From c5202fd11acf67394c657718706ec2eea960cfb0 Mon Sep 17 00:00:00 2001
From: Piotr Karpala <piotrkarpala@microsoft.com>
Date: Tue, 15 Jul 2025 11:10:29 -0400
Subject: [PATCH 1/2] fixing location for private endpoints

---
 .../main.bicep                                        |  1 +
 .../private-endpoint-and-dns.bicep                    | 11 +++++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/main.bicep b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/main.bicep
index 0d9dadfe..23f9f00c 100644
--- a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/main.bicep
+++ b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/main.bicep
@@ -222,6 +222,7 @@ resource cosmosDB 'Microsoft.DocumentDB/databaseAccounts@2024-11-15' existing =
 module privateEndpointAndDNS 'modules-network-secured/private-endpoint-and-dns.bicep' = {
     name: '${uniqueSuffix}-private-endpoint'
     params: {
+      location: location
       aiAccountName: aiAccount.outputs.accountName    // AI Services to secure
       aiSearchName: aiDependencies.outputs.aiSearchName       // AI Search to secure
       storageName: aiDependencies.outputs.azureStorageName        // Storage to secure
diff --git a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/private-endpoint-and-dns.bicep b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/private-endpoint-and-dns.bicep
index 81179329..bd64769f 100644
--- a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/private-endpoint-and-dns.bicep
+++ b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/private-endpoint-and-dns.bicep
@@ -37,6 +37,9 @@ param vnetName string
 param peSubnetName string
 @description('Suffix for unique resource names')
 param suffix string
+@description('Azure region for the deployment')
+param location string
+
 
 @description('Resource Group name for existing Virtual Network (if different from current resource group)')
 param vnetResourceGroupName string = resourceGroup().name
@@ -110,7 +113,7 @@ resource peSubnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' existin
 // - Establishes private connection to AI Services account
 resource aiAccountPrivateEndpoint 'Microsoft.Network/privateEndpoints@2024-05-01' = {
   name: '${aiAccountName}-private-endpoint'
-  location: resourceGroup().location
+  location: location
   properties: {
     subnet: { id: peSubnet.id } // Deploy in customer hub subnet
     privateLinkServiceConnections: [
@@ -132,7 +135,7 @@ resource aiAccountPrivateEndpoint 'Microsoft.Network/privateEndpoints@2024-05-01
 // - Establishes private connection to AI Search service
 resource aiSearchPrivateEndpoint 'Microsoft.Network/privateEndpoints@2024-05-01' = {
   name: '${aiSearchName}-private-endpoint'
-  location: resourceGroup().location
+  location: location
   properties: {
     subnet: { id: peSubnet.id } // Deploy in customer hub subnet
     privateLinkServiceConnections: [
@@ -154,7 +157,7 @@ resource aiSearchPrivateEndpoint 'Microsoft.Network/privateEndpoints@2024-05-01'
 // - Establishes private connection to blob storage
 resource storagePrivateEndpoint 'Microsoft.Network/privateEndpoints@2024-05-01' = {
   name: '${storageName}-private-endpoint'
-  location: resourceGroup().location
+  location: location
   properties: {
     subnet: { id: peSubnet.id } // Deploy in customer hub subnet
     privateLinkServiceConnections: [
@@ -173,7 +176,7 @@ resource storagePrivateEndpoint 'Microsoft.Network/privateEndpoints@2024-05-01'
 
 resource cosmosDBPrivateEndpoint 'Microsoft.Network/privateEndpoints@2024-05-01' = {
   name: '${cosmosDBName}-private-endpoint'
-  location: resourceGroup().location
+  location: location
   properties: {
     subnet: { id: peSubnet.id } // Deploy in customer hub subnet
     privateLinkServiceConnections: [

From e607e628fb249014dd42ed92385c13262a4e2a7a Mon Sep 17 00:00:00 2001
From: Piotr Karpala <piotrkarpala@microsoft.com>
Date: Thu, 17 Jul 2025 00:18:04 -0400
Subject: [PATCH 2/2] vnet location

