Microsoft.Search searchServices 2023-11-01
Bicep resource definition
The searchServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Search/searchServices resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Search/searchServices@2023-11-01' = {
identity: {
type: 'string'
}
location: 'string'
name: 'string'
properties: {
authOptions: {
aadOrApiKey: {
aadAuthFailureMode: 'string'
}
apiKeyOnly: any(Azure.Bicep.Types.Concrete.AnyType)
}
disableLocalAuth: bool
encryptionWithCmk: {
enforcement: 'string'
}
hostingMode: 'string'
networkRuleSet: {
ipRules: [
{
value: 'string'
}
]
}
partitionCount: int
publicNetworkAccess: 'string'
replicaCount: int
semanticSearch: 'string'
}
sku: {
name: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
DataPlaneAadOrApiKeyAuthOption
| Name | Description | Value |
|---|---|---|
| aadAuthFailureMode | Describes what response the data plane API of a search service would send for requests that failed authentication. | 'http401WithBearerChallenge' 'http403' |
DataPlaneAuthOptions
| Name | Description | Value |
|---|---|---|
| aadOrApiKey | Indicates that either the API key or an access token from a Microsoft Entra ID tenant can be used for authentication. | DataPlaneAadOrApiKeyAuthOption |
| apiKeyOnly | Indicates that only the API key can be used for authentication. | any |
EncryptionWithCmk
| Name | Description | Value |
|---|---|---|
| enforcement | Describes how a search service should enforce having one or more non-customer-encrypted resources. | 'Disabled' 'Enabled' 'Unspecified' |
Identity
| Name | Description | Value |
|---|---|---|
| type | The identity type. | 'None' 'SystemAssigned' (required) |
IpRule
| Name | Description | Value |
|---|---|---|
| value | Value corresponding to a single IPv4 address (for example, 123.1.2.3) or an IP range in CIDR format (for example, 123.1.2.3/24) to be allowed. | string |
Microsoft.Search/searchServices
| Name | Description | Value |
|---|---|---|
| identity | The identity of the resource. | Identity |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string (required) |
| properties | Properties of the search service. | SearchServiceProperties |
| sku | The SKU of the search service, which determines billing rate and capacity limits. This property is required when creating a new search service. | Sku |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
NetworkRuleSet
| Name | Description | Value |
|---|---|---|
| ipRules | A list of IP restriction rules used for an IP firewall. Any IPs that do not match the rules are blocked by the firewall. These rules are only applied when the 'publicNetworkAccess' of the search service is 'enabled'. | IpRule[] |
SearchServiceProperties
| Name | Description | Value |
|---|---|---|
| authOptions | Defines the options for how the data plane API of a search service authenticates requests. This cannot be set if 'disableLocalAuth' is set to true. | DataPlaneAuthOptions |
| disableLocalAuth | When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'dataPlaneAuthOptions' are defined. | bool |
| encryptionWithCmk | Specifies any policy regarding encryption of resources (such as indexes) using customer manager keys within a search service. | EncryptionWithCmk |
| hostingMode | Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. | 'default' 'highDensity' |
| networkRuleSet | Network-specific rules that determine how the search service may be reached. | NetworkRuleSet |
| partitionCount | The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. | int Constraints: Min value = 1 Max value = 12 |
| publicNetworkAccess | This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. | 'disabled' 'enabled' |
| replicaCount | The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. | int Constraints: Min value = 1 Max value = 12 |
| semanticSearch | Sets options that control the availability of semantic search. This configuration is only possible for certain search SKUs in certain locations. | 'disabled' 'free' 'standard' |
Sku
| Name | Description | Value |
|---|---|---|
| name | The SKU of the search service. Valid values include: 'free': Shared service. 'basic': Dedicated service with up to 3 replicas. 'standard': Dedicated service with up to 12 partitions and 12 replicas. 'standard2': Similar to standard, but with more capacity per search unit. 'standard3': The largest Standard offering with up to 12 partitions and 12 replicas (or up to 3 partitions with more indexes if you also set the hostingMode property to 'highDensity'). 'storage_optimized_l1': Supports 1TB per partition, up to 12 partitions. 'storage_optimized_l2': Supports 2TB per partition, up to 12 partitions.' | 'basic' 'free' 'standard' 'standard2' 'standard3' 'storage_optimized_l1' 'storage_optimized_l2' |
TrackedResourceTags
| Name | Description | Value |
|---|
Quickstart samples
The following quickstart samples deploy this resource type.
| Bicep File | Description |
|---|---|
| Azure AI Studio Network Restricted | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure Cognitive Search service | This template creates an Azure Cognitive Search service |
ARM template resource definition
The searchServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Search/searchServices resource, add the following JSON to your template.
