | [2018-09-15](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DevTestLab/2018-09-15/labs/virtualnetworks) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the lab. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `encryptionDiskEncryptionSetId` | string | `''` | The Disk Encryption Set Resource ID used to encrypt OS and data disks created as part of the the lab. Required if encryptionType is set to "EncryptionAtRestWithCustomerKey". |
-| `notificationchannels` | array | `[]` | Notification Channels to create for the lab. Required if the schedules property "notificationSettingsStatus" is set to "Enabled. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `announcement` | object | `{object}` |  | The properties of any lab announcement associated with this lab. |
-| `artifactsources` | array | `[]` |  | Artifact sources to create for the lab. |
-| `artifactsStorageAccount` | string | `''` |  | The resource ID of the storage account used to store artifacts and images by the lab. Also used for defaultStorageAccount, defaultPremiumStorageAccount and premiumDataDiskStorageAccount properties. If left empty, a default storage account will be created by the lab and used. |
-| `browserConnect` | string | `'Disabled'` | `[Disabled, Enabled]` | Enable browser connect on virtual machines if the lab's VNETs have configured Azure Bastion. |
-| `costs` | object | `{object}` |  | Costs to create for the lab. |
-| `disableAutoUpgradeCseMinorVersion` | bool | `False` |  | Disable auto upgrade custom script extension minor version. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `encryptionType` | string | `'EncryptionAtRestWithPlatformKey'` | `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformKey]` | Specify how OS and data disks created as part of the lab are encrypted. |
-| `environmentPermission` | string | `'Reader'` | `[Contributor, Reader]` | The access rights to be granted to the user when provisioning an environment. |
-| `extendedProperties` | object | `{object}` |  | Extended properties of the lab used for experimental features. |
-| `isolateLabResources` | string | `'Enabled'` | `[Disabled, Enabled]` | Enable lab resources isolation from the public internet. |
-| `labStorageType` | string | `'Premium'` | `[Premium, Standard, StandardSSD]` | Type of storage used by the lab. It can be either Premium or Standard. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all Resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `managementIdentities` | object | `{object}` |  | The ID(s) to assign to the virtual machines associated with this lab. |
-| `mandatoryArtifactsResourceIdsLinux` | array | `[]` |  | The ordered list of artifact resource IDs that should be applied on all Linux VM creations by default, prior to the artifacts specified by the user. |
-| `mandatoryArtifactsResourceIdsWindows` | array | `[]` |  | The ordered list of artifact resource IDs that should be applied on all Windows VM creations by default, prior to the artifacts specified by the user. |
-| `policies` | array | `[]` |  | Policies to create for the lab. |
-| `premiumDataDisks` | string | `'Disabled'` | `[Disabled, Enabled]` | The setting to enable usage of premium data disks. When its value is "Enabled", creation of standard or premium data disks is allowed. When its value is "Disabled", only creation of standard data disks is allowed. Default is "Disabled". |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `schedules` | array | `[]` |  | Schedules to create for the lab. |
-| `support` | object | `{object}` |  | The properties of any lab support message associated with this lab. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. |
-| `virtualnetworks` | array | `[]` |  | Virtual networks to create for the lab. |
-| `vmCreationResourceGroupId` | string | `[resourceGroup().id]` |  | Resource Group allocation for virtual machines. If left empty, virtual machines will be deployed in their own Resource Groups. Default is the same Resource Group for DevTest Lab. |
+## Usage examples
 
