diff --git a/docs/data-sources/auth_profile.md b/docs/data-sources/auth_profile.md
new file mode 100644
index 00000000..d7cd7b1e
--- /dev/null
+++ b/docs/data-sources/auth_profile.md
@@ -0,0 +1,92 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "zedcloud_auth_profile Data Source - terraform-provider-zedcloud"
+subcategory: ""
+description: |-
+  
+---
+
+# zedcloud_auth_profile (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `default_role_id` (String) Default Role ID to associate with the profile
+- `name` (String) User defined name of the profile. Profile name is unique within an enterprise. Name can't be changed once created
+- `title` (String) User defined title for the profile. Title can be changed anytime
+
+### Optional
+
+- `active` (Boolean) Mark this profile as active. Only one profile can be active in a given enterprise
+- `description` (String) Detailed description of the profile
+- `disable_auto_user_create` (Boolean) Do not automatically create new users if this is set
+- `enterprise_id` (String) Parent enterprise ID of the authorization profile
+- `oauth_profile` (Block List) Oauth profile configuration details (see [below for nested schema](#nestedblock--oauth_profile))
+- `password_profile` (Block List) (see [below for nested schema](#nestedblock--password_profile))
+- `profile_type` (String) Authorization profile type
+- `test_only` (Boolean)
+- `type` (String) Type of the profile
+
+### Read-Only
+
+- `id` (String) Unique system defined profile ID
+- `revision` (List of Object) system defined info (see [below for nested schema](#nestedatt--revision))
+
+<a id="nestedblock--oauth_profile"></a>
+### Nested Schema for `oauth_profile`
+
+Optional:
+
+- `additional_parameters` (String) pass additional url parameters during the exchange and authorization process
+- `client_id` (String) OAUTH client ID
+- `client_secret` (String) OAUTH client secret
+- `crypto_key` (String)
+- `encrypted_secrets` (Map of String)
+- `idp_id` (String) id for Vmware IDP
+- `jwt_auth_profile` (Block List) Config for JWT based authentication, jwks_uri is derived from OIDC Well Known Endpoints (see [below for nested schema](#nestedblock--oauth_profile--jwt_auth_profile))
+- `o_id_c_end_point` (String) OIDC endpoint for oauth validation
+- `role_scope` (String) OIDC scope to fetch application role
+
+<a id="nestedblock--oauth_profile--jwt_auth_profile"></a>
+### Nested Schema for `oauth_profile.jwt_auth_profile`
+
+Optional:
+
+- `alg` (String) Algorithm for JWT signature verification
+
+
+
+<a id="nestedblock--password_profile"></a>
+### Nested Schema for `password_profile`
+
+Optional:
+
+- `max_length` (Number)
+- `max_password_age` (Number)
+- `min_length` (Number)
+- `min_lowercase_chars` (Number)
+- `min_numeric_chars` (Number)
+- `min_password_age` (Number)
+- `min_symbol_chars` (Number)
+- `min_uppercase_chars` (Number)
+- `num_prev_password_check` (Number)
+- `password_expiry_notification_period_in_seconds` (Number)
+
+
+<a id="nestedatt--revision"></a>
+### Nested Schema for `revision`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `curr` (String)
+- `prev` (String)
+- `updated_at` (String)
+- `updated_by` (String)
diff --git a/docs/resources/project.md b/docs/resources/project.md
index 48987573..9cbdc412 100644
--- a/docs/resources/project.md
+++ b/docs/resources/project.md
@@ -25,11 +25,14 @@ description: |-
 
 - `app_policy` (Block List) Resource group wide policy for edge applications to be deployed on all edge nodes on this resource group (see [below for nested schema](#nestedblock--app_policy))
 - `attestation_policy` (Block List) Attestation policy to enforce on all devices of this project (see [below for nested schema](#nestedblock--attestation_policy))
+- `configuration_lock_policy` (Block List) Configuration lock prevents users to send unintentional misconfigurations (see [below for nested schema](#nestedblock--configuration_lock_policy))
 - `deployment` (Block List) Deployment template containing different types of policies (see [below for nested schema](#nestedblock--deployment))
 - `description` (String) Detailed description of the resource group.
 - `edgeview_policy` (Block List) Edgeview policy on devices of this project (see [below for nested schema](#nestedblock--edgeview_policy))
 - `local_operator_console_policy` (Block List) Local operator console policy on devices of this project (see [below for nested schema](#nestedblock--local_operator_console_policy))
 - `network_policy` (Block List) Network policy to enforce on all devices of this project (see [below for nested schema](#nestedblock--network_policy))
+- `tag_level_settings` (Block List) tag level setting within a enterprise (see [below for nested schema](#nestedblock--tag_level_settings))
+- `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
 
 ### Read-Only
 
@@ -50,6 +53,7 @@ Optional:
 - `attr` (Map of String) Mapping of policy  variable keys and policy variable values
 - `azure_policy` (Block List) azure policy, which is used in configuring azure iot-edge. (see [below for nested schema](#nestedblock--app_policy--azure_policy))
 - `cluster_policy` (Block List) cluster policy to bring up cluster on devices in this project (see [below for nested schema](#nestedblock--app_policy--cluster_policy))
+- `configuration_lock_policy` (Block List) configuration lock policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--app_policy--configuration_lock_policy))
 - `description` (String) Detailed description of the policy
 - `edgeview_policy` (Block List) edgeview policy on devices of this project (see [below for nested schema](#nestedblock--app_policy--edgeview_policy))
 - `local_operator_console_policy` (Block List) local operator console policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--app_policy--local_operator_console_policy))
@@ -783,6 +787,18 @@ Optional:
 
 
 
+<a id="nestedblock--app_policy--configuration_lock_policy"></a>
+### Nested Schema for `app_policy.configuration_lock_policy`
+
+Required:
+
+- `config_lock` (String) configuration lock setting
+
+Read-Only:
+
+- `id` (String) unique policy id
+
+
 <a id="nestedblock--app_policy--edgeview_policy"></a>
 ### Nested Schema for `app_policy.edgeview_policy`
 
@@ -2331,6 +2347,7 @@ Optional:
 - `attr` (Map of String) Mapping of policy  variable keys and policy variable values
 - `azure_policy` (Block List) azure policy, which is used in configuring azure iot-edge. (see [below for nested schema](#nestedblock--attestation_policy--azure_policy))
 - `cluster_policy` (Block List) cluster policy to bring up cluster on devices in this project (see [below for nested schema](#nestedblock--attestation_policy--cluster_policy))
+- `configuration_lock_policy` (Block List) configuration lock policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--attestation_policy--configuration_lock_policy))
 - `description` (String) Detailed description of the policy
 - `edgeview_policy` (Block List) edgeview policy on devices of this project (see [below for nested schema](#nestedblock--attestation_policy--edgeview_policy))
 - `local_operator_console_policy` (Block List) local operator console policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--attestation_policy--local_operator_console_policy))
@@ -3064,6 +3081,18 @@ Optional:
 
 
 
+<a id="nestedblock--attestation_policy--configuration_lock_policy"></a>
+### Nested Schema for `attestation_policy.configuration_lock_policy`
+
+Required:
+
+- `config_lock` (String) configuration lock setting
+
+Read-Only:
+
+- `id` (String) unique policy id
+
+
 <a id="nestedblock--attestation_policy--edgeview_policy"></a>
 ### Nested Schema for `attestation_policy.edgeview_policy`
 
