Merge pull request #295777 from mbender-ms/nsp-quicstart-arm-bicep

network security perimeter | New Documents | Bicep quickstart article

Author: v-dirichards

articles/private-link/create-network-security-perimeter-bicep.md

@@ -0,0 +1,97 @@
+---
+title: Quickstart - Create a network security perimeter - Bicep
+titleSuffix: Azure Private Link
+description: Learn how to create a network security perimeter for an Azure resource using Bicep. This example demonstrates the creation of a network security perimeter for an Azure Key Vault.
+author: mbender-ms
+ms.author: mbender
+ms.service: azure-private-link
+ms.topic: quickstart
+ms.date: 03/07/2025
+ms.custom: subject-armqs, mode-arm, template-concept, devx-track-bicep
+#CustomerIntent: As a network administrator, I want to create a network security perimeter for an Azure resource in the Bicep, so that I can control the network traffic to and from the resource.
+---
+
+# Quickstart - Create a network security perimeter - Bicep
+
+Get started with network security perimeter by creating a network security perimeter for an Azure Key Vault using Bicep. A [network security perimeter](network-security-perimeter-concepts.md) allows [Azure Platform as a Service (PaaS)](./network-security-perimeter-concepts.md#onboarded-private-link-resources) resources to communicate within an explicit trusted boundary. You create and update a PaaS resource's association in a network security perimeter profile. Then you create and update network security perimeter access rules. When you're finished, you delete all resources created in this quickstart.
+
+[!INCLUDE [About Bicep](~/reusable-content/ce-skilling/azure/includes/resource-manager-quickstart-bicep-introduction.md)]
+
+You can also create a network security perimeter by using the [Azure portal](create-network-security-perimeter-portal.md), [Azure PowerShell](create-network-security-perimeter-powershell.md), or the [Azure CLI](create-network-security-perimeter-cli.md).
+
+[!INCLUDE [network-security-perimeter-preview-message](../../includes/network-security-perimeter-preview-message.md)]
+
+## Prerequisites
+
+- An Azure account with an active subscription. If you don't already have an Azure account, [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+
+[!INCLUDE [network-security-perimeter-add-preview](../../includes/network-security-perimeter-add-preview.md)]
+
+## Review the Bicep file
+
+This Bicep file creates a network security perimeter for an instance of Azure Key Vault.
+
+The Bicep file that this quickstart uses is from [Azure Quickstart Templates](https://azure.microsoft.com/resources/templates/network-security-perimeter-create/).
+
+:::code language="bicep" source="~/quickstart-templates/quickstarts/microsoft.network/network-security-perimeter-create/main.bicep":::
+
+
+The Bicep file defines multiple Azure resources:
+
+- [**Microsoft.KeyVault/vaults**](/azure/templates/microsoft.keyvault/vaults): The instance of Key Vault with the sample database.
+- [**Microsoft.Network/networkSecurityPerimeters**](/azure/templates/microsoft.network/networksecurityperimeters): The network security perimeter that you use to access the instance of Key Vault.
+- [**Microsoft.Network/networkSecurityPerimeters/profiles**](/azure/templates/microsoft.network/networksecurityperimeters/profiles): The network security perimeter profile that you use to access the instance of Key Vault.
+- [**Microsoft.Network/networkSecurityPerimeters/profiles/accessRules**](/azure/templates/microsoft.network/networksecurityperimeters/profiles/accessrules): The access rules that you use to access the instance of Key Vault.
+- [**Microsoft.Network/networkSecurityPerimeters/resourceAssociations**](/azure/templates/microsoft.network/networksecurityperimeters/resourceassociations): The resource associations that you use to access the instance of Key Vault.
+
+## Deploy the Bicep file
+
+1. Save the Bicep file as **main.bicep** to your local computer.
+1. Deploy the Bicep file using either Azure CLI or Azure PowerShell.
+
+    # [CLI](#tab/CLI)
+
+    ```azurecli
+    az group create --name resource-group --location eastus
+    az deployment group create --resource-group resource-group --template-file main.bicep --parameters
+    networkSecurityPerimeterName=<network-security-perimeter-name>
+    ```
+    # [PowerShell](#tab/PowerShell)
+
+    ```powershell
+    New-AzResourceGroup -Name resource-group -Location eastus
+    New-AzResourceGroupDeployment -ResourceGroupName resource-group -TemplateFile main.bicep
+    ```
+
+    When the deployment finishes, you should see a message indicating the deployment succeeded.
+
+## Validate the deployment
+
+1. Sign into the Azure portal.
+1. Enter **Network security perimeter** in the search box at the top of the portal. Select **Network security perimeters** in the search results.
+1. Select the **networkPerimeter** resource from the list of network security perimeters.
+1. Verify that the **networkPerimeter** resource is created successfully. The **Overview** page shows the details of the network security perimeter, including the profiles, associated resources, and Policy assignments.
+
+## Clean up resources
+
+When you no longer need the resources that you created with the network security perimeter service, delete the resource group. This removes the network security perimeter service and all the related resources.
+
+# [CLI](#tab/CLI)
+
+```azurecli-interactive
+az group delete --name resource-group
+```
+
+# [PowerShell](#tab/PowerShell)
+
+```azurepowershell-interactive
+Remove-AzResourceGroup -Name resource-group
+```
+---
+
+[!INCLUDE [network-security-perimeter-delete-resources](../../includes/network-security-perimeter-delete-resources.md)]
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Diagnostic logging for Azure Network Security Perimeter](./network-security-perimeter-diagnostic-logs.md)