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the lab. |
-| `resourceGroupName` | string | The resource group the lab was deployed into. |
-| `resourceId` | string | The resource ID of the lab. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-| `uniqueIdentifier` | string | The unique identifier for the lab. Used to track tags that the lab applies to each resource that it creates. |
-
-## Cross-referenced modules
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-_None_
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/dev-test-lab.lab:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module lab './dev-test-lab/lab/main.bicep' = {
+module lab 'br:bicep/modules/dev-test-lab.lab:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dtllcom'
   params: {
     // Required parameters
@@ -626,14 +572,17 @@ module lab './dev-test-lab/lab/main.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module lab './dev-test-lab/lab/main.bicep' = {
+module lab 'br:bicep/modules/dev-test-lab.lab:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dtllmin'
   params: {
     // Required parameters
@@ -670,3 +619,275 @@ module lab './dev-test-lab/lab/main.bicep' = {
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the lab. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`encryptionDiskEncryptionSetId`](#parameter-encryptiondiskencryptionsetid) | string | The Disk Encryption Set Resource ID used to encrypt OS and data disks created as part of the the lab. Required if encryptionType is set to "EncryptionAtRestWithCustomerKey". |
+| [`notificationchannels`](#parameter-notificationchannels) | array | Notification Channels to create for the lab. Required if the schedules property "notificationSettingsStatus" is set to "Enabled. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`announcement`](#parameter-announcement) | object | The properties of any lab announcement associated with this lab. |
+| [`artifactsources`](#parameter-artifactsources) | array | Artifact sources to create for the lab. |
+| [`artifactsStorageAccount`](#parameter-artifactsstorageaccount) | string | The resource ID of the storage account used to store artifacts and images by the lab. Also used for defaultStorageAccount, defaultPremiumStorageAccount and premiumDataDiskStorageAccount properties. If left empty, a default storage account will be created by the lab and used. |
+| [`browserConnect`](#parameter-browserconnect) | string | Enable browser connect on virtual machines if the lab's VNETs have configured Azure Bastion. |
+| [`costs`](#parameter-costs) | object | Costs to create for the lab. |
+| [`disableAutoUpgradeCseMinorVersion`](#parameter-disableautoupgradecseminorversion) | bool | Disable auto upgrade custom script extension minor version. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`encryptionType`](#parameter-encryptiontype) | string | Specify how OS and data disks created as part of the lab are encrypted. |
+| [`environmentPermission`](#parameter-environmentpermission) | string | The access rights to be granted to the user when provisioning an environment. |
+| [`extendedProperties`](#parameter-extendedproperties) | object | Extended properties of the lab used for experimental features. |
+| [`isolateLabResources`](#parameter-isolatelabresources) | string | Enable lab resources isolation from the public internet. |
+| [`labStorageType`](#parameter-labstoragetype) | string | Type of storage used by the lab. It can be either Premium or Standard. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`managementIdentities`](#parameter-managementidentities) | object | The ID(s) to assign to the virtual machines associated with this lab. |
+| [`mandatoryArtifactsResourceIdsLinux`](#parameter-mandatoryartifactsresourceidslinux) | array | The ordered list of artifact resource IDs that should be applied on all Linux VM creations by default, prior to the artifacts specified by the user. |
+| [`mandatoryArtifactsResourceIdsWindows`](#parameter-mandatoryartifactsresourceidswindows) | array | The ordered list of artifact resource IDs that should be applied on all Windows VM creations by default, prior to the artifacts specified by the user. |
+| [`policies`](#parameter-policies) | array | Policies to create for the lab. |
+| [`premiumDataDisks`](#parameter-premiumdatadisks) | string | The setting to enable usage of premium data disks. When its value is "Enabled", creation of standard or premium data disks is allowed. When its value is "Disabled", only creation of standard data disks is allowed. Default is "Disabled". |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`schedules`](#parameter-schedules) | array | Schedules to create for the lab. |
+| [`support`](#parameter-support) | object | The properties of any lab support message associated with this lab. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+| [`virtualnetworks`](#parameter-virtualnetworks) | array | Virtual networks to create for the lab. |
+| [`vmCreationResourceGroupId`](#parameter-vmcreationresourcegroupid) | string | Resource Group allocation for virtual machines. If left empty, virtual machines will be deployed in their own Resource Groups. Default is the same Resource Group for DevTest Lab. |
+
+### Parameter: `announcement`
+
+The properties of any lab announcement associated with this lab.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `artifactsources`
+
+Artifact sources to create for the lab.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `artifactsStorageAccount`
+
+The resource ID of the storage account used to store artifacts and images by the lab. Also used for defaultStorageAccount, defaultPremiumStorageAccount and premiumDataDiskStorageAccount properties. If left empty, a default storage account will be created by the lab and used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `browserConnect`
+
+Enable browser connect on virtual machines if the lab's VNETs have configured Azure Bastion.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `costs`
+
+Costs to create for the lab.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `disableAutoUpgradeCseMinorVersion`
+
+Disable auto upgrade custom script extension minor version.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `encryptionDiskEncryptionSetId`
+
+The Disk Encryption Set Resource ID used to encrypt OS and data disks created as part of the the lab. Required if encryptionType is set to "EncryptionAtRestWithCustomerKey".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `encryptionType`
+
+Specify how OS and data disks created as part of the lab are encrypted.
+- Required: No
+- Type: string
+- Default: `'EncryptionAtRestWithPlatformKey'`
+- Allowed: `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformKey]`
+
+### Parameter: `environmentPermission`
+
+The access rights to be granted to the user when provisioning an environment.
+- Required: No
+- Type: string
+- Default: `'Reader'`
+- Allowed: `[Contributor, Reader]`
+
+### Parameter: `extendedProperties`
+
+Extended properties of the lab used for experimental features.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `isolateLabResources`
+
+Enable lab resources isolation from the public internet.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `labStorageType`
+
+Type of storage used by the lab. It can be either Premium or Standard.
+- Required: No
+- Type: string
+- Default: `'Premium'`
+- Allowed: `[Premium, Standard, StandardSSD]`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `managementIdentities`
+
+The ID(s) to assign to the virtual machines associated with this lab.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `mandatoryArtifactsResourceIdsLinux`