@@ -3637,15 +3666,2309 @@ Optional:
 - `resources` (Block List) UI map: AppEditPage:ResourcesPane, AppDetailsPage:ResourcesPane (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--resources))
 - `vmmode` (String) UI map: AppEditPage:IdentityPane:VM_Mode_Field, AppDetailsPage:IdentityPane:VM_Mode_Field
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration`
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration`
+
+Optional:
+
+- `custom_config` (Block List) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config))
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config`
+
+Optional:
+
+- `add` (Boolean) Add the Custom Config to App Instance (Optional. Default: False)
+- `allow_storage_resize` (Boolean) Allow Appinstance storage to be resized after app instance is created. (Optional. Default: False)
+- `field_delimiter` (String) Field delimiter used in specifying variables in template. (Required)
+- `name` (String) Name of CustomConfig (Required)
+- `override` (Boolean) Override existing custom config from App Bundle Manifest (Optional. Default: False)
+- `template` (String) base64 encrypted template string. (Optional)
+- `variable_groups` (Block List) List of Variable groups. (Required) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups))
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups`
+
+Optional:
+
+- `condition` (Block List) Condition to apply the variable group. (Optional. Default: None) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--condition))
+- `name` (String) Name of the Variable Group(Required)
+- `required` (Boolean) Indicates if the variable group is required to be specified for the App Instance. (Optional. Default:False)
+- `variables` (Block List) List of variables(Required) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables))
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--condition"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups.condition`
+
+Optional:
+
+- `name` (String)
+- `operator` (String)
+- `value` (String)
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups.variables`
+
+Required:
+
+- `format` (String) Format of the user variable. (Required)
+- `label` (String) Label for the variable (Required)
+- `name` (String) Name of the Variable (Required)
+- `required` (Boolean) This variable MUST be specified when creating an App Instance. (Optional. Default: False)
+
+Optional:
+
+- `default` (String) Default value of the variable. (Optional. Default: <Default value based on type>)
+- `encode` (String) Encoding of file content. Applicable if format is VARIABLE_FORMAT_FILE
+- `max_length` (String) Max length of the value of the variable(Optional. Default: 1024)
+- `options` (Block List) Key-Value pair of options. Applicable if format is VARIABLE_FORMAT_DROPDOWN (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables--options))
+- `process_input` (String)
+- `type` (String)
+- `value` (String) User-specified value of the variable.(Required if required is true. Optional otherwise)
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables--options"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups.variables.options`
+
+Optional:
+
+- `label` (String) Display label of the key in User-Agent
+- `value` (String) Value of the key to be used
+
+
+
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--container_detail"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.container_detail`
+
+Optional:
+
+- `container_create_option` (String) Create options direct the creation of the Docker container
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--desc"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.desc`
+
+Required:
+
+- `app_category` (String)
+
+Optional:
+
+- `agreement_list` (Map of String) UI map: AppEditPage:DeveloperPane:Developer_Agreement_Field, AppDetailsPage:DeveloperPane:Developer_Agreement_Field
+- `category` (String) UI map: AppMarketplacePage:AppCard:DescriptionField, AppEditPage:IdentityPane:CategoryField, AppDetailsPage:IdentityPane:CategoryField
+- `license_list` (Map of String) UI map: AppMarketplacePage:AppCard:License, AppEditPage:IdentityPane:License, AppDetailsPage:IdentityPane:License
+- `logo` (Map of String) UI map: AppEditPage:IdentityPane:Logo, AppDetailsPage:IdentityPane:Logo
+- `os` (String)
+- `screenshot_list` (Map of String) UI map: AppEditPage:IdentityPane:Screenshot_Fields, AppDetailsPage:IdentityPane:Screenshot_Fields
+- `support` (String) UI map: AppEditPage:DeveloperPane:Support_Description_Field, AppDetailsPage:DeveloperPane:Support_Description_Field
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--images"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.images`
+
+Optional:
+
+- `cleartext` (Boolean) UI map: AppEditPage:DrivesPane:Cleartext, AppDetailsPage:DrivesPane:ClearText_Field
+- `drvtype` (String) UI map: AppEditPage:DrivesPane:Drive_Type_Field, AppDetailsPage:DrivesPane:Drive_Type_Field
+- `ignorepurge` (Boolean) UI map: AppEditPage:DrivesPane:Ignorepurge, AppDetailsPage:DrivesPane:Ignorepurgee_Field
+- `imageformat` (String) UI map: AppEditPage:DrivesPane:Image_Format_Field, AppDetailsPage:DrivesPane:Image_Format_Field
+- `imageid` (String) UI map: AppEditPage:DrivesPane:Image_ID_Field, AppDetailsPage:DrivesPane:Image_ID_Field
+- `imagename` (String) UI map: AppEditPage:DrivesPane:Image_Name_Field, AppDetailsPage:DrivesPane:Image_Name_Field
+- `maxsize` (String) UI map: AppEditPage:DrivesPane:Max_Size_Field, AppDetailsPage:DrivesPane:Max_Size_Field
+- `mountpath` (String) UI map: AppEditPage:DrivesPane:Mountpath, AppDetailsPage:DrivesPane:Mountpath_Field
+- `params` (Block List) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--images--params))
+- `preserve` (Boolean) UI map: AppEditPage:DrivesPane:Preserve_Field, AppDetailsPage:DrivesPane:Preserve_Field
+- `readonly` (Boolean)
+- `target` (String) UI map: AppEditPage:DrivesPane:Target_Field, AppDetailsPage:DrivesPane:Target_Field
+- `volumelabel` (String) UI map: AppEditPage:DrivesPane:Volume_Label, AppDetailsPage:DrivesPane:Volume_Label
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--images--params"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.images.params`
+
+Optional:
+
+- `name` (String) Name of the Parameter (Required)
+- `value` (String) Value of the parameter (Required)
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces`
+
+Optional:
+
+- `acls` (Block List) Traffic access control rules for this interface. Applicable only when "direct attach" flag is false. (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls))
+- `directattach` (Boolean) If true, a physical adapter is assigned to the edge application directly. If false, a network instance is assigned to the edge application.
+- `name` (String) Interface name used by the edge application
+- `optional` (Boolean) Indicates if the interface is optional for edge application.
+- `privateip` (Boolean) If true, DHCP network can't be assigned and user needs to provide a static IP address.
+- `type` (String) Physical Adapter type for this interface. Applicable only when "direct attach" flag is true.
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls`
+
+Optional:
+
+- `actions` (Block List) Chain of actions to be taken on matching network traffic (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions))
+- `matches` (Block List) Network traffic matching criteria consistngs of one or more of source IP address, destination IP address, protocol, source port and destination port (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--matches))
+- `name` (String) Name of the Access Control List
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.actions`
+
+Optional:
+
+- `drop` (Boolean) Drop the packet
+- `limit` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limit_value` (Block List) Value to be used for limit action (Required if limit is true) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--limit_value))
+- `limitburst` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitrate` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `portmap` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `portmapto` (Block List) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--portmapto))
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--limit_value"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.actions.limit_value`
+
+Optional:
+
+- `limitburst` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitrate` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--portmapto"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.actions.portmapto`
+
+Optional:
+
+- `app_port` (Number) Application Port value
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--matches"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.matches`
+
+Optional:
+
+- `type` (String) Type of Match (Required)
+- `value` (String) Value of match (Required)
+
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--module"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.module`
+
+Optional:
+
+- `environment` (Map of String) Extra information to module to make configuration easier
+- `module_type` (String) Type of modules
+- `routes` (Map of String) Send messages between modules or send messages from modules to iot hub
+- `twin_detail` (String) Base64 encoded module twin details, desired properties of the module will be updated to reflect these values
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--owner"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.owner`
+
+Optional:
+
+- `company` (String) UI map: AppEditPage:IdentityPane:Category_Field, AppDetailsPage:IdentityPane:Category_Field
+- `email` (String) UI map: AppEditPage:DeveloperPane:Email_Field, AppDetailsPage:DeveloperPane:Email_Field
+- `group` (String)
+- `user` (String) UI map: AppEditPage:DeveloperPane:Name_Field, AppDetailsPage:DeveloperPane:Name_Field
+- `website` (String) UI map: AppEditPage:DeveloperPane:Website_Field, AppDetailsPage:DeveloperPane:Website_Field
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--permissions"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.permissions`
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--resources"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.resources`
+
+Optional:
+
+- `name` (String) Name of the Resource (Required)
+- `value` (String) Value of Resource (Required)
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces`
+
+Required:
+
+- `intfname` (String) intf Name
+- `netinstname` (String) Network Instance name to be matched for interface assignment. Applicable only when "direct attach" flag is false
+- `privateip` (Boolean) Private IP flag
+
+Optional:
+
+- `access_vlan_id` (Number) access port VLAN ID, vlan id of zero will be treated as trunk port and vlan id 1 is implicitly used by linux bridges
+- `acls` (Block List) app Acls (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls))
+- `default_net_instance` (Boolean) default instance flag
+- `directattach` (Boolean) direct attach flag
+- `eidregister` (Block List) EID register details (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--eidregister))
+- `intforder` (Number) intforder
+- `io` (Block List) Physical Adapter to be matched for interface assignment. Applicable only when "direct attach" flag is true (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--io))
+- `ipaddr` (String) IP address
+- `macaddr` (String) MAC address
+- `netinsttag` (Map of String) Network Instance tag to be matched for interface assignment. Applicable only when "direct attach" flag is false
+- `netname` (String) network name: will be deprecated in future, use netinstname
+
+Read-Only:
+
+- `netinstid` (String) Network Instance id to be matched for interface assignment.
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.acls`
+
+Optional:
+
+- `actions` (Block List) app ACE actions (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--actions))
+- `matches` (Block List) app ACE match (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--matches))
+- `name` (String) User defined name of the app ACE, unique across the enterprise. Once object is created, name can’t be changed
+
+Read-Only:
+
+- `id` (Number) app ACE id
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--actions"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.acls.actions`
+
+Optional:
+
+- `drop` (Boolean) ACE drop flag
+- `limit` (Boolean) ACE limit flag
+- `limitburst` (Number) ACE limit burst
+- `limitrate` (Number) ACE limit rate
+- `limitunit` (String) ACE limit unit
+- `mapparams` (Block List) Application map params (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--actions--mapparams))
+- `portmap` (Boolean) application port map flag
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--actions--mapparams"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.acls.actions.mapparams`
+
+Optional:
+
+- `port` (Number) Application port
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--matches"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.acls.matches`
+
+Optional:
+
+- `type` (String) Type
+- `value` (String) Value
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--eidregister"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.eidregister`
+
+Required:
+
+- `display_name` (String) Display name
+- `e_id` (String) EID
+- `e_id_hash_len` (Number) EID hash length
+- `lisp_instance` (Number) Lisp Instance
+- `lisp_map_servers` (Block List, Min: 1) Lisp Map Server (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--eidregister--lisp_map_servers))
+- `lisp_signature` (String) Lisp Signature
+- `uuid` (String) UUID
+
+Read-Only:
+
+- `app_cert` (String) app certificate
+- `app_private_key` (String) App private key
+- `app_public_key` (String) App public key
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--eidregister--lisp_map_servers"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.eidregister.lisp_map_servers`
+
+Required:
+
+- `credential` (String, Sensitive) lisp credential
+- `name_or_ip` (String) name/IP
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--io"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.io`
+
+Optional:
+
+- `name` (String) Physical Adapter name
+- `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
+- `type` (String) IoType specifies the type of the Input output of the device
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--parent_detail"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.parent_detail`
+
+Optional:
+
+- `reference_exists` (Boolean) Relation with child and parent object exists or not
+- `update_available` (Boolean) Update required flag
+
+Read-Only:
+
+- `id_of_parent_object` (String) system defined unique id of parent object
+- `version_of_parent_object` (Number) version of object present in parent
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub`
+
+Required:
+
+- `cpus` (Number) user defined cpus for bundle
+- `manifest_json` (Block List, Min: 1) Manifest data (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json))
+- `memory` (Number) user defined memory for bundle
+- `name` (String) User defined name of the edge application, unique across the enterprise. Once object is created, name can’t be changed
+- `networks` (Number) user defined network options
+- `origin_type` (String) origin of object
+- `title` (String) User defined title of the edge application. Title can be changed at any time
+
+Optional:
+
+- `app_id` (String) User defined name of the edge app, unique across the enterprise. Once app name is created, name can’t be changed
+- `app_version` (String) Current version of the attached bundle
+- `description` (String) Detailed description of the edge application
+- `interfaces` (Block List) application interfaces (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces))
+- `name_app_part` (String) User provided name part  for the auto deployed app
+- `name_project_part` (String) User provided name part  for the auto deployed app
+- `naming_scheme` (String) app naming scheme
+- `parent_detail` (Block List) origin and parent related details (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--parent_detail))
+- `start_delay_in_seconds` (Number) start delay is the time in seconds EVE should wait after boot before starting the application instance
+- `storage` (Number) user defined storage for bundle
+- `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
+
+Read-Only:
+
+- `drives` (Number) user defined drives
+- `id` (String) System defined universally unique Id of the edge application
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json`
+
+Required:
+
+- `ac_kind` (String) UI map: N/A - not exposed to users
+- `ac_version` (String) UI map: N/A - not exposed to users
+- `name` (String) UI map: AppEditPage:IdentityPane:Name_Field, AppDetailsPage:IdentityPane:Name_Field
+
+Optional:
+
+- `app_type` (String) bundle type, eg: vm, container, module
+- `configuration` (Block List) Template for Custom Configuration. Used for Cloud-Init (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration))
+- `container_detail` (Block List) Create options direct the creation of the Docker container (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--container_detail))