{
"type": "Microsoft.Search/searchServices",
"apiVersion": "2023-11-01",
"name": "string",
"identity": {
"type": "string"
},
"location": "string",
"properties": {
"authOptions": {
"aadOrApiKey": {
"aadAuthFailureMode": "string"
},
"apiKeyOnly": {}
},
"disableLocalAuth": "bool",
"encryptionWithCmk": {
"enforcement": "string"
},
"hostingMode": "string",
"networkRuleSet": {
"ipRules": [
{
"value": "string"
}
]
},
"partitionCount": "int",
"publicNetworkAccess": "string",
"replicaCount": "int",
"semanticSearch": "string"
},
"sku": {
"name": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
DataPlaneAadOrApiKeyAuthOption
| Name | Description | Value |
|---|---|---|
| aadAuthFailureMode | Describes what response the data plane API of a search service would send for requests that failed authentication. | 'http401WithBearerChallenge' 'http403' |
DataPlaneAuthOptions
| Name | Description | Value |
|---|---|---|
| aadOrApiKey | Indicates that either the API key or an access token from a Microsoft Entra ID tenant can be used for authentication. | DataPlaneAadOrApiKeyAuthOption |
| apiKeyOnly | Indicates that only the API key can be used for authentication. | any |
EncryptionWithCmk
| Name | Description | Value |
|---|---|---|
| enforcement | Describes how a search service should enforce having one or more non-customer-encrypted resources. | 'Disabled' 'Enabled' 'Unspecified' |
Identity
| Name | Description | Value |
|---|---|---|
| type | The identity type. | 'None' 'SystemAssigned' (required) |
IpRule
| Name | Description | Value |
|---|---|---|
| value | Value corresponding to a single IPv4 address (for example, 123.1.2.3) or an IP range in CIDR format (for example, 123.1.2.3/24) to be allowed. | string |
Microsoft.Search/searchServices
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2023-11-01' |
| identity | The identity of the resource. | Identity |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string (required) |
| properties | Properties of the search service. | SearchServiceProperties |
| sku | The SKU of the search service, which determines billing rate and capacity limits. This property is required when creating a new search service. | Sku |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Search/searchServices' |
NetworkRuleSet
| Name | Description | Value |
|---|---|---|
| ipRules | A list of IP restriction rules used for an IP firewall. Any IPs that do not match the rules are blocked by the firewall. These rules are only applied when the 'publicNetworkAccess' of the search service is 'enabled'. | IpRule[] |
SearchServiceProperties
| Name | Description | Value |
|---|---|---|
| authOptions | Defines the options for how the data plane API of a search service authenticates requests. This cannot be set if 'disableLocalAuth' is set to true. | DataPlaneAuthOptions |
| disableLocalAuth | When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'dataPlaneAuthOptions' are defined. | bool |
| encryptionWithCmk | Specifies any policy regarding encryption of resources (such as indexes) using customer manager keys within a search service. | EncryptionWithCmk |
| hostingMode | Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. | 'default' 'highDensity' |
| networkRuleSet | Network-specific rules that determine how the search service may be reached. | NetworkRuleSet |
| partitionCount | The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. | int Constraints: Min value = 1 Max value = 12 |
| publicNetworkAccess | This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. | 'disabled' 'enabled' |
| replicaCount | The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. | int Constraints: Min value = 1 Max value = 12 |
| semanticSearch | Sets options that control the availability of semantic search. This configuration is only possible for certain search SKUs in certain locations. | 'disabled' 'free' 'standard' |
Sku
| Name | Description | Value |
|---|---|---|
| name | The SKU of the search service. Valid values include: 'free': Shared service. 'basic': Dedicated service with up to 3 replicas. 'standard': Dedicated service with up to 12 partitions and 12 replicas. 'standard2': Similar to standard, but with more capacity per search unit. 'standard3': The largest Standard offering with up to 12 partitions and 12 replicas (or up to 3 partitions with more indexes if you also set the hostingMode property to 'highDensity'). 'storage_optimized_l1': Supports 1TB per partition, up to 12 partitions. 'storage_optimized_l2': Supports 2TB per partition, up to 12 partitions.' | 'basic' 'free' 'standard' 'standard2' 'standard3' 'storage_optimized_l1' 'storage_optimized_l2' |
TrackedResourceTags
| Name | Description | Value |
|---|
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Azure AI Studio Network Restricted |
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure Cognitive Search service |
This template creates an Azure Cognitive Search service |
| Azure Cognitive Search service with private endpoint |
This template creates an Azure Cognitive Search service with a private endpoint. |
| Web App with a SQL Database, Azure Cosmos DB, Azure Search |
This template provisions a Web App, a SQL Database, Azure Cosmos DB, Azure Search and Application Insights. |
Terraform (AzAPI provider) resource definition
The searchServices resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Search/searchServices resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Search/searchServices@2023-11-01"
name = "string"
identity = {
type = "string"
}
location = "string"
sku = {
name = "string"
}
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
authOptions = {
aadOrApiKey = {
aadAuthFailureMode = "string"
}
apiKeyOnly = ?