+
+The ordered list of artifact resource IDs that should be applied on all Linux VM creations by default, prior to the artifacts specified by the user.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `mandatoryArtifactsResourceIdsWindows`
+
+The ordered list of artifact resource IDs that should be applied on all Windows VM creations by default, prior to the artifacts specified by the user.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `name`
+
+The name of the lab.
+- Required: Yes
+- Type: string
+
+### Parameter: `notificationchannels`
+
+Notification Channels to create for the lab. Required if the schedules property "notificationSettingsStatus" is set to "Enabled.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `policies`
+
+Policies to create for the lab.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `premiumDataDisks`
+
+The setting to enable usage of premium data disks. When its value is "Enabled", creation of standard or premium data disks is allowed. When its value is "Disabled", only creation of standard data disks is allowed. Default is "Disabled".
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `schedules`
+
+Schedules to create for the lab.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `support`
+
+The properties of any lab support message associated with this lab.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `virtualnetworks`
+
+Virtual networks to create for the lab.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `vmCreationResourceGroupId`
+
+Resource Group allocation for virtual machines. If left empty, virtual machines will be deployed in their own Resource Groups. Default is the same Resource Group for DevTest Lab.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().id]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the lab. |
+| `resourceGroupName` | string | The resource group the lab was deployed into. |
+| `resourceId` | string | The resource ID of the lab. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+| `uniqueIdentifier` | string | The unique identifier for the lab. Used to track tags that the lab applies to each resource that it creates. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/dev-test-lab/lab/artifactsource/README.md b/modules/dev-test-lab/lab/artifactsource/README.md
index 0318c83d13..26aa3c0d4f 100644
--- a/modules/dev-test-lab/lab/artifactsource/README.md
+++ b/modules/dev-test-lab/lab/artifactsource/README.md
@@ -21,35 +21,118 @@ An artifact source allows you to create custom artifacts for the VMs in the lab,
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `name` | string | The name of the artifact source. |
-| `uri` | string | The artifact source's URI. |
+| [`name`](#parameter-name) | string | The name of the artifact source. |
+| [`uri`](#parameter-uri) | string | The artifact source's URI. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `armTemplateFolderPath` | string | `''` | The folder containing Azure Resource Manager templates. Required if "folderPath" is empty. |
-| `folderPath` | string | `''` | The folder containing artifacts. At least one folder path is required. Required if "armTemplateFolderPath" is empty. |
-| `labName` | string |  | The name of the parent lab. Required if the template is used in a standalone deployment. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`armTemplateFolderPath`](#parameter-armtemplatefolderpath) | string | The folder containing Azure Resource Manager templates. Required if "folderPath" is empty. |
+| [`folderPath`](#parameter-folderpath) | string | The folder containing artifacts. At least one folder path is required. Required if "armTemplateFolderPath" is empty. |
+| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `branchRef` | string | `''` |  | The artifact source's branch reference (e.g. main or master). |
-| `displayName` | string | `[parameters('name')]` |  | The artifact source's display name. Default is the name of the artifact source. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `securityToken` | securestring | `''` |  | The security token to authenticate to the artifact source. |
-| `sourceType` | string | `''` | `['', GitHub, StorageAccount, VsoGit]` | The artifact source's type. |
-| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". |
-| `tags` | object | `{object}` |  | Tags of the resource. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`branchRef`](#parameter-branchref) | string | The artifact source's branch reference (e.g. main or master). |
+| [`displayName`](#parameter-displayname) | string | The artifact source's display name. Default is the name of the artifact source. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`securityToken`](#parameter-securitytoken) | securestring | The security token to authenticate to the artifact source. |
+| [`sourceType`](#parameter-sourcetype) | string | The artifact source's type. |
+| [`status`](#parameter-status) | string | Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+
+### Parameter: `armTemplateFolderPath`
+
+The folder containing Azure Resource Manager templates. Required if "folderPath" is empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `branchRef`
+
+The artifact source's branch reference (e.g. main or master).
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The artifact source's display name. Default is the name of the artifact source.
+- Required: No
+- Type: string
+- Default: `[parameters('name')]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `folderPath`
+
+The folder containing artifacts. At least one folder path is required. Required if "armTemplateFolderPath" is empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `labName`
+
+The name of the parent lab. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The name of the artifact source.
+- Required: Yes
+- Type: string
+
+### Parameter: `securityToken`
+
+The security token to authenticate to the artifact source.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `sourceType`
+
+The artifact source's type.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', GitHub, StorageAccount, VsoGit]`
+
+### Parameter: `status`
+
+Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled".
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `uri`
+
+The artifact source's URI.
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the artifact source. |
 | `resourceGroupName` | string | The name of the resource group the artifact source was created in. |
diff --git a/modules/dev-test-lab/lab/artifactsource/main.json b/modules/dev-test-lab/lab/artifactsource/main.json
index 9056139395..946b4a505a 100644
--- a/modules/dev-test-lab/lab/artifactsource/main.json
+++ b/modules/dev-test-lab/lab/artifactsource/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "10765635521160351928"
+      "version": "0.22.6.54827",
+      "templateHash": "4180084937723506143"
     },
     "name": "DevTest Lab Artifact Sources",
     "description": "This module deploys a DevTest Lab Artifact Source.\r\n\r\nAn artifact source allows you to create custom artifacts for the VMs in the lab, or use Azure Resource Manager templates to create a custom test environment. You must add a private Git repository for the artifacts or Resource Manager templates that your team creates. The repository can be hosted on GitHub or on Azure DevOps Services.",
diff --git a/modules/dev-test-lab/lab/cost/README.md b/modules/dev-test-lab/lab/cost/README.md
index 7ad70ef322..69d66fdbc7 100644
--- a/modules/dev-test-lab/lab/cost/README.md
+++ b/modules/dev-test-lab/lab/cost/README.md
@@ -21,42 +21,185 @@ Manage lab costs by setting a spending target that can be viewed in the Monthly
 