+- `cpu_pinning_enabled` (Boolean) Enable CpuPinning
+- `deployment_type` (String) type of deployment for the app, eg: azure, k3s, standalone
+- `desc` (Block List) Description of the application (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--desc))
+- `description` (String) UI map: AppDetailsPage:IdentityPane:DescriptionField, AppMarketplacePage:AppCard:DescriptionField
+- `display_name` (String) UI map: AppEditPage:IdentityPane:Title_Field, AppDetailsPage:IdentityPane:Title_Field
+- `enablevnc` (Boolean) UI map: AppEditPage:IdentityPane:VNC_Field, AppDetailsPage:IdentityPane:VNC_Field
+- `images` (Block List) UI map: AppEditPage:DrivesPane, AppDetailsPage:DrivesPane (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--images))
+- `interfaces` (Block List) UI map: AppEditPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces))
+- `module` (Block List) Azure module specific details like module twin, environment variable, routes (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--module))
+- `owner` (Block List) Owner of the application (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--owner))
+- `permissions` (Block List) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--permissions))
+- `resources` (Block List) UI map: AppEditPage:ResourcesPane, AppDetailsPage:ResourcesPane (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--resources))
+- `vmmode` (String) UI map: AppEditPage:IdentityPane:VM_Mode_Field, AppDetailsPage:IdentityPane:VM_Mode_Field
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration`
+
+Optional:
+
+- `custom_config` (Block List) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config))
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config`
+
+Optional:
+
+- `add` (Boolean) Add the Custom Config to App Instance (Optional. Default: False)
+- `allow_storage_resize` (Boolean) Allow Appinstance storage to be resized after app instance is created. (Optional. Default: False)
+- `field_delimiter` (String) Field delimiter used in specifying variables in template. (Required)
+- `name` (String) Name of CustomConfig (Required)
+- `override` (Boolean) Override existing custom config from App Bundle Manifest (Optional. Default: False)
+- `template` (String) base64 encrypted template string. (Optional)
+- `variable_groups` (Block List) List of Variable groups. (Required) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups))
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups`
+
+Optional:
+
+- `condition` (Block List) Condition to apply the variable group. (Optional. Default: None) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--condition))
+- `name` (String) Name of the Variable Group(Required)
+- `required` (Boolean) Indicates if the variable group is required to be specified for the App Instance. (Optional. Default:False)
+- `variables` (Block List) List of variables(Required) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables))
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--condition"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups.condition`
+
+Optional:
+
+- `name` (String)
+- `operator` (String)
+- `value` (String)
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups.variables`
+
+Required:
+
+- `format` (String) Format of the user variable. (Required)
+- `label` (String) Label for the variable (Required)
+- `name` (String) Name of the Variable (Required)
+- `required` (Boolean) This variable MUST be specified when creating an App Instance. (Optional. Default: False)
+
+Optional:
+
+- `default` (String) Default value of the variable. (Optional. Default: <Default value based on type>)
+- `encode` (String) Encoding of file content. Applicable if format is VARIABLE_FORMAT_FILE
+- `max_length` (String) Max length of the value of the variable(Optional. Default: 1024)
+- `options` (Block List) Key-Value pair of options. Applicable if format is VARIABLE_FORMAT_DROPDOWN (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables--options))
+- `process_input` (String)
+- `type` (String)
+- `value` (String) User-specified value of the variable.(Required if required is true. Optional otherwise)
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables--options"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups.variables.options`
+
+Optional:
+
+- `label` (String) Display label of the key in User-Agent
+- `value` (String) Value of the key to be used
+
+
+
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--container_detail"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.container_detail`
+
+Optional:
+
+- `container_create_option` (String) Create options direct the creation of the Docker container
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--desc"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.desc`
+
+Required:
+
+- `app_category` (String)
+
+Optional:
+
+- `agreement_list` (Map of String) UI map: AppEditPage:DeveloperPane:Developer_Agreement_Field, AppDetailsPage:DeveloperPane:Developer_Agreement_Field
+- `category` (String) UI map: AppMarketplacePage:AppCard:DescriptionField, AppEditPage:IdentityPane:CategoryField, AppDetailsPage:IdentityPane:CategoryField
+- `license_list` (Map of String) UI map: AppMarketplacePage:AppCard:License, AppEditPage:IdentityPane:License, AppDetailsPage:IdentityPane:License
+- `logo` (Map of String) UI map: AppEditPage:IdentityPane:Logo, AppDetailsPage:IdentityPane:Logo
+- `os` (String)
+- `screenshot_list` (Map of String) UI map: AppEditPage:IdentityPane:Screenshot_Fields, AppDetailsPage:IdentityPane:Screenshot_Fields
+- `support` (String) UI map: AppEditPage:DeveloperPane:Support_Description_Field, AppDetailsPage:DeveloperPane:Support_Description_Field
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--images"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.images`
+
+Optional:
+
+- `cleartext` (Boolean) UI map: AppEditPage:DrivesPane:Cleartext, AppDetailsPage:DrivesPane:ClearText_Field
+- `drvtype` (String) UI map: AppEditPage:DrivesPane:Drive_Type_Field, AppDetailsPage:DrivesPane:Drive_Type_Field
+- `ignorepurge` (Boolean) UI map: AppEditPage:DrivesPane:Ignorepurge, AppDetailsPage:DrivesPane:Ignorepurgee_Field
+- `imageformat` (String) UI map: AppEditPage:DrivesPane:Image_Format_Field, AppDetailsPage:DrivesPane:Image_Format_Field
+- `imageid` (String) UI map: AppEditPage:DrivesPane:Image_ID_Field, AppDetailsPage:DrivesPane:Image_ID_Field
+- `imagename` (String) UI map: AppEditPage:DrivesPane:Image_Name_Field, AppDetailsPage:DrivesPane:Image_Name_Field
+- `maxsize` (String) UI map: AppEditPage:DrivesPane:Max_Size_Field, AppDetailsPage:DrivesPane:Max_Size_Field
+- `mountpath` (String) UI map: AppEditPage:DrivesPane:Mountpath, AppDetailsPage:DrivesPane:Mountpath_Field
+- `params` (Block List) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--images--params))
+- `preserve` (Boolean) UI map: AppEditPage:DrivesPane:Preserve_Field, AppDetailsPage:DrivesPane:Preserve_Field
+- `readonly` (Boolean)
+- `target` (String) UI map: AppEditPage:DrivesPane:Target_Field, AppDetailsPage:DrivesPane:Target_Field
+- `volumelabel` (String) UI map: AppEditPage:DrivesPane:Volume_Label, AppDetailsPage:DrivesPane:Volume_Label
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--images--params"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.images.params`
+
+Optional:
+
+- `name` (String) Name of the Parameter (Required)
+- `value` (String) Value of the parameter (Required)
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces`
+
+Optional:
+
+- `acls` (Block List) Traffic access control rules for this interface. Applicable only when "direct attach" flag is false. (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls))
+- `directattach` (Boolean) If true, a physical adapter is assigned to the edge application directly. If false, a network instance is assigned to the edge application.
+- `name` (String) Interface name used by the edge application
+- `optional` (Boolean) Indicates if the interface is optional for edge application.
+- `privateip` (Boolean) If true, DHCP network can't be assigned and user needs to provide a static IP address.
+- `type` (String) Physical Adapter type for this interface. Applicable only when "direct attach" flag is true.
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls`
+
+Optional:
+
+- `actions` (Block List) Chain of actions to be taken on matching network traffic (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions))
+- `matches` (Block List) Network traffic matching criteria consistngs of one or more of source IP address, destination IP address, protocol, source port and destination port (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--matches))
+- `name` (String) Name of the Access Control List
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.actions`
+
+Optional:
+
+- `drop` (Boolean) Drop the packet
+- `limit` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limit_value` (Block List) Value to be used for limit action (Required if limit is true) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--limit_value))
+- `limitburst` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitrate` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `portmap` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `portmapto` (Block List) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--portmapto))
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--limit_value"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.actions.limit_value`
+
+Optional:
+
+- `limitburst` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitrate` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--portmapto"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.actions.portmapto`
+
+Optional:
+
+- `app_port` (Number) Application Port value
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--matches"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.matches`
+
+Optional:
+
+- `type` (String) Type of Match (Required)
+- `value` (String) Value of match (Required)
+
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--module"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.module`
+
+Optional:
+
+- `environment` (Map of String) Extra information to module to make configuration easier
+- `module_type` (String) Type of modules
+- `routes` (Map of String) Send messages between modules or send messages from modules to iot hub
+- `twin_detail` (String) Base64 encoded module twin details, desired properties of the module will be updated to reflect these values
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--owner"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.owner`
+
+Optional:
+
+- `company` (String) UI map: AppEditPage:IdentityPane:Category_Field, AppDetailsPage:IdentityPane:Category_Field
+- `email` (String) UI map: AppEditPage:DeveloperPane:Email_Field, AppDetailsPage:DeveloperPane:Email_Field
+- `group` (String)
+- `user` (String) UI map: AppEditPage:DeveloperPane:Name_Field, AppDetailsPage:DeveloperPane:Name_Field
+- `website` (String) UI map: AppEditPage:DeveloperPane:Website_Field, AppDetailsPage:DeveloperPane:Website_Field
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--permissions"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.permissions`
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--resources"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.resources`
+
+Optional:
+
+- `name` (String) Name of the Resource (Required)
+- `value` (String) Value of Resource (Required)
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces`
+
+Required:
+
+- `intfname` (String) intf Name
+- `netinstname` (String) Network Instance name to be matched for interface assignment. Applicable only when "direct attach" flag is false
+- `privateip` (Boolean) Private IP flag
+
+Optional:
+
+- `access_vlan_id` (Number) access port VLAN ID, vlan id of zero will be treated as trunk port and vlan id 1 is implicitly used by linux bridges
+- `acls` (Block List) app Acls (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls))
+- `default_net_instance` (Boolean) default instance flag
+- `directattach` (Boolean) direct attach flag
+- `eidregister` (Block List) EID register details (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--eidregister))
+- `intforder` (Number) intforder
+- `io` (Block List) Physical Adapter to be matched for interface assignment. Applicable only when "direct attach" flag is true (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--io))
+- `ipaddr` (String) IP address
+- `macaddr` (String) MAC address
+- `netinsttag` (Map of String) Network Instance tag to be matched for interface assignment. Applicable only when "direct attach" flag is false
+- `netname` (String) network name: will be deprecated in future, use netinstname
+
+Read-Only:
+
+- `netinstid` (String) Network Instance id to be matched for interface assignment.
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.acls`
+
+Optional:
+
+- `actions` (Block List) app ACE actions (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--actions))
+- `matches` (Block List) app ACE match (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--matches))
+- `name` (String) User defined name of the app ACE, unique across the enterprise. Once object is created, name can’t be changed
+
+Read-Only:
+
+- `id` (Number) app ACE id
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--actions"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.acls.actions`
+
+Optional:
+
+- `drop` (Boolean) ACE drop flag
+- `limit` (Boolean) ACE limit flag
+- `limitburst` (Number) ACE limit burst
+- `limitrate` (Number) ACE limit rate
+- `limitunit` (String) ACE limit unit
+- `mapparams` (Block List) Application map params (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--actions--mapparams))
+- `portmap` (Boolean) application port map flag
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--actions--mapparams"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.acls.actions.mapparams`
+
+Optional:
+
+- `port` (Number) Application port
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--matches"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.acls.matches`
+
+Optional:
+
+- `type` (String) Type
+- `value` (String) Value
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--eidregister"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.eidregister`
+
+Required:
+
+- `display_name` (String) Display name
+- `e_id` (String) EID
+- `e_id_hash_len` (Number) EID hash length
+- `lisp_instance` (Number) Lisp Instance
+- `lisp_map_servers` (Block List, Min: 1) Lisp Map Server (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--eidregister--lisp_map_servers))
+- `lisp_signature` (String) Lisp Signature
+- `uuid` (String) UUID
+
+Read-Only:
+
+- `app_cert` (String) app certificate
+- `app_private_key` (String) App private key
+- `app_public_key` (String) App public key
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--eidregister--lisp_map_servers"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.eidregister.lisp_map_servers`
+
+Required:
+
+- `credential` (String, Sensitive) lisp credential
+- `name_or_ip` (String) name/IP
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--io"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.io`
+
+Optional:
+
+- `name` (String) Physical Adapter name
+- `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
+- `type` (String) IoType specifies the type of the Input output of the device
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--parent_detail"></a>
+### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.parent_detail`
+
+Optional:
+
+- `reference_exists` (Boolean) Relation with child and parent object exists or not
+- `update_available` (Boolean) Update required flag
+
+Read-Only:
+
+- `id_of_parent_object` (String) system defined unique id of parent object
+- `version_of_parent_object` (Number) version of object present in parent
+
+
+
+<a id="nestedblock--attestation_policy--module_policy--metrics"></a>
+### Nested Schema for `attestation_policy.module_policy.metrics`
+
+Optional:
+
+- `queries` (Map of String) Mapping of queries variable keys and value
+- `results` (Map of String) Mapping of results variable keys and value
+
+
+
+<a id="nestedblock--attestation_policy--network_policy"></a>
+### Nested Schema for `attestation_policy.network_policy`
+
+Required:
+
+- `net_instance_config` (Block List, Min: 1) list of network details that will be created on all the devices of the project to which this policy is attached (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config))
+
+<a id="nestedblock--attestation_policy--network_policy--net_instance_config"></a>
+### Nested Schema for `attestation_policy.network_policy.net_instance_config`
+
+Required:
+
+- `device_id` (String) ID of the device on which network instance is created
+- `kind` (String) Kind of Network Instance:
+NETWORK_INSTANCE_KIND_UNSPECIFIED
+NETWORK_INSTANCE_KIND_TRANSPARENT
+NETWORK_INSTANCE_KIND_SWITCH
+NETWORK_INSTANCE_KIND_LOCAL
+NETWORK_INSTANCE_KIND_CLOUD
+NETWORK_INSTANCE_KIND_MESH
