diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
index e8fbe369a..5ec843eb2 100644
--- a/.github/workflows/devskim.yml
+++ b/.github/workflows/devskim.yml
@@ -16,7 +16,7 @@ on:
 jobs:
   lint:
     name: DevSkim
-    runs-on: ubuntu-20.04
+    runs-on: Ubuntu 22.04
     permissions:
       actions: read
       contents: read
diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json
index ef0b2a3fd..5a7ce6721 100644
--- a/workload/arm/deploy-baseline.json
+++ b/workload/arm/deploy-baseline.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.34.44.8038",
-      "templateHash": "2844762627669354029"
+      "templateHash": "14053498666684800097"
     },
     "name": "AVD Accelerator - Baseline Deployment",
     "description": "AVD Accelerator - Deployment Baseline",
@@ -56,7 +56,6 @@
     },
     "avdWorkloadSubsId": {
       "type": "string",
-      "defaultValue": "",
       "metadata": {
         "description": "AVD workload subscription ID, multiple subscriptions scenario. (Default: \"\")"
       }
@@ -445,7 +444,7 @@
       "type": "int",
       "defaultValue": 1,
       "minValue": 1,
-      "maxValue": 100,
+      "maxValue": 1999,
       "metadata": {
         "description": "Quantity of session hosts to deploy. (Default: 1)"
       }
@@ -453,8 +452,10 @@
     "avdSessionHostCountIndex": {
       "type": "int",
       "defaultValue": 1,
+      "minValue": 1,
+      "maxValue": 9998,
       "metadata": {
-        "description": "The session host number to begin with for the deployment. This is important when adding virtual machines to ensure the names do not conflict. (Default: 1)"
+        "description": "The session host number to begin with for the deployment. This is important when adding virtual machines to host pool ensure the names do not conflict. (Default: 1)"
       }
     },
     "availability": {
diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep
index 6e903d31c..6c2985acf 100644
--- a/workload/bicep/deploy-baseline.bicep
+++ b/workload/bicep/deploy-baseline.bicep
@@ -33,7 +33,7 @@ param avdSessionHostLocation string
 param avdManagementPlaneLocation string
 
 @sys.description('AVD workload subscription ID, multiple subscriptions scenario. (Default: "")')
-param avdWorkloadSubsId string = ''
+param avdWorkloadSubsId string
 
 @sys.description('Azure Virtual Desktop Enterprise Application object ID (Enterprise app name: Azure Virtual Desktop) . (Default: "")')
 param avdServicePrincipalObjectId string = ''
@@ -220,11 +220,13 @@ param avdAlaWorkspaceDataRetention int = 90
 param alaExistingWorkspaceResourceId string = ''
 
 @minValue(1)
-@maxValue(100)
+@maxValue(1999)
 @sys.description('Quantity of session hosts to deploy. (Default: 1)')
 param avdDeploySessionHostsCount int = 1
 
-@sys.description('The session host number to begin with for the deployment. This is important when adding virtual machines to ensure the names do not conflict. (Default: 1)')
+@minValue(1)
+@maxValue(9998)
+@sys.description('The session host number to begin with for the deployment. This is important when adding virtual machines to host pool ensure the names do not conflict. (Default: 1)')
 param avdSessionHostCountIndex int = 1
 
 @sys.description('When true VMs are distributed across availability zones, when set to false, VMs will be deployed at regional level.')
diff --git a/workload/bicep/readme.md b/workload/bicep/readme.md
index b9af06577..5d47db0aa 100644
--- a/workload/bicep/readme.md
+++ b/workload/bicep/readme.md
@@ -8,78 +8,116 @@ A full list of parameter details can be found for the relevant deployment type h
 - [Deploy AVD Baseline](../docs/autoGenerated/deploy-baseline.bicep.md)
 - [Deploy AVD Custom Image Baseline](../docs/autoGenerated/deploy-custom-image.bicep.md)
 