 **Required parameters**
 
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `cycleType` | string | `[CalendarMonth, Custom]` | Reporting cycle type. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cycleType`](#parameter-cycletype) | string | Reporting cycle type. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `cycleEndDateTime` | string | `''` | Reporting cycle end date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". |
-| `cycleStartDateTime` | string | `''` | Reporting cycle start date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". |
-| `labName` | string |  | The name of the parent lab. Required if the template is used in a standalone deployment. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cycleEndDateTime`](#parameter-cycleenddatetime) | string | Reporting cycle end date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". |
+| [`cycleStartDateTime`](#parameter-cyclestartdatetime) | string | Reporting cycle start date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". |
+| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `currencyCode` | string | `'USD'` |  | The currency code of the cost. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | Target cost status. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `target` | int | `0` |  | Lab target cost (e.g. 100). The target cost will appear in the "Cost trend" chart to allow tracking lab spending relative to the target cost for the current reporting cycleSetting the target cost to 0 will disable all thresholds. |
-| `thresholdValue100DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 100% display on chart. Indicates whether this threshold will be displayed on cost charts. |
-| `thresholdValue100SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 100% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. |
-| `thresholdValue125DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 125% display on chart. Indicates whether this threshold will be displayed on cost charts. |
-| `thresholdValue125SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 125% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. |
-| `thresholdValue25DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 25% display on chart. Indicates whether this threshold will be displayed on cost charts. |
-| `thresholdValue25SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 25% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. |
-| `thresholdValue50DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 50% display on chart. Indicates whether this threshold will be displayed on cost charts. |
-| `thresholdValue50SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 50% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. |
-| `thresholdValue75DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 75% display on chart. Indicates whether this threshold will be displayed on cost charts. |
-| `thresholdValue75SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 75% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`currencyCode`](#parameter-currencycode) | string | The currency code of the cost. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`status`](#parameter-status) | string | Target cost status. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`target`](#parameter-target) | int | Lab target cost (e.g. 100). The target cost will appear in the "Cost trend" chart to allow tracking lab spending relative to the target cost for the current reporting cycleSetting the target cost to 0 will disable all thresholds. |
+| [`thresholdValue100DisplayOnChart`](#parameter-thresholdvalue100displayonchart) | string | Target Cost threshold at 100% display on chart. Indicates whether this threshold will be displayed on cost charts. |
+| [`thresholdValue100SendNotificationWhenExceeded`](#parameter-thresholdvalue100sendnotificationwhenexceeded) | string | Target cost threshold at 100% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. |
+| [`thresholdValue125DisplayOnChart`](#parameter-thresholdvalue125displayonchart) | string | Target Cost threshold at 125% display on chart. Indicates whether this threshold will be displayed on cost charts. |
+| [`thresholdValue125SendNotificationWhenExceeded`](#parameter-thresholdvalue125sendnotificationwhenexceeded) | string | Target cost threshold at 125% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. |
+| [`thresholdValue25DisplayOnChart`](#parameter-thresholdvalue25displayonchart) | string | Target Cost threshold at 25% display on chart. Indicates whether this threshold will be displayed on cost charts. |
+| [`thresholdValue25SendNotificationWhenExceeded`](#parameter-thresholdvalue25sendnotificationwhenexceeded) | string | Target cost threshold at 25% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. |
+| [`thresholdValue50DisplayOnChart`](#parameter-thresholdvalue50displayonchart) | string | Target Cost threshold at 50% display on chart. Indicates whether this threshold will be displayed on cost charts. |
+| [`thresholdValue50SendNotificationWhenExceeded`](#parameter-thresholdvalue50sendnotificationwhenexceeded) | string | Target cost threshold at 50% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. |
+| [`thresholdValue75DisplayOnChart`](#parameter-thresholdvalue75displayonchart) | string | Target Cost threshold at 75% display on chart. Indicates whether this threshold will be displayed on cost charts. |
+| [`thresholdValue75SendNotificationWhenExceeded`](#parameter-thresholdvalue75sendnotificationwhenexceeded) | string | Target cost threshold at 75% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. |
+
+### Parameter: `currencyCode`
+
+The currency code of the cost.
+- Required: No
+- Type: string
+- Default: `'USD'`
+
+### Parameter: `cycleEndDateTime`
+
+Reporting cycle end date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cycleStartDateTime`
+
+Reporting cycle start date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cycleType`
+
+Reporting cycle type.
+- Required: Yes
+- Type: string
+- Allowed: `[CalendarMonth, Custom]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `labName`
+
+The name of the parent lab. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `status`
+
+Target cost status.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `target`
+
+Lab target cost (e.g. 100). The target cost will appear in the "Cost trend" chart to allow tracking lab spending relative to the target cost for the current reporting cycleSetting the target cost to 0 will disable all thresholds.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `thresholdValue100DisplayOnChart`
+
+Target Cost threshold at 100% display on chart. Indicates whether this threshold will be displayed on cost charts.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `thresholdValue100SendNotificationWhenExceeded`
+
+Target cost threshold at 100% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `thresholdValue125DisplayOnChart`
+
+Target Cost threshold at 125% display on chart. Indicates whether this threshold will be displayed on cost charts.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `thresholdValue125SendNotificationWhenExceeded`
+
+Target cost threshold at 125% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `thresholdValue25DisplayOnChart`
+
+Target Cost threshold at 25% display on chart. Indicates whether this threshold will be displayed on cost charts.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `thresholdValue25SendNotificationWhenExceeded`
+
+Target cost threshold at 25% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `thresholdValue50DisplayOnChart`
+
+Target Cost threshold at 50% display on chart. Indicates whether this threshold will be displayed on cost charts.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `thresholdValue50SendNotificationWhenExceeded`
+
+Target cost threshold at 50% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `thresholdValue75DisplayOnChart`
+
+Target Cost threshold at 75% display on chart. Indicates whether this threshold will be displayed on cost charts.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `thresholdValue75SendNotificationWhenExceeded`
+
+Target cost threshold at 75% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the cost. |
 | `resourceGroupName` | string | The name of the resource group the cost was created in. |
diff --git a/modules/dev-test-lab/lab/cost/main.json b/modules/dev-test-lab/lab/cost/main.json
index 5c385935d5..89f70cfd1f 100644
--- a/modules/dev-test-lab/lab/cost/main.json
+++ b/modules/dev-test-lab/lab/cost/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "4166206931202072952"
+      "version": "0.22.6.54827",
+      "templateHash": "17587308196408831883"
     },
     "name": "DevTest Lab Costs",
     "description": "This module deploys a DevTest Lab Cost.\r\n\r\nManage lab costs by setting a spending target that can be viewed in the Monthly Estimated Cost Trend chart. DevTest Labs can send a notification when spending reaches the specified target threshold.",
diff --git a/modules/dev-test-lab/lab/main.json b/modules/dev-test-lab/lab/main.json
index a8f2ba4948..a83a20dd30 100644
--- a/modules/dev-test-lab/lab/main.json
+++ b/modules/dev-test-lab/lab/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "11215744490422832347"
+      "version": "0.22.6.54827",
+      "templateHash": "12564230212135431557"
     },
     "name": "DevTest Labs",
     "description": "This module deploys a DevTest Lab.",
@@ -347,8 +347,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "10585523023574394931"
+              "version": "0.22.6.54827",
+              "templateHash": "5213684482874022181"
             },
             "name": "DevTest Lab Virtual Networks",
             "description": "This module deploys a DevTest Lab Virtual Network.\r\n\r\nLab virtual machines must be deployed into a virtual network. This resource type allows configuring the virtual network and subnet settings used for the lab virtual machines.",
@@ -511,8 +511,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "8971513022315177152"
+              "version": "0.22.6.54827",
+              "templateHash": "7402281637422771358"
             },
             "name": "DevTest Lab Policy Sets Policies",
             "description": "This module deploys a DevTest Lab Policy Sets Policy.\r\n\r\nDevTest lab policies are used to modify the lab settings such as only allowing certain VM Size SKUs, marketplace image types, number of VMs allowed per user and other settings.",
@@ -715,8 +715,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "12263098724597801740"
+              "version": "0.22.6.54827",
+              "templateHash": "853057685884144049"
             },
             "name": "DevTest Lab Schedules",
             "description": "This module deploys a DevTest Lab Schedule.\r\n\r\nLab schedules are used to modify the settings for auto-shutdown, auto-start for lab virtual machines.",
@@ -929,8 +929,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "17695938428337610065"
+              "version": "0.22.6.54827",
+              "templateHash": "7575060424945865003"
             },
             "name": "DevTest Lab Notification Channels",
             "description": "This module deploys a DevTest Lab Notification Channel.\r\n\r\nNotification channels are used by the schedule resource type in order to send notifications or events to email addresses and/or webhooks.",
@@ -1103,8 +1103,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "9073888459731266435"
+              "version": "0.22.6.54827",
+              "templateHash": "4180084937723506143"
             },
             "name": "DevTest Lab Artifact Sources",
             "description": "This module deploys a DevTest Lab Artifact Source.\r\n\r\nAn artifact source allows you to create custom artifacts for the VMs in the lab, or use Azure Resource Manager templates to create a custom test environment. You must add a private Git repository for the artifacts or Resource Manager templates that your team creates. The repository can be hosted on GitHub or on Azure DevOps Services.",
@@ -1309,8 +1309,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "15716544808866806342"
+              "version": "0.22.6.54827",
+              "templateHash": "17587308196408831883"
             },
             "name": "DevTest Lab Costs",
             "description": "This module deploys a DevTest Lab Cost.\r\n\r\nManage lab costs by setting a spending target that can be viewed in the Monthly Estimated Cost Trend chart. DevTest Labs can send a notification when spending reaches the specified target threshold.",
@@ -1636,8 +1636,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.21.1.54444",
-              "templateHash": "4976650846797191229"
+              "version": "0.22.6.54827",
+              "templateHash": "5435640009728678460"
             }
           },
           "parameters": {
diff --git a/modules/dev-test-lab/lab/notificationchannel/README.md b/modules/dev-test-lab/lab/notificationchannel/README.md
index 432c8b1d1b..d78d419ad8 100644
--- a/modules/dev-test-lab/lab/notificationchannel/README.md
+++ b/modules/dev-test-lab/lab/notificationchannel/README.md
@@ -21,32 +21,94 @@ Notification channels are used by the schedule resource type in order to send no
 
