Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The batchAccounts resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Batch/batchAccounts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Batch/batchAccounts@2023-11-01' = {
  scope: resourceSymbolicName or scope
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    allowedAuthenticationModes: [
      'string'
    ]
    autoStorage: {
      authenticationMode: 'string'
      nodeIdentityReference: {
        resourceId: 'string'
      }
      storageAccountId: 'string'
    }
    encryption: {
      keySource: 'string'
      keyVaultProperties: {
        keyIdentifier: 'string'
      }
    }
    keyVaultReference: {
      id: 'string'
      url: 'string'
    }
    networkProfile: {
      accountAccess: {
        defaultAction: 'string'
        ipRules: [
          {
            action: 'Allow'
            value: 'string'
          }
        ]
      }
      nodeManagementAccess: {
        defaultAction: 'string'
        ipRules: [
          {
            action: 'Allow'
            value: 'string'
          }
        ]
      }
    }
    poolAllocationMode: 'string'
    publicNetworkAccess: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}
Property Values
Microsoft.Batch/batchAccounts
| Name | Description | Value | 
|---|---|---|
| identity | The identity of the Batch account. | BatchAccountIdentity | 
| location | The region in which to create the account. | string (required) | 
| name | The resource name | string Constraints: Min length = 3 Max length = 24 Pattern = ^[a-z0-9]+$(required) | 
| properties | The properties of the Batch account. | BatchAccountCreatePropertiesOrBatchAccountProperties | 
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
AutoStorageBasePropertiesOrAutoStorageProperties
| Name | Description | Value | 
|---|---|---|
| authenticationMode | The authentication mode which the Batch service will use to manage the auto-storage account. | 'BatchAccountManagedIdentity' 'StorageKeys' | 
| nodeIdentityReference | The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. | ComputeNodeIdentityReference | 
| storageAccountId | The resource ID of the storage account to be used for auto-storage account. | string (required) | 
BatchAccountCreateParametersTags
| Name | Description | Value | 
|---|
BatchAccountCreatePropertiesOrBatchAccountProperties
| Name | Description | Value | 
|---|---|---|
| allowedAuthenticationModes | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. | String array containing any of: 'AAD' 'SharedKey' 'TaskAuthenticationToken' | 
| autoStorage | The properties related to the auto-storage account. | AutoStorageBasePropertiesOrAutoStorageProperties | 
| encryption | Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. | EncryptionProperties | 
| keyVaultReference | A reference to the Azure key vault associated with the Batch account. | KeyVaultReference | 
| networkProfile | The network profile only takes effect when publicNetworkAccess is enabled. | NetworkProfile | 
| poolAllocationMode | The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Microsoft Entra ID. If the mode is UserSubscription, clients must use Microsoft Entra ID. The default is BatchService. | 'BatchService' 'UserSubscription' | 
| publicNetworkAccess | If not specified, the default value is 'enabled'. | 'Disabled' 'Enabled' | 
BatchAccountIdentity
| Name | Description | Value | 
|---|---|---|
| type | The type of identity used for the Batch account. | 'None' 'SystemAssigned' 'UserAssigned' (required) | 
| userAssignedIdentities | The list of user identities associated with the Batch account. | BatchAccountIdentityUserAssignedIdentities | 
BatchAccountIdentityUserAssignedIdentities
| Name | Description | Value | 
|---|
ComputeNodeIdentityReference
| Name | Description | Value | 
|---|---|---|
| resourceId | The ARM resource id of the user assigned identity. | string | 
EncryptionProperties
| Name | Description | Value | 
|---|---|---|
| keySource | Type of the key source. | 'Microsoft.Batch' 'Microsoft.KeyVault' | 
| keyVaultProperties | Additional details when using Microsoft.KeyVault | KeyVaultProperties | 
EndpointAccessProfile
| Name | Description | Value | 
|---|---|---|
| defaultAction | Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. | 'Allow' 'Deny' (required) | 
| ipRules | Array of IP ranges to filter client IP address. | IPRule[] | 
IPRule
| Name | Description | Value | 
|---|---|---|
| action | Action when client IP address is matched. | 'Allow' (required) | 
| value | IPv4 address, or IPv4 address range in CIDR format. | string (required) | 
KeyVaultProperties
| Name | Description | Value | 
|---|---|---|