---
 .../15-private-network-standard-agent-setup/main.bicep          | 2 +-
 .../modules-network-secured/existing-vnet.bicep                 | 1 +
 .../modules-network-secured/network-agent-vnet.bicep            | 1 +
 .../modules-network-secured/vnet.bicep                          | 1 +
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/main.bicep b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/main.bicep
index 23f9f00c..694c9a70 100644
--- a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/main.bicep
+++ b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/main.bicep
@@ -222,7 +222,7 @@ resource cosmosDB 'Microsoft.DocumentDB/databaseAccounts@2024-11-15' existing =
 module privateEndpointAndDNS 'modules-network-secured/private-endpoint-and-dns.bicep' = {
     name: '${uniqueSuffix}-private-endpoint'
     params: {
-      location: location
+      location: vnet.outputs.virtualNetworkLocation
       aiAccountName: aiAccount.outputs.accountName    // AI Services to secure
       aiSearchName: aiDependencies.outputs.aiSearchName       // AI Search to secure
       storageName: aiDependencies.outputs.azureStorageName        // Storage to secure
diff --git a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/existing-vnet.bicep b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/existing-vnet.bicep
index b371d61e..d6bf91d1 100644
--- a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/existing-vnet.bicep
+++ b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/existing-vnet.bicep
@@ -84,6 +84,7 @@ output agentSubnetName string = agentSubnetName
 output agentSubnetId string = '${existingVNet.id}/subnets/${agentSubnetName}'
 output peSubnetId string = '${existingVNet.id}/subnets/${peSubnetName}'
 output virtualNetworkName string = existingVNet.name
+output virtualNetworkLocation string = existingVNet.location
 output virtualNetworkId string = existingVNet.id
 output virtualNetworkResourceGroup string = vnetResourceGroupName
 output virtualNetworkSubscriptionId string = vnetSubscriptionId
diff --git a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/network-agent-vnet.bicep b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/network-agent-vnet.bicep
index bad8a4f2..25c56164 100644
--- a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/network-agent-vnet.bicep
+++ b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/network-agent-vnet.bicep
@@ -58,6 +58,7 @@ module existingVNet 'existing-vnet.bicep' = if (useExistingVnet) {
 
 // Provide unified outputs regardless of which module was used
 output virtualNetworkName string = useExistingVnet ? existingVNet.outputs.virtualNetworkName : newVNet.outputs.virtualNetworkName
+output virtualNetworkLocation string = useExistingVnet ? existingVNet.outputs.virtualNetworkLocation : newVNet.outputs.virtualNetworkLocation
 output virtualNetworkId string = useExistingVnet ? existingVNet.outputs.virtualNetworkId : newVNet.outputs.virtualNetworkId
 output virtualNetworkSubscriptionId string = useExistingVnet ? existingVNet.outputs.virtualNetworkSubscriptionId : newVNet.outputs.virtualNetworkSubscriptionId
 output virtualNetworkResourceGroup string = useExistingVnet ? existingVNet.outputs.virtualNetworkResourceGroup : newVNet.outputs.virtualNetworkResourceGroup
diff --git a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/vnet.bicep b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/vnet.bicep
index d5b8db27..55a0c57e 100644
--- a/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/vnet.bicep
+++ b/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/vnet.bicep
@@ -78,6 +78,7 @@ output agentSubnetName string = agentSubnetName
 output agentSubnetId string = '${virtualNetwork.id}/subnets/${agentSubnetName}'
 output peSubnetId string = '${virtualNetwork.id}/subnets/${peSubnetName}'
 output virtualNetworkName string = virtualNetwork.name
+output virtualNetworkLocation string = virtualNetwork.location
 output virtualNetworkId string = virtualNetwork.id
 output virtualNetworkResourceGroup string = resourceGroup().name
 output virtualNetworkSubscriptionId string = subscription().subscriptionId