articles/private-link/create-network-security-perimeter-cli.md

@@ -1,5 +1,6 @@
 ---
 title: Quickstart - Create a network security perimeter - Azure CLI
+titleSuffix: Azure Private Link
 description: Learn how to create a network security perimeter for an Azure resource using Azure CLI. This example demonstrates the creation of a network security perimeter for an Azure Key Vault.
 author: mbender-ms
 ms.author: mbender

articles/private-link/create-network-security-perimeter-portal.md

@@ -1,5 +1,6 @@
 ---
 title: Quickstart - Create a network security perimeter - Azure portal
+titleSuffix: Azure Private Link
 description: Learn how to create a network security perimeter for an Azure resource using the Azure portal. This example demonstrates the creation of a network security perimeter for an Azure Key Vault.
 author: mbender-ms
 ms.author: mbender
@@ -96,14 +97,14 @@ Once you create a key vault, you can proceed to create a network security perime
 
 ## Delete a network security perimeter
 
-When you no longer need a network security perimeter, you remove any resources associated with the network security perimeter and then remove the perimeter following these steps:
+When you no longer need a network security perimeter and associated resources, you can delete the resource group that contains the network security perimeter and all associated resources. This action removes the network security perimeter and all resources within it.
 
-1. From your network security perimeter, select **Associated resources** under **Settings**.
-2. Select **key-vault-YYYYDDMM** from the list of associated resources.
-3. From the action bar, select **Settings ** and then select **Remove** in the confirmation window.
-4. Navigate back to the **Overview** page of your network security perimeter.
-5. Select **Delete** and confirm the deletion by entering **network-security-perimeter** in the text box for the name of the resource.
-6. Browse to the **resource-group** and select **Delete** to remove the resource group and all resources within it.
+1. In the Azure portal, select **Resource groups** from the left-hand menu.
+1. Select **resource-group** from the list of resource groups.
+1. In the **resource-group** window, select **Delete resource group** from the action bar.
+1. In the **Delete a resource group** window, enter the name of the resource group to confirm the deletion.
+1. Select **Delete** to remove the resource group and all resources within it.
+1. Verify the resource group is no longer listed in the **Resource groups** window.
 
