Merge pull request #312275 from mumian/0225-tag-quarantinePolicy

prmerger-automator[bot] · web-flow · commit e268b541805f · 2026-02-26T14:23:04.000Z
Add a warning about quarantinePolicy
diff --git a/articles/azure-resource-manager/bicep/private-module-registry.md b/articles/azure-resource-manager/bicep/private-module-registry.md
@@ -2,7 +2,7 @@
 title: Create a private container registry in Azure for Bicep modules
 description: Learn how to set up a private container registry in Azure for private Bicep modules.
 ms.topic: how-to
-ms.date: 12/22/2025
+ms.date: 02/25/2026
 ms.custom: devx-track-bicep
 ---
 
@@ -49,6 +49,9 @@ A Bicep registry is hosted on [Azure Container Registry (ACR)](/azure/container-
 > 
 > The private container registry must have the policy `azureADAuthenticationAsArmPolicy` set to `enabled`. If `azureADAuthenticationAsArmPolicy` is set to `disabled`, you'll get a 401 (Unauthorized) error message when publishing modules. See [Azure Container Registry introduces the Conditional Access policy](/azure/container-registry/container-registry-configure-conditional-access).
 
+> [!WARNING]
+> If `properties.policies.quarantinePolicy.status` is enabled on your Azure Container Registry, your Bicep module will "successfully" publish but the versions/tags are stripped or hidden.
+
 ## Publish files to registry
 
 After setting up the container registry, you can publish files to it. Use the [publish](bicep-cli.md#publish) command and provide any Bicep files you intend to use as modules. Specify the target location for the module in your registry. The publish command creates an ARM template, which is stored in the registry. This means if publishing a Bicep file that references other local modules, these modules are fully expanded as one JSON file and published to the registry.