+NETWORK_INSTANCE_KIND_HONEYPOT
+- `name` (String) User defined name of the network instance, unique across the enterprise. Once object is created, name can’t be changed
+- `title` (String) User defined title of the network instance. Title can be changed at any time
+
+Optional:
+
+- `cluster_id` (String) ID of the Cluster in which the network instance is configured
+- `description` (String) Detailed description of the network instance
+- `device_default` (Boolean) Flag to indicate if this is the default network instance for the device
+- `dhcp` (Boolean) Deprecated
+- `dns_list` (Block List) List of Static DNS entries (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--dns_list))
+- `ip` (Block List) DHCP Server Configuration (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--ip))
+- `mtu` (Number) Maximum transmission unit (MTU) to set for the network instance and all application interfaces connected to it
+- `network_policy_id` (String) id of the network policy to be attached to this network instance
+- `oconfig` (String)
+- `opaque` (Block List) Service specific Config (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--opaque))
+- `port` (String) name of port mapping in the model
+- `port_tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
+- `project_id` (String) id of the project in which network instance is created
+- `propagate_connected_routes` (Boolean) Automatically propagate connected routes
+- `static_routes` (Block List) List of Static IP routes (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--static_routes))
+- `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
+- `type` (String) Type of DHCP for this Network Instance:
+NETWORK_INSTANCE_DHCP_TYPE_V4
+NETWORK_INSTANCE_DHCP_TYPE_V6
+NETWORK_INSTANCE_DHCP_TYPE_CRYPTOEID
+NETWORK_INSTANCE_DHCP_TYPE_CRYPTOV4
+NETWORK_INSTANCE_DHCP_TYPE_CRYPTOV6
+
+Read-Only:
+
+- `id` (String) System defined universally unique ID of the network instance
+- `lisp` (List of Object) Lisp Config : read only for now. Deprecated. (see [below for nested schema](#nestedatt--attestation_policy--network_policy--net_instance_config--lisp))
+- `revision` (List of Object) system defined info for the object (see [below for nested schema](#nestedatt--attestation_policy--network_policy--net_instance_config--revision))
+
+<a id="nestedblock--attestation_policy--network_policy--net_instance_config--dns_list"></a>
+### Nested Schema for `attestation_policy.network_policy.net_instance_config.dns_list`
+
+Optional:
+
+- `addrs` (List of String) Addresses
+- `hostname` (String) Host name
+
+
+<a id="nestedblock--attestation_policy--network_policy--net_instance_config--ip"></a>
+### Nested Schema for `attestation_policy.network_policy.net_instance_config.ip`
+
+Optional:
+
+- `dhcp_range` (Block List) Range of IP addresses to be used for DHCP (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--ip--dhcp_range))
+- `dns` (List of String) IP Addresses of DNS servers
+- `domain` (String) Network domain
+- `gateway` (String) IP Address of Network Gateway
+- `mask` (String) Subnet Mask
+- `ntp` (String) IP Address of NTP Server
+- `subnet` (String) Subnet address
+
+<a id="nestedblock--attestation_policy--network_policy--net_instance_config--ip--dhcp_range"></a>
+### Nested Schema for `attestation_policy.network_policy.net_instance_config.ip.dhcp_range`
+
+Optional:
+
+- `end` (String) ending IP
+- `start` (String) starting IP
+
+
+
+<a id="nestedblock--attestation_policy--network_policy--net_instance_config--opaque"></a>
+### Nested Schema for `attestation_policy.network_policy.net_instance_config.opaque`
+
+Optional:
+
+- `lisp` (Block List) Deprecated - Lisp config (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--opaque--lisp))
+- `oconfig` (String) base64 encoded string of opaque config
+- `type` (String) type of Opaque config
+
+<a id="nestedblock--attestation_policy--network_policy--net_instance_config--opaque--lisp"></a>
+### Nested Schema for `attestation_policy.network_policy.net_instance_config.opaque.lisp`
+
+Optional:
+
+- `allocate` (Boolean) Allocate flag
+- `allocationprefix` (String) Allocation Prefix
+- `allocationprefixlen` (Number) Allocation Prefix Length
+- `exportprivate` (Boolean) Export Private flag
+- `lispiid` (Number) lisp id
+- `sp` (Block List) Service Point List (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--opaque--lisp--sp))
+
+<a id="nestedblock--attestation_policy--network_policy--net_instance_config--opaque--lisp--sp"></a>
+### Nested Schema for `attestation_policy.network_policy.net_instance_config.opaque.lisp.sp`
+
+Optional:
+
+- `credential` (String) Service credentials
+- `name_or_ip` (String) Service name/ service name
+- `type` (String) Service Point Type
+
+
+
+
+<a id="nestedblock--attestation_policy--network_policy--net_instance_config--static_routes"></a>
+### Nested Schema for `attestation_policy.network_policy.net_instance_config.static_routes`
+
+Optional:
+
+- `gateway` (String) Gateway IP
+- `prefix` (String) IP Prefix
+
+
+<a id="nestedatt--attestation_policy--network_policy--net_instance_config--lisp"></a>
+### Nested Schema for `attestation_policy.network_policy.net_instance_config.lisp`
+
+Read-Only:
+
+- `allocate` (Boolean)
+- `allocationprefix` (String)
+- `allocationprefixlen` (Number)
+- `exportprivate` (Boolean)
+- `lispiid` (Number)
+- `sp` (List of Object) (see [below for nested schema](#nestedobjatt--attestation_policy--network_policy--net_instance_config--lisp--sp))
+
+<a id="nestedobjatt--attestation_policy--network_policy--net_instance_config--lisp--sp"></a>
+### Nested Schema for `attestation_policy.network_policy.net_instance_config.lisp.sp`
+
+Read-Only:
+
+- `credential` (String)
+- `name_or_ip` (String)
+- `type` (String)
+
+
+
+<a id="nestedatt--attestation_policy--network_policy--net_instance_config--revision"></a>
+### Nested Schema for `attestation_policy.network_policy.net_instance_config.revision`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `curr` (String)
+- `prev` (String)
+- `updated_at` (String)
+- `updated_by` (String)
+
+
+
+
+<a id="nestedatt--attestation_policy--revision"></a>
+### Nested Schema for `attestation_policy.revision`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `curr` (String)
+- `prev` (String)
+- `updated_at` (String)
+- `updated_by` (String)
+
+
+
+<a id="nestedblock--configuration_lock_policy"></a>
+### Nested Schema for `configuration_lock_policy`
+
+Optional:
+
+- `app_policy` (Block List) app policy, which is used in auto app instance deployment (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy))
+- `attestation_policy` (Block List) attestation policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--configuration_lock_policy--attestation_policy))
+- `attr` (Map of String) Mapping of policy  variable keys and policy variable values
+- `azure_policy` (Block List) azure policy, which is used in configuring azure iot-edge. (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy))
+- `cluster_policy` (Block List) cluster policy to bring up cluster on devices in this project (see [below for nested schema](#nestedblock--configuration_lock_policy--cluster_policy))
+- `configuration_lock_policy` (Block List) configuration lock policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--configuration_lock_policy--configuration_lock_policy))
+- `description` (String) Detailed description of the policy
+- `edgeview_policy` (Block List) edgeview policy on devices of this project (see [below for nested schema](#nestedblock--configuration_lock_policy--edgeview_policy))
+- `local_operator_console_policy` (Block List) local operator console policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--configuration_lock_policy--local_operator_console_policy))
+- `module_policy` (Block List) module policy, which is used in auto module deployment (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy))
+- `name` (String) User defined name of the policy request, unique across the enterprise. Once object is created, name can’t be changed
+- `network_policy` (Block List) network policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--configuration_lock_policy--network_policy))
+- `title` (String) User defined title of the policy. Title can be changed at any time
+- `type` (String) type of policy
+
+Read-Only:
+
+- `id` (String) System defined universally unique Id of the policy request
+- `revision` (List of Object) system defined info (see [below for nested schema](#nestedatt--configuration_lock_policy--revision))
+- `status` (String) status of the policy
+- `status_message` (String) Detailed status message of the policy
+
+<a id="nestedblock--configuration_lock_policy--app_policy"></a>
+### Nested Schema for `configuration_lock_policy.app_policy`
+
+Required:
+
+- `apps` (Block List, Min: 1) list of app details that will be provisioned on all the devices of the project to which this policy is attached (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps))
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps`
+
+Required:
+
+- `cpus` (Number) user defined cpus for bundle
+- `manifest_json` (Block List, Min: 1) Manifest data (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json))
+- `memory` (Number) user defined memory for bundle
+- `name` (String) User defined name of the edge application, unique across the enterprise. Once object is created, name can’t be changed
+- `networks` (Number) user defined network options
+- `origin_type` (String) origin of object
+- `title` (String) User defined title of the edge application. Title can be changed at any time
+
+Optional:
+
+- `app_id` (String) User defined name of the edge app, unique across the enterprise. Once app name is created, name can’t be changed
+- `app_version` (String) Current version of the attached bundle
+- `description` (String) Detailed description of the edge application
+- `interfaces` (Block List) application interfaces (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--interfaces))
+- `name_app_part` (String) User provided name part  for the auto deployed app
+- `name_project_part` (String) User provided name part  for the auto deployed app
+- `naming_scheme` (String) app naming scheme
+- `parent_detail` (Block List) origin and parent related details (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--parent_detail))
+- `start_delay_in_seconds` (Number) start delay is the time in seconds EVE should wait after boot before starting the application instance
+- `storage` (Number) user defined storage for bundle
+- `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
+
+Read-Only:
+
+- `drives` (Number) user defined drives
+- `id` (String) System defined universally unique Id of the edge application
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json`
+
+Required:
+
+- `ac_kind` (String) UI map: N/A - not exposed to users
+- `ac_version` (String) UI map: N/A - not exposed to users
+- `name` (String) UI map: AppEditPage:IdentityPane:Name_Field, AppDetailsPage:IdentityPane:Name_Field
+
+Optional:
+
+- `app_type` (String) bundle type, eg: vm, container, module
+- `configuration` (Block List) Template for Custom Configuration. Used for Cloud-Init (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration))
+- `container_detail` (Block List) Create options direct the creation of the Docker container (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--container_detail))
+- `cpu_pinning_enabled` (Boolean) Enable CpuPinning
+- `deployment_type` (String) type of deployment for the app, eg: azure, k3s, standalone
+- `desc` (Block List) Description of the application (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--desc))
+- `description` (String) UI map: AppDetailsPage:IdentityPane:DescriptionField, AppMarketplacePage:AppCard:DescriptionField
+- `display_name` (String) UI map: AppEditPage:IdentityPane:Title_Field, AppDetailsPage:IdentityPane:Title_Field
+- `enablevnc` (Boolean) UI map: AppEditPage:IdentityPane:VNC_Field, AppDetailsPage:IdentityPane:VNC_Field
+- `images` (Block List) UI map: AppEditPage:DrivesPane, AppDetailsPage:DrivesPane (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--images))
+- `interfaces` (Block List) UI map: AppEditPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces))
+- `module` (Block List) Azure module specific details like module twin, environment variable, routes (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--module))
+- `owner` (Block List) Owner of the application (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--owner))
+- `permissions` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--permissions))
+- `resources` (Block List) UI map: AppEditPage:ResourcesPane, AppDetailsPage:ResourcesPane (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--resources))
+- `vmmode` (String) UI map: AppEditPage:IdentityPane:VM_Mode_Field, AppDetailsPage:IdentityPane:VM_Mode_Field
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.configuration`
+
+Optional:
+
+- `custom_config` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration--custom_config))
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration--custom_config"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.configuration.custom_config`
+
+Optional:
+
+- `add` (Boolean) Add the Custom Config to App Instance (Optional. Default: False)
+- `allow_storage_resize` (Boolean) Allow Appinstance storage to be resized after app instance is created. (Optional. Default: False)
+- `field_delimiter` (String) Field delimiter used in specifying variables in template. (Required)
+- `name` (String) Name of CustomConfig (Required)
+- `override` (Boolean) Override existing custom config from App Bundle Manifest (Optional. Default: False)
+- `template` (String) base64 encrypted template string. (Optional)
+- `variable_groups` (Block List) List of Variable groups. (Required) (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration--custom_config--variable_groups))
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration--custom_config--variable_groups"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.configuration.custom_config.variable_groups`
+
+Optional:
+
+- `condition` (Block List) Condition to apply the variable group. (Optional. Default: None) (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration--custom_config--variable_groups--condition))
+- `name` (String) Name of the Variable Group(Required)
+- `required` (Boolean) Indicates if the variable group is required to be specified for the App Instance. (Optional. Default:False)
+- `variables` (Block List) List of variables(Required) (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration--custom_config--variable_groups--variables))
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration--custom_config--variable_groups--condition"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.configuration.custom_config.variable_groups.condition`
+
+Optional:
+
+- `name` (String)
+- `operator` (String)
+- `value` (String)
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration--custom_config--variable_groups--variables"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.configuration.custom_config.variable_groups.variables`
+
+Required:
+
+- `format` (String) Format of the user variable. (Required)
+- `label` (String) Label for the variable (Required)
+- `name` (String) Name of the Variable (Required)
+- `required` (Boolean) This variable MUST be specified when creating an App Instance. (Optional. Default: False)
+
+Optional:
+
+- `default` (String) Default value of the variable. (Optional. Default: <Default value based on type>)
+- `encode` (String) Encoding of file content. Applicable if format is VARIABLE_FORMAT_FILE
+- `max_length` (String) Max length of the value of the variable(Optional. Default: 1024)
+- `options` (Block List) Key-Value pair of options. Applicable if format is VARIABLE_FORMAT_DROPDOWN (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration--custom_config--variable_groups--variables--options))
+- `process_input` (String)
+- `type` (String)
+- `value` (String) User-specified value of the variable.(Required if required is true. Optional otherwise)
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--configuration--custom_config--variable_groups--variables--options"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.configuration.custom_config.variable_groups.variables.options`
+
+Optional:
+
+- `label` (String) Display label of the key in User-Agent
+- `value` (String) Value of the key to be used
+
+
+
+
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--container_detail"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.container_detail`
+
+Optional:
+
+- `container_create_option` (String) Create options direct the creation of the Docker container
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--desc"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.desc`
+
+Required:
+
+- `app_category` (String)
+
+Optional:
+
+- `agreement_list` (Map of String) UI map: AppEditPage:DeveloperPane:Developer_Agreement_Field, AppDetailsPage:DeveloperPane:Developer_Agreement_Field