| keyIdentifier | Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. orhttps://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met:The Batch Account has a System Assigned identity The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions The KeyVault has soft-delete and purge protection enabled | string | 
KeyVaultReference
| Name | Description | Value | 
|---|---|---|
| id | The resource ID of the Azure key vault associated with the Batch account. | string (required) | 
| url | The URL of the Azure key vault associated with the Batch account. | string (required) | 
NetworkProfile
| Name | Description | Value | 
|---|---|---|
| accountAccess | Network access profile for batchAccount endpoint (Batch account data plane API). | EndpointAccessProfile | 
| nodeManagementAccess | Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). | EndpointAccessProfile | 
UserAssignedIdentities
| Name | Description | Value | 
|---|
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description | 
|---|---|
| Batch Account | AVM Resource Module for Batch Account | 
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description | 
|---|---|
| Azure Batch pool without public IP addresses | This template creates Azure Batch simplified node communication pool without public IP addresses. | 
| Create a Batch Account using a template | This template creates a Batch Account and a storage account. | 
ARM template resource definition
The batchAccounts resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Batch/batchAccounts resource, add the following JSON to your template.
{
  "type": "Microsoft.Batch/batchAccounts",
  "apiVersion": "2023-11-01",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "allowedAuthenticationModes": [ "string" ],
    "autoStorage": {
      "authenticationMode": "string",
      "nodeIdentityReference": {
        "resourceId": "string"
      },
      "storageAccountId": "string"
    },
    "encryption": {
      "keySource": "string",
      "keyVaultProperties": {
        "keyIdentifier": "string"
      }
    },
    "keyVaultReference": {
      "id": "string",
      "url": "string"
    },
    "networkProfile": {
      "accountAccess": {
        "defaultAction": "string",
        "ipRules": [
          {
            "action": "Allow",
            "value": "string"
          }
        ]
      },
      "nodeManagementAccess": {
        "defaultAction": "string",
        "ipRules": [
          {
            "action": "Allow",
            "value": "string"
          }
        ]
      }
    },
    "poolAllocationMode": "string",
    "publicNetworkAccess": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}
Property Values
Microsoft.Batch/batchAccounts
| Name | Description | Value | 
|---|---|---|
| apiVersion | The api version | '2023-11-01' | 
| identity | The identity of the Batch account. | BatchAccountIdentity | 
| location | The region in which to create the account. | string (required) | 
| name | The resource name | string Constraints: Min length = 3 Max length = 24 Pattern = ^[a-z0-9]+$(required) | 
| properties | The properties of the Batch account. | BatchAccountCreatePropertiesOrBatchAccountProperties | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
| type | The resource type | 'Microsoft.Batch/batchAccounts' | 
AutoStorageBasePropertiesOrAutoStorageProperties
| Name | Description | Value | 
|---|---|---|
| authenticationMode | The authentication mode which the Batch service will use to manage the auto-storage account. | 'BatchAccountManagedIdentity' 'StorageKeys' | 
| nodeIdentityReference | The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. | ComputeNodeIdentityReference | 
| storageAccountId | The resource ID of the storage account to be used for auto-storage account. | string (required) | 
BatchAccountCreateParametersTags
| Name | Description | Value | 
|---|
BatchAccountCreatePropertiesOrBatchAccountProperties
| Name | Description | Value | 
|---|---|---|
| allowedAuthenticationModes | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. | String array containing any of: 'AAD' 'SharedKey' 'TaskAuthenticationToken' | 
| autoStorage | The properties related to the auto-storage account. | AutoStorageBasePropertiesOrAutoStorageProperties | 
| encryption | Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. | EncryptionProperties | 
| keyVaultReference | A reference to the Azure key vault associated with the Batch account. | KeyVaultReference | 
| networkProfile | The network profile only takes effect when publicNetworkAccess is enabled. | NetworkProfile | 
| poolAllocationMode | The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Microsoft Entra ID. If the mode is UserSubscription, clients must use Microsoft Entra ID. The default is BatchService. | 'BatchService' 'UserSubscription' | 