 **Required parameters**
 
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `events` | array |  | The list of event for which this notification is enabled. |
-| `name` | string | `[autoShutdown, costThreshold]` | The name of the notification channel. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`events`](#parameter-events) | array | The list of event for which this notification is enabled. |
+| [`name`](#parameter-name) | string | The name of the notification channel. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `emailRecipient` | string | `''` | The email recipient to send notifications to (can be a list of semi-colon separated email addresses). Required if "webHookUrl" is empty. |
-| `labName` | string |  | The name of the parent lab. Required if the template is used in a standalone deployment. |
-| `webHookUrl` | string | `''` | The webhook URL to which the notification will be sent. Required if "emailRecipient" is empty. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`emailRecipient`](#parameter-emailrecipient) | string | The email recipient to send notifications to (can be a list of semi-colon separated email addresses). Required if "webHookUrl" is empty. |
+| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. |
+| [`webHookUrl`](#parameter-webhookurl) | string | The webhook URL to which the notification will be sent. Required if "emailRecipient" is empty. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `description` | string | `''` | Description of notification. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `notificationLocale` | string | `'en'` | The locale to use when sending a notification (fallback for unsupported languages is EN). |
-| `tags` | object | `{object}` | Tags of the resource. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | Description of notification. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`notificationLocale`](#parameter-notificationlocale) | string | The locale to use when sending a notification (fallback for unsupported languages is EN). |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+
+### Parameter: `description`
+
+Description of notification.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `emailRecipient`
+
+The email recipient to send notifications to (can be a list of semi-colon separated email addresses). Required if "webHookUrl" is empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `events`
+
+The list of event for which this notification is enabled.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `labName`
+
+The name of the parent lab. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The name of the notification channel.
+- Required: Yes
+- Type: string
+- Allowed: `[autoShutdown, costThreshold]`
+
+### Parameter: `notificationLocale`
+
+The locale to use when sending a notification (fallback for unsupported languages is EN).
+- Required: No
+- Type: string
+- Default: `'en'`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `webHookUrl`
+
+The webhook URL to which the notification will be sent. Required if "emailRecipient" is empty.
+- Required: No
+- Type: string
+- Default: `''`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the notification channel. |
 | `resourceGroupName` | string | The name of the resource group the notification channel was created in. |
diff --git a/modules/dev-test-lab/lab/notificationchannel/main.json b/modules/dev-test-lab/lab/notificationchannel/main.json
index 0a723cda14..6251464ffc 100644
--- a/modules/dev-test-lab/lab/notificationchannel/main.json
+++ b/modules/dev-test-lab/lab/notificationchannel/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "16877948453352231958"
+      "version": "0.22.6.54827",
+      "templateHash": "7575060424945865003"
     },
     "name": "DevTest Lab Notification Channels",
     "description": "This module deploys a DevTest Lab Notification Channel.\r\n\r\nNotification channels are used by the schedule resource type in order to send notifications or events to email addresses and/or webhooks.",
diff --git a/modules/dev-test-lab/lab/policyset/policy/README.md b/modules/dev-test-lab/lab/policyset/policy/README.md
index fcf05efe7c..cc9746dea5 100644
--- a/modules/dev-test-lab/lab/policyset/policy/README.md
+++ b/modules/dev-test-lab/lab/policyset/policy/README.md
@@ -21,34 +21,109 @@ DevTest lab policies are used to modify the lab settings such as only allowing c
 