+- `category` (String) UI map: AppMarketplacePage:AppCard:DescriptionField, AppEditPage:IdentityPane:CategoryField, AppDetailsPage:IdentityPane:CategoryField
+- `license_list` (Map of String) UI map: AppMarketplacePage:AppCard:License, AppEditPage:IdentityPane:License, AppDetailsPage:IdentityPane:License
+- `logo` (Map of String) UI map: AppEditPage:IdentityPane:Logo, AppDetailsPage:IdentityPane:Logo
+- `os` (String)
+- `screenshot_list` (Map of String) UI map: AppEditPage:IdentityPane:Screenshot_Fields, AppDetailsPage:IdentityPane:Screenshot_Fields
+- `support` (String) UI map: AppEditPage:DeveloperPane:Support_Description_Field, AppDetailsPage:DeveloperPane:Support_Description_Field
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--images"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.images`
+
+Optional:
+
+- `cleartext` (Boolean) UI map: AppEditPage:DrivesPane:Cleartext, AppDetailsPage:DrivesPane:ClearText_Field
+- `drvtype` (String) UI map: AppEditPage:DrivesPane:Drive_Type_Field, AppDetailsPage:DrivesPane:Drive_Type_Field
+- `ignorepurge` (Boolean) UI map: AppEditPage:DrivesPane:Ignorepurge, AppDetailsPage:DrivesPane:Ignorepurgee_Field
+- `imageformat` (String) UI map: AppEditPage:DrivesPane:Image_Format_Field, AppDetailsPage:DrivesPane:Image_Format_Field
+- `imageid` (String) UI map: AppEditPage:DrivesPane:Image_ID_Field, AppDetailsPage:DrivesPane:Image_ID_Field
+- `imagename` (String) UI map: AppEditPage:DrivesPane:Image_Name_Field, AppDetailsPage:DrivesPane:Image_Name_Field
+- `maxsize` (String) UI map: AppEditPage:DrivesPane:Max_Size_Field, AppDetailsPage:DrivesPane:Max_Size_Field
+- `mountpath` (String) UI map: AppEditPage:DrivesPane:Mountpath, AppDetailsPage:DrivesPane:Mountpath_Field
+- `params` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--images--params))
+- `preserve` (Boolean) UI map: AppEditPage:DrivesPane:Preserve_Field, AppDetailsPage:DrivesPane:Preserve_Field
+- `readonly` (Boolean)
+- `target` (String) UI map: AppEditPage:DrivesPane:Target_Field, AppDetailsPage:DrivesPane:Target_Field
+- `volumelabel` (String) UI map: AppEditPage:DrivesPane:Volume_Label, AppDetailsPage:DrivesPane:Volume_Label
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--images--params"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.images.params`
+
+Optional:
+
+- `name` (String) Name of the Parameter (Required)
+- `value` (String) Value of the parameter (Required)
+
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.interfaces`
+
+Optional:
+
+- `acls` (Block List) Traffic access control rules for this interface. Applicable only when "direct attach" flag is false. (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces--acls))
+- `directattach` (Boolean) If true, a physical adapter is assigned to the edge application directly. If false, a network instance is assigned to the edge application.
+- `name` (String) Interface name used by the edge application
+- `optional` (Boolean) Indicates if the interface is optional for edge application.
+- `privateip` (Boolean) If true, DHCP network can't be assigned and user needs to provide a static IP address.
+- `type` (String) Physical Adapter type for this interface. Applicable only when "direct attach" flag is true.
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces--acls"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.interfaces.acls`
+
+Optional:
+
+- `actions` (Block List) Chain of actions to be taken on matching network traffic (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces--acls--actions))
+- `matches` (Block List) Network traffic matching criteria consistngs of one or more of source IP address, destination IP address, protocol, source port and destination port (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces--acls--matches))
+- `name` (String) Name of the Access Control List
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces--acls--actions"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.interfaces.acls.actions`
+
+Optional:
+
+- `drop` (Boolean) Drop the packet
+- `limit` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limit_value` (Block List) Value to be used for limit action (Required if limit is true) (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces--acls--actions--limit_value))
+- `limitburst` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitrate` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `portmap` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `portmapto` (Block List) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces--acls--actions--portmapto))
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces--acls--actions--limit_value"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.interfaces.acls.actions.limit_value`
+
+Optional:
+
+- `limitburst` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitrate` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces--acls--actions--portmapto"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.interfaces.acls.actions.portmapto`
+
+Optional:
+
+- `app_port` (Number) Application Port value
+
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--interfaces--acls--matches"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.interfaces.acls.matches`
+
+Optional:
+
+- `type` (String) Type of Match (Required)
+- `value` (String) Value of match (Required)
+
+
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--module"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.module`
+
+Optional:
+
+- `environment` (Map of String) Extra information to module to make configuration easier
+- `module_type` (String) Type of modules
+- `routes` (Map of String) Send messages between modules or send messages from modules to iot hub
+- `twin_detail` (String) Base64 encoded module twin details, desired properties of the module will be updated to reflect these values
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--owner"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.owner`
+
+Optional:
+
+- `company` (String) UI map: AppEditPage:IdentityPane:Category_Field, AppDetailsPage:IdentityPane:Category_Field
+- `email` (String) UI map: AppEditPage:DeveloperPane:Email_Field, AppDetailsPage:DeveloperPane:Email_Field
+- `group` (String)
+- `user` (String) UI map: AppEditPage:DeveloperPane:Name_Field, AppDetailsPage:DeveloperPane:Name_Field
+- `website` (String) UI map: AppEditPage:DeveloperPane:Website_Field, AppDetailsPage:DeveloperPane:Website_Field
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--permissions"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.permissions`
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--manifest_json--resources"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.manifest_json.resources`
+
+Optional:
+
+- `name` (String) Name of the Resource (Required)
+- `value` (String) Value of Resource (Required)
+
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--interfaces"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.interfaces`
+
+Required:
+
+- `intfname` (String) intf Name
+- `netinstname` (String) Network Instance name to be matched for interface assignment. Applicable only when "direct attach" flag is false
+- `privateip` (Boolean) Private IP flag
+
+Optional:
+
+- `access_vlan_id` (Number) access port VLAN ID, vlan id of zero will be treated as trunk port and vlan id 1 is implicitly used by linux bridges
+- `acls` (Block List) app Acls (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--interfaces--acls))
+- `default_net_instance` (Boolean) default instance flag
+- `directattach` (Boolean) direct attach flag
+- `eidregister` (Block List) EID register details (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--interfaces--eidregister))
+- `intforder` (Number) intforder
+- `io` (Block List) Physical Adapter to be matched for interface assignment. Applicable only when "direct attach" flag is true (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--interfaces--io))
+- `ipaddr` (String) IP address
+- `macaddr` (String) MAC address
+- `netinsttag` (Map of String) Network Instance tag to be matched for interface assignment. Applicable only when "direct attach" flag is false
+- `netname` (String) network name: will be deprecated in future, use netinstname
+
+Read-Only:
+
+- `netinstid` (String) Network Instance id to be matched for interface assignment.
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--interfaces--acls"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.interfaces.acls`
+
+Optional:
+
+- `actions` (Block List) app ACE actions (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--interfaces--acls--actions))
+- `matches` (Block List) app ACE match (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--interfaces--acls--matches))
+- `name` (String) User defined name of the app ACE, unique across the enterprise. Once object is created, name can’t be changed
+
+Read-Only:
+
+- `id` (Number) app ACE id
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--interfaces--acls--actions"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.interfaces.acls.actions`
+
+Optional:
+
+- `drop` (Boolean) ACE drop flag
+- `limit` (Boolean) ACE limit flag
+- `limitburst` (Number) ACE limit burst
+- `limitrate` (Number) ACE limit rate
+- `limitunit` (String) ACE limit unit
+- `mapparams` (Block List) Application map params (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--interfaces--acls--actions--mapparams))
+- `portmap` (Boolean) application port map flag
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--interfaces--acls--actions--mapparams"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.interfaces.acls.actions.mapparams`
+
+Optional:
+
+- `port` (Number) Application port
+
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--interfaces--acls--matches"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.interfaces.acls.matches`
+
+Optional:
+
+- `type` (String) Type
+- `value` (String) Value
+
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--interfaces--eidregister"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.interfaces.eidregister`
+
+Required:
+
+- `display_name` (String) Display name
+- `e_id` (String) EID
+- `e_id_hash_len` (Number) EID hash length
+- `lisp_instance` (Number) Lisp Instance
+- `lisp_map_servers` (Block List, Min: 1) Lisp Map Server (see [below for nested schema](#nestedblock--configuration_lock_policy--app_policy--apps--interfaces--eidregister--lisp_map_servers))
+- `lisp_signature` (String) Lisp Signature
+- `uuid` (String) UUID
+
+Read-Only:
+
+- `app_cert` (String) app certificate
+- `app_private_key` (String) App private key
+- `app_public_key` (String) App public key
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--interfaces--eidregister--lisp_map_servers"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.interfaces.eidregister.lisp_map_servers`
+
+Required:
+
+- `credential` (String, Sensitive) lisp credential
+- `name_or_ip` (String) name/IP
+
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--interfaces--io"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.interfaces.io`
+
+Optional:
+
+- `name` (String) Physical Adapter name
+- `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
+- `type` (String) IoType specifies the type of the Input output of the device
+
+
+
+<a id="nestedblock--configuration_lock_policy--app_policy--apps--parent_detail"></a>
+### Nested Schema for `configuration_lock_policy.app_policy.apps.parent_detail`
+
+Optional:
+
+- `reference_exists` (Boolean) Relation with child and parent object exists or not
+- `update_available` (Boolean) Update required flag
+
+Read-Only:
+
+- `id_of_parent_object` (String) system defined unique id of parent object
+- `version_of_parent_object` (Number) version of object present in parent
+
+
+
+
+<a id="nestedblock--configuration_lock_policy--attestation_policy"></a>
+### Nested Schema for `configuration_lock_policy.attestation_policy`
+
+Required:
+
+- `type` (String) Attestation policy type
+
+Read-Only:
+
+- `id` (String) unique policy id
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy`
+
+Required:
+
+- `app_id` (String) app id for rbac
+- `app_password` (String) app password for rbac
+- `tenant_id` (String) tenant id for rbac
+
+Optional:
+
+- `azure_resource_and_services` (Block List) azure resource and service the policy will be interested in (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services))
+- `certificate` (Block List) Certificate object holds the details of certificate like encryption type, validity, subject etc (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--certificate))
+- `crypto_key` (String) key to decrypt AppPassword
+- `custom_deployment_managed` (Boolean)
+- `encrypted_secrets` (Map of String) encrypted AppPassword
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services`
+
+Required:
+
+- `dps_service` (Block List, Min: 1) dps service attached to cloud policy (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service))
+- `iot_hub_service` (Block List, Min: 1) list of iothubs attached to cloud policy (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--iot_hub_service))
+- `resource_group` (Block List, Min: 1) list of resource groups attached to cloud policy (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--resource_group))
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.dps_service`
+
+Optional:
+
+- `enrollment` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment))
+- `service_detail` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--service_detail))
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.dps_service.enrollment`
+
+Optional:
+
+- `allocation_policy` (String)
+- `attached_iot_hubs_name` (List of String)
+- `certificate_enrollment` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--certificate_enrollment))
+- `enable_iot_edge_device` (Boolean)
+- `mechanism` (String)
+- `symmetric_key_enrollment` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--symmetric_key_enrollment))
+- `tags` (Map of String)
+- `tpm_enrollment` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--tpm_enrollment))
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--certificate_enrollment"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.dps_service.enrollment.certificate_enrollment`
+
+Optional:
+
+- `group_certificate_enrollment` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--certificate_enrollment--group_certificate_enrollment))
+- `individual_certificate_enrollment` (String)
+- `type` (String)
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--certificate_enrollment--group_certificate_enrollment"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.dps_service.enrollment.certificate_enrollment.group_certificate_enrollment`
+
+Optional:
+
+- `group_name` (String)
+
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--symmetric_key_enrollment"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.dps_service.enrollment.symmetric_key_enrollment`
+
+Optional:
+
+- `group_symmetric_key_enrollment` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--symmetric_key_enrollment--group_symmetric_key_enrollment))
+- `individual_symmetric_key_enrollment` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--symmetric_key_enrollment--individual_symmetric_key_enrollment))
+- `type` (String)
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--symmetric_key_enrollment--group_symmetric_key_enrollment"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.dps_service.enrollment.symmetric_key_enrollment.group_symmetric_key_enrollment`
+
+Optional:
+
+- `group_name` (String)
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--symmetric_key_enrollment--individual_symmetric_key_enrollment"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.dps_service.enrollment.symmetric_key_enrollment.individual_symmetric_key_enrollment`
+
+Optional:
+
+- `registration_id` (String)
+
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--enrollment--tpm_enrollment"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.dps_service.enrollment.tpm_enrollment`
+
+Optional:
+
+- `type` (String)
+
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--service_detail"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.dps_service.service_detail`
+
+Optional:
+
+- `create_by_default` (Boolean)
+- `name` (String)
+- `region` (String)
+- `resource_group_name` (String)
+- `s_k_u` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--service_detail--s_k_u))
+- `subscription_id` (String)
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--dps_service--service_detail--s_k_u"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.dps_service.service_detail.s_k_u`
+
+Optional:
+
+- `capacity` (String)
+- `name` (String)
+- `tier` (String)
+
+
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--iot_hub_service"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.iot_hub_service`
+
+Optional:
+
+- `service_detail` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--iot_hub_service--service_detail))
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--iot_hub_service--service_detail"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.iot_hub_service.service_detail`