| publicNetworkAccess | If not specified, the default value is 'enabled'. | 'Disabled' 'Enabled' | 
BatchAccountIdentity
| Name | Description | Value | 
|---|---|---|
| type | The type of identity used for the Batch account. | 'None' 'SystemAssigned' 'UserAssigned' (required) | 
| userAssignedIdentities | The list of user identities associated with the Batch account. | BatchAccountIdentityUserAssignedIdentities | 
BatchAccountIdentityUserAssignedIdentities
| Name | Description | Value | 
|---|
ComputeNodeIdentityReference
| Name | Description | Value | 
|---|---|---|
| resourceId | The ARM resource id of the user assigned identity. | string | 
EncryptionProperties
| Name | Description | Value | 
|---|---|---|
| keySource | Type of the key source. | 'Microsoft.Batch' 'Microsoft.KeyVault' | 
| keyVaultProperties | Additional details when using Microsoft.KeyVault | KeyVaultProperties | 
EndpointAccessProfile
| Name | Description | Value | 
|---|---|---|
| defaultAction | Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. | 'Allow' 'Deny' (required) | 
| ipRules | Array of IP ranges to filter client IP address. | IPRule[] | 
IPRule
| Name | Description | Value | 
|---|---|---|
| action | Action when client IP address is matched. | 'Allow' (required) | 
| value | IPv4 address, or IPv4 address range in CIDR format. | string (required) | 
KeyVaultProperties
| Name | Description | Value | 
|---|---|---|
| keyIdentifier | Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. orhttps://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met:The Batch Account has a System Assigned identity The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions The KeyVault has soft-delete and purge protection enabled | string | 
KeyVaultReference
| Name | Description | Value | 
|---|---|---|
| id | The resource ID of the Azure key vault associated with the Batch account. | string (required) | 
| url | The URL of the Azure key vault associated with the Batch account. | string (required) | 
NetworkProfile
| Name | Description | Value | 
|---|---|---|
| accountAccess | Network access profile for batchAccount endpoint (Batch account data plane API). | EndpointAccessProfile | 
| nodeManagementAccess | Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). | EndpointAccessProfile | 
UserAssignedIdentities
| Name | Description | Value | 
|---|
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description | 
|---|---|
| Azure Batch pool without public IP addresses | This template creates Azure Batch simplified node communication pool without public IP addresses. | 
| Create a Batch Account using a template | This template creates a Batch Account and a storage account. | 
Terraform (AzAPI provider) resource definition
The batchAccounts resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Batch/batchAccounts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Batch/batchAccounts@2023-11-01"
  name = "string"
  parent_id = "string"
  identity {
    type = "string"
    identity_ids = [
      "string"
    ]
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      allowedAuthenticationModes = [
        "string"
      ]
      autoStorage = {
        authenticationMode = "string"
        nodeIdentityReference = {
          resourceId = "string"
        }
        storageAccountId = "string"
      }
      encryption = {
        keySource = "string"
        keyVaultProperties = {
          keyIdentifier = "string"
        }
      }
      keyVaultReference = {
        id = "string"
        url = "string"
      }
      networkProfile = {
        accountAccess = {
          defaultAction = "string"
          ipRules = [
            {
              action = "Allow"
              value = "string"
            }
          ]
        }
        nodeManagementAccess = {
          defaultAction = "string"
          ipRules = [
            {
              action = "Allow"
              value = "string"
            }
          ]
        }
      }
      poolAllocationMode = "string"
      publicNetworkAccess = "string"
    }
  }
}
Property Values
Microsoft.Batch/batchAccounts
| Name | Description | Value | 
|---|---|---|
| identity | The identity of the Batch account. | BatchAccountIdentity | 
| location | The region in which to create the account. | string (required) | 
| name | The resource name | string Constraints: Min length = 3 Max length = 24 Pattern = ^[a-z0-9]+$(required) | 
| parent_id | The ID of the resource to apply this extension resource to. | string (required) | 
| properties | The properties of the Batch account. | BatchAccountCreatePropertiesOrBatchAccountProperties | 
