3.5 Azure Blueprints, ARM Templates, and Bicep
Key Takeaways
- ARM (Azure Resource Manager) templates are JSON files that define Azure infrastructure as code for repeatable, consistent deployments.
- Bicep is a domain-specific language (DSL) that simplifies writing ARM templates with cleaner, more readable syntax.
- Azure Blueprints (being deprecated July 2026) packages role assignments, policy assignments, ARM templates, and resource groups into a single deployable definition.
- Template Specs and Deployment Stacks are replacing Azure Blueprints for governance-as-code scenarios.
- Infrastructure as Code (IaC) enables version control, repeatability, and automation of Azure deployments.
Azure Blueprints, ARM Templates, and Bicep
Quick Answer: ARM templates (JSON) and Bicep (simplified DSL) define Azure infrastructure as code. Blueprints package policies + roles + templates for repeatable governance (being deprecated in July 2026 — replaced by Template Specs and Deployment Stacks).
Infrastructure as Code (IaC)
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure through machine-readable definition files rather than manual configuration.
Benefits of IaC:
- Consistency — Deploy identical environments every time
- Repeatability — Reuse templates across dev, staging, and production
- Version control — Track changes to infrastructure in Git
- Automation — Deploy and update infrastructure in CI/CD pipelines
- Documentation — The template itself documents what is deployed
- Validation — Test infrastructure changes before applying them
ARM Templates (JSON)
ARM templates are JSON files that define the resources to deploy in Azure. They are declarative — you specify WHAT you want, and Azure Resource Manager figures out HOW to deploy it.
ARM Template Structure
| Section | Purpose |
|---|---|
| $schema | Location of the JSON schema that describes the template version |
| contentVersion | Version of the template (e.g., "1.0.0.0") |
| parameters | Values provided at deployment time (e.g., VM name, region) |
| variables | Values constructed from parameters for reuse in the template |
| resources | The Azure resources to create or update |
| outputs | Values returned after deployment (e.g., IP address of created VM) |
Key features:
- Declarative — Define the desired state; ARM handles the how
- Idempotent — Running the same template multiple times produces the same result
- Parallel deployment — ARM deploys independent resources simultaneously
- Validation — Templates are validated before deployment begins
- What-if — Preview changes before applying them
Bicep
Bicep is Microsoft's domain-specific language (DSL) that provides a cleaner, more readable alternative to ARM JSON templates. Bicep files (.bicep) are compiled into ARM templates before deployment.
Advantages of Bicep over ARM JSON:
| Feature | ARM JSON | Bicep |
|---|---|---|
| Syntax | Verbose JSON | Concise, clean syntax |
| File size | Large | Typically 50-75% smaller |
| Modules | Complex linked templates | Simple module system |
| Intellisense | Limited | Full VS Code support |
| Type safety | Minimal | Strong type validation |
| Learning curve | Steeper | Easier to learn |
On the Exam: You do NOT need to write ARM templates or Bicep code. You need to know WHAT they do (define infrastructure as code), that ARM templates use JSON, that Bicep compiles to ARM templates, and that they enable repeatable deployments.
Azure Blueprints (Deprecating July 2026)
Azure Blueprints is a service that packages multiple governance artifacts into a single, versionable, deployable definition. It is being deprecated on July 11, 2026 — Microsoft recommends migrating to Template Specs and Deployment Stacks.
What Blueprints Include
| Artifact | Purpose |
|---|---|
| Role assignments | RBAC roles to assign |
| Policy assignments | Azure Policies to enforce |
| ARM templates | Resources to deploy |
| Resource groups | Resource groups to create |
Migration to Template Specs and Deployment Stacks
| Feature | Blueprints (Deprecated) | Template Specs + Deployment Stacks |
|---|---|---|
| Template packaging | Blueprint artifacts | Template Specs |
| Deployment management | Blueprint assignments | Deployment Stacks |
| Resource protection | Blueprint locks | Deployment Stack deny settings |
| Versioning | Blueprint versions | Template Spec versions |
Azure Management Tools Summary
| Tool | Purpose |
|---|---|
| Azure Portal | Web-based GUI for managing Azure resources |
| Azure CLI | Cross-platform command-line tool (bash syntax) |
| Azure PowerShell | PowerShell module for Azure management |
| Azure Cloud Shell | Browser-based shell (supports Bash and PowerShell) |
| ARM Templates | JSON-based infrastructure as code |
| Bicep | Simplified DSL that compiles to ARM templates |
| Terraform | Third-party IaC tool (supports Azure and other clouds) |
| Azure Mobile App | Manage Azure resources from your phone |
On the Exam: Azure Cloud Shell is available in the Azure portal and provides both Bash and PowerShell. It requires an Azure Storage account for persisting files. No local installation needed.
What format are ARM templates written in?
What is the relationship between Bicep and ARM templates?
What is the main benefit of Infrastructure as Code (IaC)?