+
+Optional:
+
+- `create_by_default` (Boolean)
+- `name` (String)
+- `region` (String)
+- `resource_group_name` (String)
+- `s_k_u` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--iot_hub_service--service_detail--s_k_u))
+- `subscription_id` (String)
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--iot_hub_service--service_detail--s_k_u"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.iot_hub_service.service_detail.s_k_u`
+
+Optional:
+
+- `capacity` (String)
+- `name` (String)
+- `tier` (String)
+
+
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--azure_resource_and_services--resource_group"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.azure_resource_and_services.resource_group`
+
+Required:
+
+- `name` (String) resource group name
+- `subscription_id` (String) azure subscription id to which resource group is attached
+
+Optional:
+
+- `region` (String) resource group region
+
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--certificate"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.certificate`
+
+Optional:
+
+- `basic_contraints_valid` (Boolean) This fields tells the basic constraints like isCA are correct.
+- `cert` (String) base64 string of the parent certificate
+- `crypto_key` (String) Crypto Key for decrypting user secret information
+- `ecdsa_encryption` (Block List) ECDSA encryption algorithm of the certificate (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--certificate--ecdsa_encryption))
+- `encrypted_secrets` (Map of String) user encrypted secrets map
+- `exportable` (Boolean) Indicates if the private key can be exported.
+- `extended_key_usage` (List of String) Sequence of extended key usages.
+- `issuer` (Block List) Parameters for the issuer of the X509 component of a certificate. (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--certificate--issuer))
+- `key_usage` (Number) Key usage extensions define the purpose of the public key contained in a certificate.
+- `pass_phrase` (String) pass phase for the pvt key, this has to be filled if pvt key is encrypted with a pass phrase
+- `public_key` (String) base63 string of the public key
+- `public_key_algorithm` (String) Public key algorithm.
+- `pvt_key` (String) base64 string of the parent pvt key
+- `reuse_key` (Boolean) Indicates if the same key pair will be used on certificate renewal.
+- `rsa_ecryption` (Block List) RSA encryption algorithm of the certificate (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--certificate--rsa_ecryption))
+- `san_values` (Block List) This holds the alternative name values like URIs, domain names IPs etc. (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--certificate--san_values))
+- `serial_number` (String) Unique identifier for each Certificate generated by an Certificate Issuer.
+- `signature_algorithm` (String)
+- `subject` (Block List) Parameters for the subject of the X509 component of a certificate. (see [below for nested schema](#nestedblock--configuration_lock_policy--azure_policy--certificate--subject))
+- `valid_from` (String) Certificate validatity start time
+- `valid_till` (String) Certificate validatity start time
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--certificate--ecdsa_encryption"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.certificate.ecdsa_encryption`
+
+Optional:
+
+- `curve` (String) ECDSA curve to be used while signing the certificate.
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--certificate--issuer"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.certificate.issuer`
+
+Optional:
+
+- `common_name` (String) Certificate common name.
+- `country` (List of String) List of countries.
+- `locality` (List of String) List of locallity.
+- `organization` (List of String) List of organization.
+- `organizational_unit` (List of String) List of Organizational Unit.
+- `postal_code` (List of String) List of Postal codes.
+- `province` (List of String) List of List of Prvince.
+- `serial_number` (String) Subject cerial number
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--certificate--rsa_ecryption"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.certificate.rsa_ecryption`
+
+Optional:
+
+- `rsa_bits` (String) RSA Encryption Key bit size.
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--certificate--san_values"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.certificate.san_values`
+
+Optional:
+
+- `dns` (List of String) List of permitted DNS names.
+- `emaild_ids` (List of String) List of permitted email addresses.
+- `hosts` (List of String) List of permitted hosts.
+- `ips` (List of String) List of permitted IP addresses.
+- `upns` (List of String) List of permitted User principal names.
+- `uris` (List of String) List of permitted URIs.
+
+
+<a id="nestedblock--configuration_lock_policy--azure_policy--certificate--subject"></a>
+### Nested Schema for `configuration_lock_policy.azure_policy.certificate.subject`
+
+Optional:
+
+- `common_name` (String) Certificate common name.
+- `country` (List of String) List of countries.
+- `locality` (List of String) List of locallity.
+- `organization` (List of String) List of organization.
+- `organizational_unit` (List of String) List of Organizational Unit.
+- `postal_code` (List of String) List of Postal codes.
+- `province` (List of String) List of List of Prvince.
+- `serial_number` (String) Subject cerial number
+
+
+
+
+<a id="nestedblock--configuration_lock_policy--cluster_policy"></a>
+### Nested Schema for `configuration_lock_policy.cluster_policy`
+
+Required:
+
+- `app_policy_id` (String) UUID of the app policy linked to this cluster policy
+- `network_policy_id` (String) UUID of the network policy linked to this cluster policy
+- `type` (String) Type of cluster
+
+Optional:
+
+- `cluster_config` (Block List) Cluster Policy Parameters (see [below for nested schema](#nestedblock--configuration_lock_policy--cluster_policy--cluster_config))
+
+<a id="nestedblock--configuration_lock_policy--cluster_policy--cluster_config"></a>
+### Nested Schema for `configuration_lock_policy.cluster_policy.cluster_config`
+
+Optional:
+
+- `min_nodes_required` (Number)
+
+
+
+<a id="nestedblock--configuration_lock_policy--configuration_lock_policy"></a>
+### Nested Schema for `configuration_lock_policy.configuration_lock_policy`
+
+Required:
+
+- `config_lock` (String) configuration lock setting
+
+Read-Only:
+
+- `id` (String) unique policy id
+
+
+<a id="nestedblock--configuration_lock_policy--edgeview_policy"></a>
+### Nested Schema for `configuration_lock_policy.edgeview_policy`
+
+Optional:
+
+- `access_allow_change` (Boolean) Allow inherit instance to change access policy
+- `edgeview_allow` (Boolean) Allow device to enable Edgeview in this project
+- `edgeviewcfg` (Block List) Edgeview configuration and policies (see [below for nested schema](#nestedblock--configuration_lock_policy--edgeview_policy--edgeviewcfg))
+- `max_expire_sec` (Number) Maximum seconds allowed for Edgeview session
+- `max_inst` (Number) Maximum instances allowed for Edgeview
+
+<a id="nestedblock--configuration_lock_policy--edgeview_policy--edgeviewcfg"></a>
+### Nested Schema for `configuration_lock_policy.edgeview_policy.edgeviewcfg`
+
+Optional:
+
+- `app_policy` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--edgeview_policy--edgeviewcfg--app_policy))
+- `dev_policy` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--edgeview_policy--edgeviewcfg--dev_policy))
+- `ext_policy` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--edgeview_policy--edgeviewcfg--ext_policy))
+- `generation_id` (Number)
+- `jwt_info` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--edgeview_policy--edgeviewcfg--jwt_info))
+- `token` (String)
+
+<a id="nestedblock--configuration_lock_policy--edgeview_policy--edgeviewcfg--app_policy"></a>
+### Nested Schema for `configuration_lock_policy.edgeview_policy.edgeviewcfg.app_policy`
+
+Optional:
+
+- `allow_app` (Boolean)
+
+
+<a id="nestedblock--configuration_lock_policy--edgeview_policy--edgeviewcfg--dev_policy"></a>
+### Nested Schema for `configuration_lock_policy.edgeview_policy.edgeviewcfg.dev_policy`
+
+Optional:
+
+- `allow_dev` (Boolean)
+
+
+<a id="nestedblock--configuration_lock_policy--edgeview_policy--edgeviewcfg--ext_policy"></a>
+### Nested Schema for `configuration_lock_policy.edgeview_policy.edgeviewcfg.ext_policy`
+
+Optional:
+
+- `allow_ext` (Boolean)
+
+
+<a id="nestedblock--configuration_lock_policy--edgeview_policy--edgeviewcfg--jwt_info"></a>
+### Nested Schema for `configuration_lock_policy.edgeview_policy.edgeviewcfg.jwt_info`
+
+Optional:
+
+- `allow_sec` (Number)
+- `disp_url` (String)
+- `encrypt` (Boolean)
+- `expire_sec` (String)
+- `num_inst` (Number)
+
+
+
+
+<a id="nestedblock--configuration_lock_policy--local_operator_console_policy"></a>
+### Nested Schema for `configuration_lock_policy.local_operator_console_policy`
+
+Required:
+
+- `loc_url` (String) Local operator console URL
+
+Read-Only:
+
+- `id` (String) unique policy id
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy"></a>
+### Nested Schema for `configuration_lock_policy.module_policy`
+
+Required:
+
+- `apps` (Block List, Min: 1) list of app details that will be provisioned on all the devices of the project to which this policy is attached (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps))
+- `priority` (Number) deployment priority of module manifest
+
+Optional:
+
+- `azure_edge_agent` (Block List) app that describes the azure edge agent to be deployed on the Azure runtime (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent))
+- `azure_edge_hub` (Block List) app that describes the azure edge hub to be deployed on the Azure runtime (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub))
+- `etag` (String) etag for deployment
+- `labels` (Map of String) Mapping of label variable keys and value
+- `metrics` (Block List) custom metrics for deployment (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--metrics))
+- `routes` (Map of String) Mapping of routes variable keys and value
+- `target_condition` (String) target condition for deployment that matches single device or group of devices
+- `target_condition_new` (Map of String) target condition for deployment that matches single device or group of devices
+
+Read-Only:
+
+- `id` (String) unique id for deployment
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps`
+
+Required:
+
+- `cpus` (Number) user defined cpus for bundle
+- `manifest_json` (Block List, Min: 1) Manifest data (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json))
+- `memory` (Number) user defined memory for bundle
+- `name` (String) User defined name of the edge application, unique across the enterprise. Once object is created, name can’t be changed
+- `networks` (Number) user defined network options
+- `origin_type` (String) origin of object
+- `title` (String) User defined title of the edge application. Title can be changed at any time
+
+Optional:
+
+- `app_id` (String) User defined name of the edge app, unique across the enterprise. Once app name is created, name can’t be changed
+- `app_version` (String) Current version of the attached bundle
+- `description` (String) Detailed description of the edge application
+- `interfaces` (Block List) application interfaces (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--interfaces))
+- `name_app_part` (String) User provided name part  for the auto deployed app
+- `name_project_part` (String) User provided name part  for the auto deployed app
+- `naming_scheme` (String) app naming scheme
+- `parent_detail` (Block List) origin and parent related details (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--parent_detail))
+- `start_delay_in_seconds` (Number) start delay is the time in seconds EVE should wait after boot before starting the application instance
+- `storage` (Number) user defined storage for bundle
+- `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
+
+Read-Only:
+
+- `drives` (Number) user defined drives
+- `id` (String) System defined universally unique Id of the edge application
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json`
+
+Required:
+
+- `ac_kind` (String) UI map: N/A - not exposed to users
+- `ac_version` (String) UI map: N/A - not exposed to users
+- `name` (String) UI map: AppEditPage:IdentityPane:Name_Field, AppDetailsPage:IdentityPane:Name_Field
+
+Optional:
+
+- `app_type` (String) bundle type, eg: vm, container, module
+- `configuration` (Block List) Template for Custom Configuration. Used for Cloud-Init (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration))
+- `container_detail` (Block List) Create options direct the creation of the Docker container (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--container_detail))
+- `cpu_pinning_enabled` (Boolean) Enable CpuPinning
+- `deployment_type` (String) type of deployment for the app, eg: azure, k3s, standalone
+- `desc` (Block List) Description of the application (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--desc))
+- `description` (String) UI map: AppDetailsPage:IdentityPane:DescriptionField, AppMarketplacePage:AppCard:DescriptionField
+- `display_name` (String) UI map: AppEditPage:IdentityPane:Title_Field, AppDetailsPage:IdentityPane:Title_Field
+- `enablevnc` (Boolean) UI map: AppEditPage:IdentityPane:VNC_Field, AppDetailsPage:IdentityPane:VNC_Field
+- `images` (Block List) UI map: AppEditPage:DrivesPane, AppDetailsPage:DrivesPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--images))
+- `interfaces` (Block List) UI map: AppEditPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces))
+- `module` (Block List) Azure module specific details like module twin, environment variable, routes (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--module))
+- `owner` (Block List) Owner of the application (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--owner))
+- `permissions` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--permissions))
+- `resources` (Block List) UI map: AppEditPage:ResourcesPane, AppDetailsPage:ResourcesPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--resources))
+- `vmmode` (String) UI map: AppEditPage:IdentityPane:VM_Mode_Field, AppDetailsPage:IdentityPane:VM_Mode_Field
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.configuration`
+
+Optional:
+
+- `custom_config` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration--custom_config))
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration--custom_config"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.configuration.custom_config`
+
+Optional:
+
+- `add` (Boolean) Add the Custom Config to App Instance (Optional. Default: False)
+- `allow_storage_resize` (Boolean) Allow Appinstance storage to be resized after app instance is created. (Optional. Default: False)
+- `field_delimiter` (String) Field delimiter used in specifying variables in template. (Required)
+- `name` (String) Name of CustomConfig (Required)
+- `override` (Boolean) Override existing custom config from App Bundle Manifest (Optional. Default: False)
+- `template` (String) base64 encrypted template string. (Optional)
+- `variable_groups` (Block List) List of Variable groups. (Required) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration--custom_config--variable_groups))
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration--custom_config--variable_groups"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.configuration.custom_config.variable_groups`
+
+Optional:
+
+- `condition` (Block List) Condition to apply the variable group. (Optional. Default: None) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration--custom_config--variable_groups--condition))
+- `name` (String) Name of the Variable Group(Required)
+- `required` (Boolean) Indicates if the variable group is required to be specified for the App Instance. (Optional. Default:False)
+- `variables` (Block List) List of variables(Required) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration--custom_config--variable_groups--variables))
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration--custom_config--variable_groups--condition"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.configuration.custom_config.variable_groups.condition`
+
+Optional:
+
+- `name` (String)
+- `operator` (String)
+- `value` (String)
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration--custom_config--variable_groups--variables"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.configuration.custom_config.variable_groups.variables`
+
+Required:
+
+- `format` (String) Format of the user variable. (Required)
+- `label` (String) Label for the variable (Required)
+- `name` (String) Name of the Variable (Required)
+- `required` (Boolean) This variable MUST be specified when creating an App Instance. (Optional. Default: False)
+
+Optional:
+
+- `default` (String) Default value of the variable. (Optional. Default: <Default value based on type>)
+- `encode` (String) Encoding of file content. Applicable if format is VARIABLE_FORMAT_FILE