}
disableLocalAuth = bool
encryptionWithCmk = {
enforcement = "string"
}
hostingMode = "string"
networkRuleSet = {
ipRules = [
{
value = "string"
}
]
}
partitionCount = int
publicNetworkAccess = "string"
replicaCount = int
semanticSearch = "string"
}
})
}
Property values
DataPlaneAadOrApiKeyAuthOption
| Name | Description | Value |
|---|---|---|
| aadAuthFailureMode | Describes what response the data plane API of a search service would send for requests that failed authentication. | 'http401WithBearerChallenge' 'http403' |
DataPlaneAuthOptions
| Name | Description | Value |
|---|---|---|
| aadOrApiKey | Indicates that either the API key or an access token from a Microsoft Entra ID tenant can be used for authentication. | DataPlaneAadOrApiKeyAuthOption |
| apiKeyOnly | Indicates that only the API key can be used for authentication. | any |
EncryptionWithCmk
| Name | Description | Value |
|---|---|---|
| enforcement | Describes how a search service should enforce having one or more non-customer-encrypted resources. | 'Disabled' 'Enabled' 'Unspecified' |
Identity
| Name | Description | Value |
|---|---|---|
| type | The identity type. | 'None' 'SystemAssigned' (required) |
IpRule
| Name | Description | Value |
|---|---|---|
| value | Value corresponding to a single IPv4 address (for example, 123.1.2.3) or an IP range in CIDR format (for example, 123.1.2.3/24) to be allowed. | string |
Microsoft.Search/searchServices
| Name | Description | Value |
|---|---|---|
| identity | The identity of the resource. | Identity |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string (required) |
| properties | Properties of the search service. | SearchServiceProperties |
| sku | The SKU of the search service, which determines billing rate and capacity limits. This property is required when creating a new search service. | Sku |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Search/searchServices@2023-11-01" |
NetworkRuleSet
| Name | Description | Value |
|---|---|---|
| ipRules | A list of IP restriction rules used for an IP firewall. Any IPs that do not match the rules are blocked by the firewall. These rules are only applied when the 'publicNetworkAccess' of the search service is 'enabled'. | IpRule[] |
SearchServiceProperties
| Name | Description | Value |
|---|---|---|
| authOptions | Defines the options for how the data plane API of a search service authenticates requests. This cannot be set if 'disableLocalAuth' is set to true. | DataPlaneAuthOptions |
| disableLocalAuth | When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'dataPlaneAuthOptions' are defined. | bool |
| encryptionWithCmk | Specifies any policy regarding encryption of resources (such as indexes) using customer manager keys within a search service. | EncryptionWithCmk |
| hostingMode | Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. | 'default' 'highDensity' |
| networkRuleSet | Network-specific rules that determine how the search service may be reached. | NetworkRuleSet |
| partitionCount | The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. | int Constraints: Min value = 1 Max value = 12 |
| publicNetworkAccess | This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. | 'disabled' 'enabled' |
| replicaCount | The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. | int Constraints: Min value = 1 Max value = 12 |
| semanticSearch | Sets options that control the availability of semantic search. This configuration is only possible for certain search SKUs in certain locations. | 'disabled' 'free' 'standard' |
Sku
| Name | Description | Value |
|---|---|---|
| name | The SKU of the search service. Valid values include: 'free': Shared service. 'basic': Dedicated service with up to 3 replicas. 'standard': Dedicated service with up to 12 partitions and 12 replicas. 'standard2': Similar to standard, but with more capacity per search unit. 'standard3': The largest Standard offering with up to 12 partitions and 12 replicas (or up to 3 partitions with more indexes if you also set the hostingMode property to 'highDensity'). 'storage_optimized_l1': Supports 1TB per partition, up to 12 partitions. 'storage_optimized_l2': Supports 2TB per partition, up to 12 partitions.' | 'basic' 'free' 'standard' 'standard2' 'standard3' 'storage_optimized_l1' 'storage_optimized_l2' |
TrackedResourceTags
| Name | Description | Value |
|---|