-### Azure CLI
-
-```bash
-az deployment create \
-  --template-file workload/bicep/deploy-baseline.bicep \
-  --parameters avdWorkloadSubsId=<subscriptionId> \
-  --parameters deploymentPrefix=<deploymentPrefix> \
-  --parameters avdVmLocalUserName=<localUserName> \
-  --parameters avdVmLocalUserPassword=<LocalUserPassword> \
-  --parameters avdIdentityServiceProvider="<IdentityServiceProvider>" \
-  --parameters avdIdentityDomainName=<DomainJoinUserName> \
-  --parameters avdDomainJoinUserName=<domainName>  \
-  --parameters avdDomainJoinUserPassword=<DomainJoinUserPassword \
-  --parameters existingHubVnetResourceId=<hubVnetResourceId>  \
-  --parameters customDnsIps=<customDNSservers>  \
-  --parameters avdServicePrincipalObjectId=<wvdAppObjectId> \
-  --parameters avdVnetPrivateDnsZone=true \
-  --parameters avdVnetPrivateDnsZoneFilesId="<PrivateDnsZoneFilesId>" \
-  --parameters avdVnetPrivateDnsZoneKeyvaultId="<PrivateDnsZoneKeyvaultId>" \
-  --avdDeployMonitoring=true \
-  --deployAlaWorkspace=true \
-  --location "eastus"
-```
-
 ### PowerShell
 
 ```powershell
+Connect-AzAccount
+#
+$SubID = "<subscription-ID>"
 $avdVmLocalUserPassword = Read-Host -Prompt "Local user password" -AsSecureString
-$avdDomainJoinUserPassword = Read-Host -Prompt "Domain join password" -AsSecureString
+#
+Select-AzSubscription -SubscriptionId $SubID
 New-AzSubscriptionDeployment `
-  -TemplateFile workload/bicep/deploy-baseline.bicep `
-  -avdWorkloadSubsId "<subscriptionId>" `
-  -deploymentPrefix "<deploymentPrefix>" `
-  -avdVmLocalUserName "<localUserName>" `
+  -Name "AVDAcceleratorDeployment" `
+  -Location "<deployment-location>" `
+  -TemplateFile "./workload/bicep/deploy-baseline.bicep" `
+  -avdWorkloadSubsId $SubID `
+  -avdSessionHostLocation "<session-host-location>" `
+  -avdManagementPlaneLocation "<management-plane-location>" `
+  -avdVmLocalUserName "<local-username>" `
   -avdVmLocalUserPassword $avdVmLocalUserPassword `
-  -avdIdentityServiceProvider "<IdentityServiceProvider>" `
-  -avdIdentityDomainName "<domainJoinUserName>" `
-  -avdDomainJoinUserName "<domainJoinUserName>"  `
-  -avdDomainJoinUserPassword $avdDomainJoinUserPassword `
-  -existingHubVnetResourceId "<hubVnetResourceId>"  `
-  -customDnsIps "<customDNSservers>"  `
-  -avdServicePrincipalObjectId "<wvdAppObjectId>" `
-  -avdVnetPrivateDnsZone $true `
-  -avdVnetPrivateDnsZoneFilesId "<PrivateDnsZoneFilesId>" `
-  -avdVnetPrivateDnsZoneKeyvaultId "<PrivateDnsZoneKeyvaultId>" `
-  -avdDeployMonitoring $true `
-  -deployAlaWorkspace $true `
-  -Location "eastus"
+  -avdIdentityServiceProvider "EntraIDKerberos" `
+  -identityDomainName "<domain-name>" `
+  -avdServicePrincipalObjectId "<object-id>" `
+  -avdSecurityGroups @(@{objectId="00000000-0000-0000-0000-000000000000"; displayName="Example-Security-Group"}) `
+  -avdVnetworkAddressPrefixes "10.10.0.0/16" `
+  -vNetworkAvdSubnetAddressPrefix "10.10.1.0/24" `
+  -vNetworkPrivateEndpointSubnetAddressPrefix "10.10.2.0/27"
 ```
-
-## Optional: Custom Image Build deployment
+> Note: above PowerShell deployment sample, deploys AVD with most of the default options in the AVD LZA using  Entra ID Kerberos as identity provider and deploying new virtual network.
 