 **Required parameters**
 
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `evaluatorType` | string | `[AllowedValuesPolicy, MaxValuePolicy]` | The evaluator type of the policy (i.e. AllowedValuesPolicy, MaxValuePolicy). |
-| `factName` | string | `[EnvironmentTemplate, GalleryImage, LabPremiumVmCount, LabTargetCost, LabVmCount, LabVmSize, ScheduleEditPermission, UserOwnedLabPremiumVmCount, UserOwnedLabVmCount, UserOwnedLabVmCountInSubnet]` | The fact name of the policy. |
-| `name` | string |  | The name of the policy. |
-| `threshold` | string |  | The threshold of the policy (i.e. a number for MaxValuePolicy, and a JSON array of values for AllowedValuesPolicy). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`evaluatorType`](#parameter-evaluatortype) | string | The evaluator type of the policy (i.e. AllowedValuesPolicy, MaxValuePolicy). |
+| [`factName`](#parameter-factname) | string | The fact name of the policy. |
+| [`name`](#parameter-name) | string | The name of the policy. |
+| [`threshold`](#parameter-threshold) | string | The threshold of the policy (i.e. a number for MaxValuePolicy, and a JSON array of values for AllowedValuesPolicy). |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `labName` | string | The name of the parent lab. Required if the template is used in a standalone deployment. |
+| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `description` | string | `''` |  | The description of the policy. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `factData` | string | `''` |  | The fact data of the policy. |
-| `policySetName` | string | `'default'` |  | The name of the parent policy set. |
-| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | The status of the policy. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | The description of the policy. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`factData`](#parameter-factdata) | string | The fact data of the policy. |
+| [`policySetName`](#parameter-policysetname) | string | The name of the parent policy set. |
+| [`status`](#parameter-status) | string | The status of the policy. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+
+### Parameter: `description`
+
+The description of the policy.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `evaluatorType`
+
+The evaluator type of the policy (i.e. AllowedValuesPolicy, MaxValuePolicy).
+- Required: Yes
+- Type: string
+- Allowed: `[AllowedValuesPolicy, MaxValuePolicy]`
+
+### Parameter: `factData`
+
+The fact data of the policy.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `factName`
+
+The fact name of the policy.
+- Required: Yes
+- Type: string
+- Allowed: `[EnvironmentTemplate, GalleryImage, LabPremiumVmCount, LabTargetCost, LabVmCount, LabVmSize, ScheduleEditPermission, UserOwnedLabPremiumVmCount, UserOwnedLabVmCount, UserOwnedLabVmCountInSubnet]`
+
+### Parameter: `labName`
+
+The name of the parent lab. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The name of the policy.
+- Required: Yes
+- Type: string
+
+### Parameter: `policySetName`
+
+The name of the parent policy set.
+- Required: No
+- Type: string
+- Default: `'default'`
+
+### Parameter: `status`
+
+The status of the policy.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `threshold`
+
+The threshold of the policy (i.e. a number for MaxValuePolicy, and a JSON array of values for AllowedValuesPolicy).
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the policy. |
 | `resourceGroupName` | string | The name of the resource group the policy was created in. |
diff --git a/modules/dev-test-lab/lab/policyset/policy/main.json b/modules/dev-test-lab/lab/policyset/policy/main.json
index 5f4ddafad9..18e4b827e3 100644
--- a/modules/dev-test-lab/lab/policyset/policy/main.json
+++ b/modules/dev-test-lab/lab/policyset/policy/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "9961899772573814013"
+      "version": "0.22.6.54827",
+      "templateHash": "7402281637422771358"
     },
     "name": "DevTest Lab Policy Sets Policies",
     "description": "This module deploys a DevTest Lab Policy Sets Policy.\r\n\r\nDevTest lab policies are used to modify the lab settings such as only allowing certain VM Size SKUs, marketplace image types, number of VMs allowed per user and other settings.",
diff --git a/modules/dev-test-lab/lab/schedule/README.md b/modules/dev-test-lab/lab/schedule/README.md
index 181ecedd78..5d197319c3 100644
--- a/modules/dev-test-lab/lab/schedule/README.md
+++ b/modules/dev-test-lab/lab/schedule/README.md
@@ -21,36 +21,128 @@ Lab schedules are used to modify the settings for auto-shutdown, auto-start for
 
