3.5 Azure Blueprints, ARM Templates, and Bicep
Key Takeaways
- ARM (Azure Resource Manager) templates are declarative JSON files that define infrastructure as code for repeatable, idempotent deployments.
- Bicep is Microsoft's domain-specific language that compiles down to ARM JSON with cleaner syntax, modules, and type safety.
- Azure Blueprints packages policies, role assignments, ARM templates, and resource groups; it is deprecated on July 11, 2026.
- Template Specs and Deployment Stacks are the recommended replacements for Blueprints governance-as-code scenarios.
- AZ-900 tests WHAT these tools do, not how to write them; you must know ARM uses JSON and Bicep compiles to ARM.
Quick Answer: ARM templates (JSON) and Bicep (a cleaner DSL that compiles to ARM) define Azure infrastructure as code for repeatable, idempotent deployments. Azure Blueprints bundles policies, roles, and templates but is being deprecated on July 11, 2026 in favor of Template Specs and Deployment Stacks.
Infrastructure as Code (IaC)
Infrastructure as Code (IaC) means provisioning and managing infrastructure through machine-readable definition files instead of clicking through portals. The same file deploys the same environment every time.
| Benefit | Why it matters |
|---|---|
| Consistency | Dev, test, and prod come from one source of truth — no drift. |
| Repeatability | Redeploy an identical environment in minutes after a disaster. |
| Version control | Store templates in Git for history, review, and rollback. |
| Automation | Run deployments inside CI/CD pipelines with no manual steps. |
| Documentation | The template is the documentation of what exists. |
ARM Templates (JSON)
ARM templates are JSON files that declare the resources to deploy. They are declarative — you state the desired end state and Azure Resource Manager works out the order and the API calls.
| Template section | Purpose |
|---|---|
| $schema | The JSON schema describing the template language version. |
| contentVersion | Your version string (e.g., 1.0.0.0). |
| parameters | Inputs supplied at deploy time (VM name, region). |
| variables | Reusable values built from parameters. |
| resources | The resources to create or update. |
| outputs | Values returned after deployment (e.g., a public IP). |
Key properties: ARM is idempotent (re-running yields the same result, not duplicates), deploys independent resources in parallel, validates the template before any change, and offers what-if to preview changes.
Bicep
Bicep is Microsoft's domain-specific language (DSL) for Azure. Bicep files (.bicep) transpile (compile) into ARM JSON before deployment, so the runtime is identical — Bicep just makes authoring far easier.
| Aspect | ARM JSON | Bicep |
|---|---|---|
| Syntax | Verbose JSON | Concise, declarative |
| File size | Large | Typically much smaller |
| Modules | Linked templates (complex) | Native module system |
| Tooling | Limited IntelliSense | Full VS Code support, type checking |
| Learning curve | Steeper | Gentler |
On the Exam: You will NOT write template code. Know that ARM templates are JSON, Bicep compiles to ARM, both are declarative IaC, and both give repeatable deployments.
Azure Blueprints (Deprecating July 11, 2026)
Azure Blueprints packages several governance artifacts into one versioned, deployable definition so an entire compliant environment can be stamped out repeatedly. Microsoft has confirmed Blueprints will be deprecated on July 11, 2026; new work should use Template Specs and Deployment Stacks.
| Blueprint artifact | What it provides |
|---|---|
| Role assignments | RBAC roles to grant |
| Policy assignments | Azure Policies to enforce |
| ARM templates | Resources to deploy |
| Resource groups | Containers to create |
| Capability | Blueprints (deprecated) | Replacement |
|---|---|---|
| Packaging templates | Blueprint definition | Template Specs |
| Managing a deployment as a unit | Blueprint assignment | Deployment Stacks |
| Protecting deployed resources | Blueprint locks | Deployment Stack deny settings |
Azure Management Tools Summary
| Tool | Role |
|---|---|
| Azure portal | Web GUI for managing resources |
| Azure CLI | Cross-platform command line (az, Bash-friendly) |
| Azure PowerShell | PowerShell module (Az) |
| Azure Cloud Shell | Browser shell with Bash AND PowerShell; needs a storage account to persist files |
| ARM templates / Bicep | Native IaC |
| Terraform | Third-party multi-cloud IaC |
On the Exam: Cloud Shell runs in the browser with no local install and supports both Bash and PowerShell, but it requires an Azure Storage account (file share) to persist your files between sessions.
Choosing the Right Tool — A Scenario
A team needs to stand up an identical three-tier web app in dev, test, and production with zero configuration drift. The portal is wrong here because manual clicks are not repeatable; the CLI and PowerShell are imperative scripts that can drift over time. The right answer is declarative IaC: author the resources once in Bicep, store the file in Git, and deploy it through a pipeline to all three environments. Because the deployment is idempotent, re-running it to apply a patch updates only what changed rather than creating duplicates, and what-if previews the impact before anyone commits.
Now suppose the same team must also stamp out, for each new business unit, a resource group plus the policies and role assignments that keep it compliant. Historically that was Azure Blueprints, which packaged all of those artifacts together. With Blueprints deprecating on July 11, 2026, the team should instead store the templates as Template Specs and deploy them through Deployment Stacks, using the stack's deny settings to protect the deployed resources the way Blueprint locks used to.
Common Traps
- ARM is JSON, Bicep is a DSL that compiles to ARM — they are not rivals, Bicep sits on top of ARM.
- Terraform is third-party and multi-cloud; ARM and Bicep are Azure-native.
- Blueprints is being retired — if a question offers it as a new recommendation, prefer Template Specs and Deployment Stacks.
- Cloud Shell still needs storage even though it is browser-based and install-free.
What file format are Azure Resource Manager (ARM) templates written in?
What is the relationship between Bicep and ARM templates?
Microsoft is deprecating Azure Blueprints. Which services are the recommended replacements?
Which statement about Azure Cloud Shell is correct?