+- `max_length` (String) Max length of the value of the variable(Optional. Default: 1024)
+- `options` (Block List) Key-Value pair of options. Applicable if format is VARIABLE_FORMAT_DROPDOWN (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration--custom_config--variable_groups--variables--options))
+- `process_input` (String)
+- `type` (String)
+- `value` (String) User-specified value of the variable.(Required if required is true. Optional otherwise)
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--configuration--custom_config--variable_groups--variables--options"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.configuration.custom_config.variable_groups.variables.options`
+
+Optional:
+
+- `label` (String) Display label of the key in User-Agent
+- `value` (String) Value of the key to be used
+
+
+
+
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--container_detail"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.container_detail`
+
+Optional:
+
+- `container_create_option` (String) Create options direct the creation of the Docker container
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--desc"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.desc`
+
+Required:
+
+- `app_category` (String)
+
+Optional:
+
+- `agreement_list` (Map of String) UI map: AppEditPage:DeveloperPane:Developer_Agreement_Field, AppDetailsPage:DeveloperPane:Developer_Agreement_Field
+- `category` (String) UI map: AppMarketplacePage:AppCard:DescriptionField, AppEditPage:IdentityPane:CategoryField, AppDetailsPage:IdentityPane:CategoryField
+- `license_list` (Map of String) UI map: AppMarketplacePage:AppCard:License, AppEditPage:IdentityPane:License, AppDetailsPage:IdentityPane:License
+- `logo` (Map of String) UI map: AppEditPage:IdentityPane:Logo, AppDetailsPage:IdentityPane:Logo
+- `os` (String)
+- `screenshot_list` (Map of String) UI map: AppEditPage:IdentityPane:Screenshot_Fields, AppDetailsPage:IdentityPane:Screenshot_Fields
+- `support` (String) UI map: AppEditPage:DeveloperPane:Support_Description_Field, AppDetailsPage:DeveloperPane:Support_Description_Field
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--images"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.images`
+
+Optional:
+
+- `cleartext` (Boolean) UI map: AppEditPage:DrivesPane:Cleartext, AppDetailsPage:DrivesPane:ClearText_Field
+- `drvtype` (String) UI map: AppEditPage:DrivesPane:Drive_Type_Field, AppDetailsPage:DrivesPane:Drive_Type_Field
+- `ignorepurge` (Boolean) UI map: AppEditPage:DrivesPane:Ignorepurge, AppDetailsPage:DrivesPane:Ignorepurgee_Field
+- `imageformat` (String) UI map: AppEditPage:DrivesPane:Image_Format_Field, AppDetailsPage:DrivesPane:Image_Format_Field
+- `imageid` (String) UI map: AppEditPage:DrivesPane:Image_ID_Field, AppDetailsPage:DrivesPane:Image_ID_Field
+- `imagename` (String) UI map: AppEditPage:DrivesPane:Image_Name_Field, AppDetailsPage:DrivesPane:Image_Name_Field
+- `maxsize` (String) UI map: AppEditPage:DrivesPane:Max_Size_Field, AppDetailsPage:DrivesPane:Max_Size_Field
+- `mountpath` (String) UI map: AppEditPage:DrivesPane:Mountpath, AppDetailsPage:DrivesPane:Mountpath_Field
+- `params` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--images--params))
+- `preserve` (Boolean) UI map: AppEditPage:DrivesPane:Preserve_Field, AppDetailsPage:DrivesPane:Preserve_Field
+- `readonly` (Boolean)
+- `target` (String) UI map: AppEditPage:DrivesPane:Target_Field, AppDetailsPage:DrivesPane:Target_Field
+- `volumelabel` (String) UI map: AppEditPage:DrivesPane:Volume_Label, AppDetailsPage:DrivesPane:Volume_Label
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--images--params"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.images.params`
+
+Optional:
+
+- `name` (String) Name of the Parameter (Required)
+- `value` (String) Value of the parameter (Required)
+
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.interfaces`
+
+Optional:
+
+- `acls` (Block List) Traffic access control rules for this interface. Applicable only when "direct attach" flag is false. (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces--acls))
+- `directattach` (Boolean) If true, a physical adapter is assigned to the edge application directly. If false, a network instance is assigned to the edge application.
+- `name` (String) Interface name used by the edge application
+- `optional` (Boolean) Indicates if the interface is optional for edge application.
+- `privateip` (Boolean) If true, DHCP network can't be assigned and user needs to provide a static IP address.
+- `type` (String) Physical Adapter type for this interface. Applicable only when "direct attach" flag is true.
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces--acls"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.interfaces.acls`
+
+Optional:
+
+- `actions` (Block List) Chain of actions to be taken on matching network traffic (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces--acls--actions))
+- `matches` (Block List) Network traffic matching criteria consistngs of one or more of source IP address, destination IP address, protocol, source port and destination port (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces--acls--matches))
+- `name` (String) Name of the Access Control List
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces--acls--actions"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.interfaces.acls.actions`
+
+Optional:
+
+- `drop` (Boolean) Drop the packet
+- `limit` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limit_value` (Block List) Value to be used for limit action (Required if limit is true) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces--acls--actions--limit_value))
+- `limitburst` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitrate` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `portmap` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `portmapto` (Block List) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces--acls--actions--portmapto))
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces--acls--actions--limit_value"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.interfaces.acls.actions.limit_value`
+
+Optional:
+
+- `limitburst` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitrate` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+- `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces--acls--actions--portmapto"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.interfaces.acls.actions.portmapto`
+
+Optional:
+
+- `app_port` (Number) Application Port value
+
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--interfaces--acls--matches"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.interfaces.acls.matches`
+
+Optional:
+
+- `type` (String) Type of Match (Required)
+- `value` (String) Value of match (Required)
+
+
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--module"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.module`
+
+Optional:
+
+- `environment` (Map of String) Extra information to module to make configuration easier
+- `module_type` (String) Type of modules
+- `routes` (Map of String) Send messages between modules or send messages from modules to iot hub
+- `twin_detail` (String) Base64 encoded module twin details, desired properties of the module will be updated to reflect these values
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--owner"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.owner`
+
+Optional:
+
+- `company` (String) UI map: AppEditPage:IdentityPane:Category_Field, AppDetailsPage:IdentityPane:Category_Field
+- `email` (String) UI map: AppEditPage:DeveloperPane:Email_Field, AppDetailsPage:DeveloperPane:Email_Field
+- `group` (String)
+- `user` (String) UI map: AppEditPage:DeveloperPane:Name_Field, AppDetailsPage:DeveloperPane:Name_Field
+- `website` (String) UI map: AppEditPage:DeveloperPane:Website_Field, AppDetailsPage:DeveloperPane:Website_Field
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--permissions"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.permissions`
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--manifest_json--resources"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.manifest_json.resources`
+
+Optional:
+
+- `name` (String) Name of the Resource (Required)
+- `value` (String) Value of Resource (Required)
+
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--interfaces"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.interfaces`
+
+Required:
+
+- `intfname` (String) intf Name
+- `netinstname` (String) Network Instance name to be matched for interface assignment. Applicable only when "direct attach" flag is false
+- `privateip` (Boolean) Private IP flag
+
+Optional:
+
+- `access_vlan_id` (Number) access port VLAN ID, vlan id of zero will be treated as trunk port and vlan id 1 is implicitly used by linux bridges
+- `acls` (Block List) app Acls (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--interfaces--acls))
+- `default_net_instance` (Boolean) default instance flag
+- `directattach` (Boolean) direct attach flag
+- `eidregister` (Block List) EID register details (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--interfaces--eidregister))
+- `intforder` (Number) intforder
+- `io` (Block List) Physical Adapter to be matched for interface assignment. Applicable only when "direct attach" flag is true (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--interfaces--io))
+- `ipaddr` (String) IP address
+- `macaddr` (String) MAC address
+- `netinsttag` (Map of String) Network Instance tag to be matched for interface assignment. Applicable only when "direct attach" flag is false
+- `netname` (String) network name: will be deprecated in future, use netinstname
+
+Read-Only:
+
+- `netinstid` (String) Network Instance id to be matched for interface assignment.
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--interfaces--acls"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.interfaces.acls`
+
+Optional:
+
+- `actions` (Block List) app ACE actions (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--interfaces--acls--actions))
+- `matches` (Block List) app ACE match (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--interfaces--acls--matches))
+- `name` (String) User defined name of the app ACE, unique across the enterprise. Once object is created, name can’t be changed
+
+Read-Only:
+
+- `id` (Number) app ACE id
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--interfaces--acls--actions"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.interfaces.acls.actions`
+
+Optional:
+
+- `drop` (Boolean) ACE drop flag
+- `limit` (Boolean) ACE limit flag
+- `limitburst` (Number) ACE limit burst
+- `limitrate` (Number) ACE limit rate
+- `limitunit` (String) ACE limit unit
+- `mapparams` (Block List) Application map params (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--interfaces--acls--actions--mapparams))
+- `portmap` (Boolean) application port map flag
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--interfaces--acls--actions--mapparams"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.interfaces.acls.actions.mapparams`
+
+Optional:
+
+- `port` (Number) Application port
+
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--interfaces--acls--matches"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.interfaces.acls.matches`
+
+Optional:
+
+- `type` (String) Type
+- `value` (String) Value
+
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--interfaces--eidregister"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.interfaces.eidregister`
+
+Required:
+
+- `display_name` (String) Display name
+- `e_id` (String) EID
+- `e_id_hash_len` (Number) EID hash length
+- `lisp_instance` (Number) Lisp Instance
+- `lisp_map_servers` (Block List, Min: 1) Lisp Map Server (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--apps--interfaces--eidregister--lisp_map_servers))
+- `lisp_signature` (String) Lisp Signature
+- `uuid` (String) UUID
+
+Read-Only:
+
+- `app_cert` (String) app certificate
+- `app_private_key` (String) App private key
+- `app_public_key` (String) App public key
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--interfaces--eidregister--lisp_map_servers"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.interfaces.eidregister.lisp_map_servers`
+
+Required:
+
+- `credential` (String, Sensitive) lisp credential
+- `name_or_ip` (String) name/IP
+
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--interfaces--io"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.interfaces.io`
+
+Optional:
+
+- `name` (String) Physical Adapter name
+- `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
+- `type` (String) IoType specifies the type of the Input output of the device
+
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--apps--parent_detail"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.apps.parent_detail`
+
+Optional:
+
+- `reference_exists` (Boolean) Relation with child and parent object exists or not
+- `update_available` (Boolean) Update required flag
+
+Read-Only:
+
+- `id_of_parent_object` (String) system defined unique id of parent object
+- `version_of_parent_object` (Number) version of object present in parent
+
+
+
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent`
+
+Required:
+
+- `cpus` (Number) user defined cpus for bundle
+- `manifest_json` (Block List, Min: 1) Manifest data (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json))
+- `memory` (Number) user defined memory for bundle
+- `name` (String) User defined name of the edge application, unique across the enterprise. Once object is created, name can’t be changed
+- `networks` (Number) user defined network options
+- `origin_type` (String) origin of object
+- `title` (String) User defined title of the edge application. Title can be changed at any time
+
+Optional:
+
+- `app_id` (String) User defined name of the edge app, unique across the enterprise. Once app name is created, name can’t be changed
+- `app_version` (String) Current version of the attached bundle
+- `description` (String) Detailed description of the edge application
+- `interfaces` (Block List) application interfaces (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces))
+- `name_app_part` (String) User provided name part  for the auto deployed app
+- `name_project_part` (String) User provided name part  for the auto deployed app
+- `naming_scheme` (String) app naming scheme
+- `parent_detail` (Block List) origin and parent related details (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--parent_detail))
+- `start_delay_in_seconds` (Number) start delay is the time in seconds EVE should wait after boot before starting the application instance
+- `storage` (Number) user defined storage for bundle
+- `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
+
+Read-Only:
+
+- `drives` (Number) user defined drives
+- `id` (String) System defined universally unique Id of the edge application
+
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json`
+
+Required:
+
+- `ac_kind` (String) UI map: N/A - not exposed to users
+- `ac_version` (String) UI map: N/A - not exposed to users
+- `name` (String) UI map: AppEditPage:IdentityPane:Name_Field, AppDetailsPage:IdentityPane:Name_Field
+
+Optional:
+
+- `app_type` (String) bundle type, eg: vm, container, module
+- `configuration` (Block List) Template for Custom Configuration. Used for Cloud-Init (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration))
+- `container_detail` (Block List) Create options direct the creation of the Docker container (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--container_detail))
+- `cpu_pinning_enabled` (Boolean) Enable CpuPinning
+- `deployment_type` (String) type of deployment for the app, eg: azure, k3s, standalone
+- `desc` (Block List) Description of the application (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--desc))
+- `description` (String) UI map: AppDetailsPage:IdentityPane:DescriptionField, AppMarketplacePage:AppCard:DescriptionField
+- `display_name` (String) UI map: AppEditPage:IdentityPane:Title_Field, AppDetailsPage:IdentityPane:Title_Field
+- `enablevnc` (Boolean) UI map: AppEditPage:IdentityPane:VNC_Field, AppDetailsPage:IdentityPane:VNC_Field
+- `images` (Block List) UI map: AppEditPage:DrivesPane, AppDetailsPage:DrivesPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--images))
+- `interfaces` (Block List) UI map: AppEditPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces))
+- `module` (Block List) Azure module specific details like module twin, environment variable, routes (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--module))
+- `owner` (Block List) Owner of the application (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--owner))
+- `permissions` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--permissions))
+- `resources` (Block List) UI map: AppEditPage:ResourcesPane, AppDetailsPage:ResourcesPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--resources))
+- `vmmode` (String) UI map: AppEditPage:IdentityPane:VM_Mode_Field, AppDetailsPage:IdentityPane:VM_Mode_Field
+
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.configuration`
 
