Software development
Artificial Intelligence
Cloud
View all courses
Learn
Connect
Blog
Resource hub
Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Lab
    • Libraries: If you want this lab, consider one of these libraries.
    • Cloud
    • Data
Labs

Provision an Azure SQL Managed Instance Using Bicep

In this lab, you’ll build Bicep templates to deploy an Azure SQL Managed Instance in a secure Virtual Network, configure private endpoints for limited access, and apply best practices such as parameterization, modularization, and monitoring.

Get started Contact sales
Lab platform
Lab Info
Level
Intermediate
Last updated
Sep 23, 2025
Duration
23m

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
Table of Contents

  1. Challenge

    Introduction and Setup

    What are Bicep Templates?

    Bicep is a domain-specific language (DSL) used for deploying Azure resources. It provides a declarative syntax for defining your infrastructure as code (IaC), which is then transpiled into Azure Resource Manager (ARM) templates.

    A Bicep file is a human-readable file with the .bicep extension that describes the Azure resources you want to deploy and manage. It simplifies the process of defining Azure resources by abstracting the complexities of JSON-based ARM templates.

    Core Benefits of Bicep Templates

    1. Simplified Syntax

      • Bicep uses a clean, concise syntax that significantly reduces boilerplate code.
      • Easier to read, write, and maintain compared to JSON-based ARM templates.

      Example:

      • ARM template: 
        {
  "type": "Microsoft.Storage/storageAccounts",
  "apiVersion": "2022-09-01",
  "name": "[parameters('storageAccountName')]",
  "location": "[resourceGroup().location]",
  "sku": {
    "name": "[parameters('skuName')]"
  }
}
      • Bicep equivalent: 
        resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
  name: storageAccountName
  location: resourceGroup().location
  sku: {
    name: skuName
  }
}

    2. Modular and Reusable

      • You can create reusable modules for common configurations, promoting code reusability.
      • Modules allow you to organize and structure your code better by splitting large configurations into smaller, manageable parts.

    3. Parameterization

      • Supports parameterization, enabling the creation of flexible templates that can accept values at runtime, making templates reusable across environments (e.g., development, staging, production). ### Steps to Set Up Bicep

    4. Ensure Prerequisites

      • Azure CLI or Azure PowerShell are the command line tools that can be used to run and deploy your bicep templates to Azure.

    5. Bicep CLI

      • A command-line tool that helps you work with Bicep files, enabling you to define, validate, and deploy Azure infrastructure as code.

    6. Log in to Azure

      • Authenticate your CLI to your Azure account: 
        az login

    info> Note: This environment does not have internet access so you don't need to run these installations. This lab will help you practice writing Bicep templates.


    If you get stuck on a task, you can check the solutions folder.

  2. Challenge

    Deploying a Basic Azure SQL Managed Instance

    Like any Azure resource, Azure SQL Managed Instance can be deployed using Bicep templates, which would be beneficial for automation and version control.

    Required Properties in Azure SQL Managed Instance Bicep Template

    There are a few properties that must be defined in the bicep template for Azure SQL Managed Instance so that the deployment is successful:

    1. Name
    2. Location
    3. Administrator credentials
    4. Subnet with delegations for managed instances service and also includes a network security group and route table.

    First, add the resource for Azure SQL Managed Instance with it's internal properties in the following task.

  3. Challenge

    Securing the Deployment with Virtual Networks

    In order to be able to deploy Azure SQL Managed Instance successfully, there are specific network resources that should be added in the bicep template and linked to the Managed Instance's resource.

    Network Resources

    The network resources include:

    1. Virtual network
    2. Network security group that includes an allow outbound rule for the managed instances
    3. Route table
    4. Subnet with delegations configured for managed instances service

    After adding all required resources in the template, it is now ready to be deployed to Azure.

    This can be done by first, creating a resource group with Azure CLI:

    az group create --name MyResourceGroup --location eastus2

    Second, run the deployment command withing the resource group and using the template file as in the code below:

    az deployment group create 
  --resource-group MyResourceGroup 
  --template-file main.bicep

    info> Note: Since there is no internet access in this environment, you can not run the above deployment commands in this lab. These steps are included to keep in mind when using your local environment.

  4. Challenge

    Adding a Private Endpoint for Isolation

    A Private Endpoint provides secure, private connectivity to an Azure SQL Managed Instance over a Virtual Network (VNet), ensuring that communication between clients and the database remains isolated from the public internet.

    The private endpoint ensures that the Managed Instance is securely accessible only from within the private network, aligning with compliance and security requirements while simplifying infrastructure management.

    Azure SQL Managed Instance provides a default VNet-local endpoint that operates as if the service was physically connected to your virtual network. For enhanced isolation and security, you can create private endpoints and link them to the managed instance. To learn what a private endpoint looks like, you can explore the bicep-templates/privateEndpoint.bicep file, which includes the definition of a private endpoint and the parameters that would include virtual network details and the name of the managed instance.

  5. Challenge

    Modularizing the Template for Reusability and Best Practices

    The current bicep-templates/main.bicep template defines all resources in a single file. However, it is recommended to break the deployment into smaller modules for better maintainability and to include their IDs as output fields at the end of each module. ### Putting It All Together
    You have gained hands-on experience provisioning Azure SQL Managed Instances using bicep. You’ve explored key tasks like configuring networking, deploying resources, setting up secure access, and enabling monitoring—all through the Insfrastructure as Code setup along with best practices for maintainable templates and resources.

About the author
Eman Hassan - Labs - Eman
Eman Hassan

As a seasoned engineer with over 12 years of experience, I am deeply committed to mentorship, sharing my wealth of experience, and staying at the forefront of cutting-edge technologies. I bring a unique blend of theoretical knowledge and practical skills to the table. My expertise lies in guiding and mentoring aspiring developers through challenging projects across the entire lifecycle. My technical proficiency spans full stack development, software architecture, cloud computing, DevOps, and automation. Utilizing a versatile toolkit that includes .NET, Microsoft Azure, Nodejs, Nextjs, JavaScript, PHP, Hacklang, SQL, CQL, Angularjs and React, I specialize in crafting scalable and reliable applications that meet the demands of modern development. I have a lot of AI ideas to share and mentor and have been embracing AI as one of the current challenges to tackle. In addition to my hands-on work, I am a dedicated contributor to the development community. I have published courses and also actively share my insights and expertise with fellow developers. Passionate about solving complex problems, embracing new technologies, and fostering collaboration within cross-functional teams, I am driven by a goal to create impactful and innovative solutions that elevate user experience and enhance business value. My commitment to mentorship and continuous learning reflects my belief in the power of shared experiences and staying at the cutting edge of the ever-evolving tech landscape.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.

Get started with Pluralsight

View individual plans View team plans