 **Required parameters**
 
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `name` | string | `[LabVmAutoStart, LabVmsShutdown]` | The name of the schedule. |
-| `taskType` | string | `[LabVmsShutdownTask, LabVmsStartupTask]` | The task type of the schedule (e.g. LabVmsShutdownTask, LabVmsStartupTask). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the schedule. |
+| [`taskType`](#parameter-tasktype) | string | The task type of the schedule (e.g. LabVmsShutdownTask, LabVmsStartupTask). |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `labName` | string | The name of the parent lab. Required if the template is used in a standalone deployment. |
+| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `dailyRecurrence` | object | `{object}` |  | If the schedule will occur once each day of the week, specify the daily recurrence. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `hourlyRecurrence` | object | `{object}` |  | If the schedule will occur multiple times a day, specify the hourly recurrence. |
-| `notificationSettingsStatus` | string | `'Disabled'` | `[Disabled, Enabled]` | If notifications are enabled for this schedule (i.e. Enabled, Disabled). |
-| `notificationSettingsTimeInMinutes` | int | `30` |  | Time in minutes before event at which notification will be sent. Optional if "notificationSettingsStatus" is set to "Enabled". Default is 30 minutes. |
-| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | The status of the schedule (i.e. Enabled, Disabled). |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `targetResourceId` | string | `''` |  | The resource ID to which the schedule belongs. |
-| `timeZoneId` | string | `'Pacific Standard time'` |  | The time zone ID (e.g. Pacific Standard time). |
-| `weeklyRecurrence` | object | `{object}` |  | If the schedule will occur only some days of the week, specify the weekly recurrence. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`dailyRecurrence`](#parameter-dailyrecurrence) | object | If the schedule will occur once each day of the week, specify the daily recurrence. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`hourlyRecurrence`](#parameter-hourlyrecurrence) | object | If the schedule will occur multiple times a day, specify the hourly recurrence. |
+| [`notificationSettingsStatus`](#parameter-notificationsettingsstatus) | string | If notifications are enabled for this schedule (i.e. Enabled, Disabled). |
+| [`notificationSettingsTimeInMinutes`](#parameter-notificationsettingstimeinminutes) | int | Time in minutes before event at which notification will be sent. Optional if "notificationSettingsStatus" is set to "Enabled". Default is 30 minutes. |
+| [`status`](#parameter-status) | string | The status of the schedule (i.e. Enabled, Disabled). |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`targetResourceId`](#parameter-targetresourceid) | string | The resource ID to which the schedule belongs. |
+| [`timeZoneId`](#parameter-timezoneid) | string | The time zone ID (e.g. Pacific Standard time). |
+| [`weeklyRecurrence`](#parameter-weeklyrecurrence) | object | If the schedule will occur only some days of the week, specify the weekly recurrence. |
+
+### Parameter: `dailyRecurrence`
+
+If the schedule will occur once each day of the week, specify the daily recurrence.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `hourlyRecurrence`
+
+If the schedule will occur multiple times a day, specify the hourly recurrence.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `labName`
+
+The name of the parent lab. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The name of the schedule.
+- Required: Yes
+- Type: string
+- Allowed: `[LabVmAutoStart, LabVmsShutdown]`
+
+### Parameter: `notificationSettingsStatus`
+
+If notifications are enabled for this schedule (i.e. Enabled, Disabled).
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `notificationSettingsTimeInMinutes`
+
+Time in minutes before event at which notification will be sent. Optional if "notificationSettingsStatus" is set to "Enabled". Default is 30 minutes.
+- Required: No
+- Type: int
+- Default: `30`
+
+### Parameter: `status`
+
+The status of the schedule (i.e. Enabled, Disabled).
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `targetResourceId`
+
+The resource ID to which the schedule belongs.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `taskType`
+
+The task type of the schedule (e.g. LabVmsShutdownTask, LabVmsStartupTask).
+- Required: Yes
+- Type: string
+- Allowed: `[LabVmsShutdownTask, LabVmsStartupTask]`
+
+### Parameter: `timeZoneId`
+
+The time zone ID (e.g. Pacific Standard time).
+- Required: No
+- Type: string
+- Default: `'Pacific Standard time'`
+
+### Parameter: `weeklyRecurrence`
+
+If the schedule will occur only some days of the week, specify the weekly recurrence.
+- Required: No
+- Type: object
+- Default: `{object}`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the schedule. |
 | `resourceGroupName` | string | The name of the resource group the schedule was created in. |
diff --git a/modules/dev-test-lab/lab/schedule/main.json b/modules/dev-test-lab/lab/schedule/main.json
index a4efd42401..96c2fa8537 100644
--- a/modules/dev-test-lab/lab/schedule/main.json
+++ b/modules/dev-test-lab/lab/schedule/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "12427678703978539260"
+      "version": "0.22.6.54827",
+      "templateHash": "853057685884144049"
     },
     "name": "DevTest Lab Schedules",
     "description": "This module deploys a DevTest Lab Schedule.\r\n\r\nLab schedules are used to modify the settings for auto-shutdown, auto-start for lab virtual machines.",
diff --git a/modules/dev-test-lab/lab/virtualnetwork/README.md b/modules/dev-test-lab/lab/virtualnetwork/README.md
index cb4f24b6dd..c2eaf8a2bc 100644
--- a/modules/dev-test-lab/lab/virtualnetwork/README.md
+++ b/modules/dev-test-lab/lab/virtualnetwork/README.md
@@ -21,31 +21,84 @@ Lab virtual machines must be deployed into a virtual network. This resource type
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `externalProviderResourceId` | string | The resource ID of the virtual network. |
-| `name` | string | The name of the virtual network. |
+| [`externalProviderResourceId`](#parameter-externalproviderresourceid) | string | The resource ID of the virtual network. |
+| [`name`](#parameter-name) | string | The name of the virtual network. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `labName` | string | The name of the parent lab. Required if the template is used in a standalone deployment. |
+| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `allowedSubnets` | array | `[]` | The allowed subnets of the virtual network. |
-| `description` | string | `''` | The description of the virtual network. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `subnetOverrides` | array | `[]` | The subnet overrides of the virtual network. |
-| `tags` | object | `{object}` | Tags of the resource. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`allowedSubnets`](#parameter-allowedsubnets) | array | The allowed subnets of the virtual network. |
+| [`description`](#parameter-description) | string | The description of the virtual network. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`subnetOverrides`](#parameter-subnetoverrides) | array | The subnet overrides of the virtual network. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+
+### Parameter: `allowedSubnets`
+
+The allowed subnets of the virtual network.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `description`
+
+The description of the virtual network.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `externalProviderResourceId`
+
+The resource ID of the virtual network.
+- Required: Yes
+- Type: string
+
+### Parameter: `labName`
+
+The name of the parent lab. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The name of the virtual network.
+- Required: Yes
+- Type: string
+
+### Parameter: `subnetOverrides`
+
+The subnet overrides of the virtual network.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the lab virtual network. |
 | `resourceGroupName` | string | The name of the resource group the lab virtual network was created in. |
diff --git a/modules/dev-test-lab/lab/virtualnetwork/main.json b/modules/dev-test-lab/lab/virtualnetwork/main.json
index 1449aed564..71e0cb54e5 100644
--- a/modules/dev-test-lab/lab/virtualnetwork/main.json
+++ b/modules/dev-test-lab/lab/virtualnetwork/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.20.4.51522",
-      "templateHash": "3541849489263903716"
+      "version": "0.22.6.54827",
+      "templateHash": "5213684482874022181"
     },
     "name": "DevTest Lab Virtual Networks",
     "description": "This module deploys a DevTest Lab Virtual Network.\r\n\r\nLab virtual machines must be deployed into a virtual network. This resource type allows configuring the virtual network and subnet settings used for the lab virtual machines.",
diff --git a/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep b/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep
index 73b4bd8fae..fceb1ad4b6 100644
--- a/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep
+++ b/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep b/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep
index e923ca1679..f970096185 100644
--- a/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep
+++ b/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
 targetScope = 'subscription'
 