 ### Azure CLI
 
 ```bash
-az deployment create \
-  --template-file workload/bicep/deploy-custom-image.bicep \
-  --parameters sharedServicesSubId="<subscriptionId>" \
-  --deploymentLocation="eastus" \
-  --imageVersionPrimaryLocation="eastus" \
-  --Location "eastus"
+az login
+#
+SubID="<subscription-ID>"
+read -s -p "Local user password: " avdVmLocalUserPassword
+#
+az account set --subscription "$SubID"
+az deployment sub create \
+--name "AVDAcceleratorDeployment" \
+--location "<deployment-location>" \
+--template-file "./workload/bicep/deploy-baseline.bicep" \
+--parameters \
+  avdWorkloadSubsId="$SubID" \
+  avdSessionHostLocation="<session-host-location>" \
+  avdManagementPlaneLocation="<management-plane-location>" \
+  avdVmLocalUserName="<local-username>" \
+  avdVmLocalUserPassword="$avdVmLocalUserPassword" \
+  avdIdentityServiceProvider="EntraIDKerberos" \
+  identityDomainName="<domain-name>" \
+  avdServicePrincipalObjectId="<object-id>" \
+  avdSecurityGroups="[{\"objectId\": \"00000000-0000-0000-0000-000000000000\", \"displayName\": \"Example-Security-Group\"}]" \ 
+  avdVnetworkAddressPrefixes="10.10.0.0/16" \
+  vNetworkAvdSubnetAddressPrefix="10.10.1.0/24" \
+  vNetworkPrivateEndpointSubnetAddressPrefix="10.10.2.0/27"
 ```
+> Note: above AZ CLI deployment sample, deploys AVD with most of the default options in the AVD LZA using  Entra ID Kerberos as identity provider and deploying new virtual network.
+
+## Optional: Custom Image Build deployment
 
 ### PowerShell
 
 ```powershell
-New-AzSubscriptionDeployment `
-  -TemplateFile workload/bicep/deploy-custom-image.bicep `
-  -sharedServicesSubId "<subscriptionId>" `
-  -deploymentLocation "eastus" `
-  -imageVersionPrimaryLocation "eastus" `
-  -Location "eastus"
+Connect-AzAccount
+#
+$SubID = "<subscription-ID>"
+#
+Select-AzSubscription -SubscriptionId $SubID
+New-AzDeployment `
+  -Location "<deployment-location>" `
+  -TemplateFile "./workload/bicep/deploy-custom-image.bicep" `
+  -Name "CustomImageDeployment" `
+  -SubscriptionId $SubID `
+  -sharedServicesSubId "<shared-services-subscription-id>" `
+  -deploymentLocation "<deployment-location>" `
+  -imageVersionPrimaryLocation "<primary-location>" `
+  -mpImagePublisher "<image-publisher>" `
+  -mpImageOffer "<image-offer>" `
+  -mpImageSku "<image-sku>" `
+  -mpImageVersion "latest" `
+  -userAssignedManagedIdentityCustomName "<managed-identity-name>" `
+  -enableMonitoringAlerts $false `
+  -enableResourceTags $false `
+  -enableTelemetry $true
+```
+
+### Azure CLI
+
+```bash
+az login
+#
+SubID="<subscription-ID>"
+#
+az account set --subscription "$SubID"
+az deployment sub create \
+  --name "CustomImageDeployment" \
+  --location "<deployment-location>" \
+  --template-file "./workload/bicep/deploy-custom-image.bicep" \
+  --parameters \
+    subscriptionId="$SubID" \
+    sharedServicesSubId="<shared-services-subscription-id>" \
+    deploymentLocation="<deployment-location>" \
+    imageVersionPrimaryLocation="<primary-location>" \
+    mpImagePublisher="<image-publisher>" \
+    mpImageOffer="<image-offer>" \
+    mpImageSku="<image-sku>" \
+    mpImageVersion="latest" \
+    userAssignedManagedIdentityCustomName="<managed-identity-name>" \
+    enableMonitoringAlerts=false \
+    enableResourceTags=false \
+    enableTelemetry=true
 ```
 
 ## Contributing
diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json
index df008a163..aa654aec8 100644
--- a/workload/portal-ui/portal-ui-baseline.json
+++ b/workload/portal-ui/portal-ui-baseline.json
@@ -842,7 +842,7 @@
                                     "defaultValue": 1,
                                     "toolTip": "Select the start number of the virtual machine suffix.",
                                     "min": 1,
-                                    "max": 4998,
+                                    "max": 9998,
                                     "showStepMarkers": true,
                                     "constraints": {
                                         "required": true
@@ -855,7 +855,7 @@
                                     "defaultValue": 1,
                                     "toolTip": "Select the number of virtual machines to deploy in your AVD host pool.",
                                     "min": 1,
-                                    "max": 4999,
+                                    "max": 1999,
                                     "showStepMarkers": true,
                                     "constraints": {
                                         "required": true