| tags | Resource tags | Dictionary of tag names and values. | 
| type | The resource type | "Microsoft.Batch/batchAccounts@2023-11-01" | 
AutoStorageBasePropertiesOrAutoStorageProperties
| Name | Description | Value | 
|---|---|---|
| authenticationMode | The authentication mode which the Batch service will use to manage the auto-storage account. | 'BatchAccountManagedIdentity' 'StorageKeys' | 
| nodeIdentityReference | The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. | ComputeNodeIdentityReference | 
| storageAccountId | The resource ID of the storage account to be used for auto-storage account. | string (required) | 
BatchAccountCreateParametersTags
| Name | Description | Value | 
|---|
BatchAccountCreatePropertiesOrBatchAccountProperties
| Name | Description | Value | 
|---|---|---|
| allowedAuthenticationModes | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. | String array containing any of: 'AAD' 'SharedKey' 'TaskAuthenticationToken' | 
| autoStorage | The properties related to the auto-storage account. | AutoStorageBasePropertiesOrAutoStorageProperties | 
| encryption | Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. | EncryptionProperties | 
| keyVaultReference | A reference to the Azure key vault associated with the Batch account. | KeyVaultReference | 
| networkProfile | The network profile only takes effect when publicNetworkAccess is enabled. | NetworkProfile | 
| poolAllocationMode | The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Microsoft Entra ID. If the mode is UserSubscription, clients must use Microsoft Entra ID. The default is BatchService. | 'BatchService' 'UserSubscription' | 
| publicNetworkAccess | If not specified, the default value is 'enabled'. | 'Disabled' 'Enabled' | 
BatchAccountIdentity
| Name | Description | Value | 
|---|---|---|
| type | The type of identity used for the Batch account. | 'None' 'SystemAssigned' 'UserAssigned' (required) | 
| userAssignedIdentities | The list of user identities associated with the Batch account. | BatchAccountIdentityUserAssignedIdentities | 
BatchAccountIdentityUserAssignedIdentities
| Name | Description | Value | 
|---|
ComputeNodeIdentityReference
| Name | Description | Value | 
|---|---|---|
| resourceId | The ARM resource id of the user assigned identity. | string | 
EncryptionProperties
| Name | Description | Value | 
|---|---|---|
| keySource | Type of the key source. | 'Microsoft.Batch' 'Microsoft.KeyVault' | 
| keyVaultProperties | Additional details when using Microsoft.KeyVault | KeyVaultProperties | 
EndpointAccessProfile
| Name | Description | Value | 
|---|---|---|
| defaultAction | Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. | 'Allow' 'Deny' (required) | 
| ipRules | Array of IP ranges to filter client IP address. | IPRule[] | 
IPRule
| Name | Description | Value | 
|---|---|---|
| action | Action when client IP address is matched. | 'Allow' (required) | 
| value | IPv4 address, or IPv4 address range in CIDR format. | string (required) | 
KeyVaultProperties
| Name | Description | Value | 
|---|---|---|
| keyIdentifier | Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. orhttps://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met:The Batch Account has a System Assigned identity The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions The KeyVault has soft-delete and purge protection enabled | string | 
KeyVaultReference
| Name | Description | Value | 
|---|---|---|
| id | The resource ID of the Azure key vault associated with the Batch account. | string (required) | 
| url | The URL of the Azure key vault associated with the Batch account. | string (required) | 
NetworkProfile
| Name | Description | Value | 
|---|---|---|
| accountAccess | Network access profile for batchAccount endpoint (Batch account data plane API). | EndpointAccessProfile | 
| nodeManagementAccess | Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). | EndpointAccessProfile | 
UserAssignedIdentities
| Name | Description | Value | 
|---|
Usage Examples
Terraform Samples
A basic example of deploying Azure Batch account.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "location" {
  type    = string
  default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}
resource "azapi_resource" "batchAccount" {
  type      = "Microsoft.Batch/batchAccounts@2022-10-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      encryption = {
        keySource = "Microsoft.Batch"
      }
      poolAllocationMode  = "BatchService"
      publicNetworkAccess = "Enabled"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description | 
|---|---|
| Batch Account | AVM Resource Module for Batch Account |