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
 // ========== //
 // Parameters //
 // ========== //
diff --git a/modules/digital-twins/digital-twins-instance/README.md b/modules/digital-twins/digital-twins-instance/README.md
index b7fd3b5123..54a57b7e84 100644
--- a/modules/digital-twins/digital-twins-instance/README.md
+++ b/modules/digital-twins/digital-twins-instance/README.md
@@ -5,10 +5,10 @@ This module deploys an Azure Digital Twins Instance.
 ## Navigation
 
 - [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
 - [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
 
 ## Resource Types
 
@@ -23,72 +23,29 @@ This module deploys an Azure Digital Twins Instance.
 | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) |
 | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
 
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the Digital Twin Instance. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` |  | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` |  | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DataHistoryOperation, DigitalTwinsOperation, EventRoutesOperation, ModelsOperation, QueryOperation, ResourceProviderOperation]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` |  | The name of the diagnostic setting, if deployed. |
-| `diagnosticStorageAccountId` | string | `''` |  | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via the Customer Usage Attribution ID (GUID). |
-| `eventGridEndpoint` | object | `{object}` |  | Event Grid Endpoint. |
-| `eventHubEndpoint` | object | `{object}` |  | Event Hub Endpoint. |
-| `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `privateEndpoints` | array | `[]` |  | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
-| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `serviceBusEndpoint` | object | `{object}` |  | Service Bus Endpoint. |
-| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` |  | Resource tags. |
-| `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. |
-
+## Usage examples
 
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `hostname` | string | The hostname of the Digital Twins Instance. |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the Digital Twins Instance. |
-| `resourceGroupName` | string | The name of the resource group the resource was created in. |
-| `resourceId` | string | The resource ID of the Digital Twins Instance. |
-
-## Cross-referenced modules
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+   >**Note**: The name of each example is based on the name of the file from which it is taken.
 
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
+   >**Note**: To reference the module, please use the following syntax `br:bicep/modules/digital-twins.digital-twins-instance:1.0.0`.
 
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
 
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
-   >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
 
-   >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
 
-<h3>Example 1: Common</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep' = {
+module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instance:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dtdticom'
   params: {
     // Required parameters
@@ -248,14 +205,17 @@ module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep'
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep' = {
+module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instance:1.0.0' = {
   name: '${uniqueString(deployment().name, location)}-test-dtdtimin'
   params: {
     // Required parameters
@@ -292,3 +252,198 @@ module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep'
 
 </details>
 <p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the Digital Twin Instance. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). |
+| [`eventGridEndpoint`](#parameter-eventgridendpoint) | object | Event Grid Endpoint. |
+| [`eventHubEndpoint`](#parameter-eventhubendpoint) | object | Event Hub Endpoint. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`serviceBusEndpoint`](#parameter-servicebusendpoint) | object | Service Bus Endpoint. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Resource tags. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, DataHistoryOperation, DigitalTwinsOperation, EventRoutesOperation, ModelsOperation, QueryOperation, ResourceProviderOperation]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed.
+- Required: No
+- Type: string
+- Default: `[format('{0}-diagnosticSettings', parameters('name'))]`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via the Customer Usage Attribution ID (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `eventGridEndpoint`
+
+Event Grid Endpoint.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `eventHubEndpoint`
+
+Event Hub Endpoint.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the Digital Twin Instance.
+- Required: Yes
+- Type: string
+
+### Parameter: `privateEndpoints`
+
+Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `publicNetworkAccess`
+
+Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Disabled, Enabled]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `serviceBusEndpoint`
+
+Service Bus Endpoint.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Resource tags.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `hostname` | string | The hostname of the Digital Twins Instance. |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the Digital Twins Instance. |
+| `resourceGroupName` | string | The name of the resource group the resource was created in. |
+| `resourceId` | string | The resource ID of the Digital Twins Instance. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/private-endpoint` | Local reference |
diff --git a/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md b/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md
index 70a63cb0a6..0b66892ffa 100644
--- a/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md
+++ b/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md
@@ -19,30 +19,76 @@ This module deploys a Digital Twins Instance Event Grid Endpoint.
 
 **Required parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `eventGridDomainResourceId` | string | The resource ID of the Event Grid to get access keys from. |
-| `topicEndpoint` | string | EventGrid Topic Endpoint. |
+| [`eventGridDomainResourceId`](#parameter-eventgriddomainresourceid) | string | The resource ID of the Event Grid to get access keys from. |
+| [`topicEndpoint`](#parameter-topicendpoint) | string | EventGrid Topic Endpoint. |
 
 **Conditional parameters**
 
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
 | :-- | :-- | :-- |
-| `digitalTwinInstanceName` | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. |
+| [`digitalTwinInstanceName`](#parameter-digitaltwininstancename) | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `deadLetterSecret` | securestring | `''` | Dead letter storage secret for key-based authentication. Will be obfuscated during read. |
-| `deadLetterUri` | string | `''` | Dead letter storage URL for identity-based authentication. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). |
-| `name` | string | `'EventGridEndpoint'` | The name of the Digital Twin Endpoint. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`deadLetterSecret`](#parameter-deadlettersecret) | securestring | Dead letter storage secret for key-based authentication. Will be obfuscated during read. |
+| [`deadLetterUri`](#parameter-deadletteruri) | string | Dead letter storage URL for identity-based authentication. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). |
+| [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. |
+
+### Parameter: `deadLetterSecret`
+
+Dead letter storage secret for key-based authentication. Will be obfuscated during read.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `deadLetterUri`
+
+Dead letter storage URL for identity-based authentication.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `digitalTwinInstanceName`
+
+The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via the Customer Usage Attribution ID (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `eventGridDomainResourceId`
+
+The resource ID of the Event Grid to get access keys from.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The name of the Digital Twin Endpoint.
+- Required: No
+- Type: string
+- Default: `'EventGridEndpoint'`
+
+### Parameter: `topicEndpoint`
+
+EventGrid Topic Endpoint.
+- Required: Yes
+- Type: string
 
 
 ## Outputs
 
-| Output Name | Type | Description |
+| Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the Endpoint. |
 | `resourceGroupName` | string | The name of the resource group the resource was created in. |