 [!INCLUDE [network-security-perimeter-delete-resources](../../includes/network-security-perimeter-delete-resources.md)]
 

articles/private-link/create-network-security-perimeter-powershell.md

@@ -1,13 +1,12 @@
 ---
 title: Quickstart - Create a network security perimeter - Azure PowerShell
+titleSuffix: Azure Private Link
 description: Learn how to create a network security perimeter for an Azure resource using Azure PowerShell. This example demonstrates the creation of a network security perimeter for an Azure Key Vault.
 author: mbender-ms
 ms.author: mbender
 ms.service: azure-private-link
-ms.custom:
-  - ignite-2024
 ms.topic: quickstart
-ms.date: 11/06/2024
+ms.date: 03/05/2024
 #CustomerIntent: As a network administrator, I want to create a network security perimeter for an Azure resource using Azure PowerShell, so that I can control the network traffic to and from the resource.
 ---
 

articles/private-link/network-security-perimeter-concepts.md

@@ -1,5 +1,6 @@
 ---
 title: What is a network security perimeter?
+titleSuffix: Azure Private Link
 description: Learn about the components of network security perimeter, a feature that allows Azure PaaS resources to communicate within an explicit trusted boundary, or perimeter.
 author: mbender-ms
 ms.author: mbender

articles/private-link/network-security-perimeter-diagnostic-logs.md

@@ -1,5 +1,6 @@
 ---
 title: 'Diagnostic logs for Network Security Perimeter'
+titleSuffix: Azure Private Link
 description: Learn the options for storing diagnostic logs for Network Security Perimeter and how to enable logging through the Azure portal.
 author: mbender-ms
 ms.author: mbender

articles/private-link/network-security-perimeter-role-based-access-control-requirements.md

@@ -1,5 +1,6 @@
 ---
 title: Azure role-based access control permissions required for Azure Network Security Perimeter usage
+titleSuffix: Azure Private Link
 description: Learn about the Azure role-based access control permissions required to use Azure Network Security Perimeter.
 author: mbender-ms
 ms.author: mbender

articles/private-link/network-security-perimeter-transition.md

@@ -1,5 +1,6 @@
 ---
 title: Transition to a network security perimeter in Azure
+titleSuffix: Azure Private Link
 description: Learn about the different access modes and how to transition to a network security perimeter in Azure.
 author: mbender-ms
 ms.author: mbender

articles/private-link/toc.yml

@@ -9,10 +9,8 @@
     href: private-endpoint-overview.md
   - name: Private Link service
     href: private-link-service-overview.md
-  - name: Network security perimeter
-    items:
-    - name: What is a network security perimeter?
-      href: network-security-perimeter-concepts.md  
+  - name: What is a network security perimeter?
+    href: network-security-perimeter-concepts.md  
 - name: Configure
   items:
   - name: Create a private endpoint
@@ -53,6 +51,8 @@
       href: create-network-security-perimeter-powershell.md
     - name: Create a network security perimeter - Azure CLI
       href: create-network-security-perimeter-cli.md
+    - name: Create a network security perimeter - Bicep
+      href: create-network-security-perimeter-bicep.md
     - name: Transition to a network security perimeter
       href: network-security-perimeter-transition.md
   - name: DNS

includes/network-security-perimeter-add-preview.md

@@ -5,8 +5,8 @@
  author: mbender
  ms.service: azure-private-link
  ms.topic: include
- ms.date: 11/04/2024
- ms.author: mbender> -ms
+ ms.date: 03/05/2025
+ ms.author: mbender-ms
 ms.custom: include file, ignite-2024
 ---
 
@@ -22,17 +22,16 @@ ms.custom: include file, ignite-2024
 
   - To re-register the `Microsoft.Network` resource provider, use the following Azure PowerShell command:
 
-  ```azurepowershell-interactive
-  # Register the Microsoft.Network resource provider
-  Register-AzResourceProvider -ProviderNamespace Microsoft.Network
-  ```
+    ```azurepowershell-interactive
+    # Register the Microsoft.Network resource provider
+    Register-AzResourceProvider -ProviderNamespace Microsoft.Network
+    ```
 
   - To re-register the `Microsoft.Network` resource provider, use the following Azure CLI command:
 
     ```azurecli-interactive
     # Register the Microsoft.Network resource provider
     az provider register --namespace Microsoft.Network
     ```
-
     
   For more information on re-registering resource providers, see [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types).