 Optional:
 
-- `custom_config` (Block List) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config))
+- `custom_config` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config))
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config`
 
 Optional:
 
@@ -3655,20 +5978,20 @@ Optional:
 - `name` (String) Name of CustomConfig (Required)
 - `override` (Boolean) Override existing custom config from App Bundle Manifest (Optional. Default: False)
 - `template` (String) base64 encrypted template string. (Optional)
-- `variable_groups` (Block List) List of Variable groups. (Required) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups))
+- `variable_groups` (Block List) List of Variable groups. (Required) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups))
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups`
 
 Optional:
 
-- `condition` (Block List) Condition to apply the variable group. (Optional. Default: None) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--condition))
+- `condition` (Block List) Condition to apply the variable group. (Optional. Default: None) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--condition))
 - `name` (String) Name of the Variable Group(Required)
 - `required` (Boolean) Indicates if the variable group is required to be specified for the App Instance. (Optional. Default:False)
-- `variables` (Block List) List of variables(Required) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables))
+- `variables` (Block List) List of variables(Required) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables))
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--condition"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups.condition`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--condition"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups.condition`
 
 Optional:
 
@@ -3677,8 +6000,8 @@ Optional:
 - `value` (String)
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups.variables`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups.variables`
 
 Required:
 
@@ -3692,13 +6015,13 @@ Optional:
 - `default` (String) Default value of the variable. (Optional. Default: <Default value based on type>)
 - `encode` (String) Encoding of file content. Applicable if format is VARIABLE_FORMAT_FILE
 - `max_length` (String) Max length of the value of the variable(Optional. Default: 1024)
-- `options` (Block List) Key-Value pair of options. Applicable if format is VARIABLE_FORMAT_DROPDOWN (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables--options))
+- `options` (Block List) Key-Value pair of options. Applicable if format is VARIABLE_FORMAT_DROPDOWN (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables--options))
 - `process_input` (String)
 - `type` (String)
 - `value` (String) User-specified value of the variable.(Required if required is true. Optional otherwise)
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables--options"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups.variables.options`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--configuration--custom_config--variable_groups--variables--options"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.configuration.custom_config.variable_groups.variables.options`
 
 Optional:
 
@@ -3710,16 +6033,16 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--container_detail"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.container_detail`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--container_detail"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.container_detail`
 
 Optional:
 
 - `container_create_option` (String) Create options direct the creation of the Docker container
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--desc"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.desc`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--desc"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.desc`
 
 Required:
 
@@ -3736,8 +6059,8 @@ Optional:
 - `support` (String) UI map: AppEditPage:DeveloperPane:Support_Description_Field, AppDetailsPage:DeveloperPane:Support_Description_Field
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--images"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.images`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--images"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.images`
 
 Optional:
 
@@ -3749,14 +6072,14 @@ Optional:
 - `imagename` (String) UI map: AppEditPage:DrivesPane:Image_Name_Field, AppDetailsPage:DrivesPane:Image_Name_Field
 - `maxsize` (String) UI map: AppEditPage:DrivesPane:Max_Size_Field, AppDetailsPage:DrivesPane:Max_Size_Field
 - `mountpath` (String) UI map: AppEditPage:DrivesPane:Mountpath, AppDetailsPage:DrivesPane:Mountpath_Field
-- `params` (Block List) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--images--params))
+- `params` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--images--params))
 - `preserve` (Boolean) UI map: AppEditPage:DrivesPane:Preserve_Field, AppDetailsPage:DrivesPane:Preserve_Field
 - `readonly` (Boolean)
 - `target` (String) UI map: AppEditPage:DrivesPane:Target_Field, AppDetailsPage:DrivesPane:Target_Field
 - `volumelabel` (String) UI map: AppEditPage:DrivesPane:Volume_Label, AppDetailsPage:DrivesPane:Volume_Label
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--images--params"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.images.params`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--images--params"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.images.params`
 
 Optional:
 
@@ -3765,43 +6088,43 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.interfaces`
 
 Optional:
 
-- `acls` (Block List) Traffic access control rules for this interface. Applicable only when "direct attach" flag is false. (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls))
+- `acls` (Block List) Traffic access control rules for this interface. Applicable only when "direct attach" flag is false. (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls))
 - `directattach` (Boolean) If true, a physical adapter is assigned to the edge application directly. If false, a network instance is assigned to the edge application.
 - `name` (String) Interface name used by the edge application
 - `optional` (Boolean) Indicates if the interface is optional for edge application.
 - `privateip` (Boolean) If true, DHCP network can't be assigned and user needs to provide a static IP address.
 - `type` (String) Physical Adapter type for this interface. Applicable only when "direct attach" flag is true.
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls`
 
 Optional:
 
-- `actions` (Block List) Chain of actions to be taken on matching network traffic (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions))
-- `matches` (Block List) Network traffic matching criteria consistngs of one or more of source IP address, destination IP address, protocol, source port and destination port (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--matches))
+- `actions` (Block List) Chain of actions to be taken on matching network traffic (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions))
+- `matches` (Block List) Network traffic matching criteria consistngs of one or more of source IP address, destination IP address, protocol, source port and destination port (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--matches))
 - `name` (String) Name of the Access Control List
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.actions`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.actions`
 
 Optional:
 
 - `drop` (Boolean) Drop the packet
 - `limit` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
-- `limit_value` (Block List) Value to be used for limit action (Required if limit is true) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--limit_value))
+- `limit_value` (Block List) Value to be used for limit action (Required if limit is true) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--limit_value))
 - `limitburst` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
 - `limitrate` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
 - `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
 - `portmap` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
-- `portmapto` (Block List) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--portmapto))
+- `portmapto` (Block List) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--portmapto))
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--limit_value"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.actions.limit_value`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--limit_value"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.actions.limit_value`
 
 Optional:
 
@@ -3810,8 +6133,8 @@ Optional:
 - `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--portmapto"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.actions.portmapto`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--actions--portmapto"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.actions.portmapto`
 
 Optional:
 
@@ -3819,8 +6142,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--matches"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.matches`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--interfaces--acls--matches"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.interfaces.acls.matches`
 
 Optional:
 
@@ -3830,8 +6153,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--module"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.module`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--module"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.module`
 
 Optional:
 
@@ -3841,8 +6164,8 @@ Optional:
 - `twin_detail` (String) Base64 encoded module twin details, desired properties of the module will be updated to reflect these values
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--owner"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.owner`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--owner"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.owner`
 
 Optional:
 
@@ -3853,12 +6176,12 @@ Optional:
 - `website` (String) UI map: AppEditPage:DeveloperPane:Website_Field, AppDetailsPage:DeveloperPane:Website_Field
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--permissions"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.permissions`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--permissions"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.permissions`
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--manifest_json--resources"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.manifest_json.resources`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--manifest_json--resources"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.manifest_json.resources`
 
 Optional:
 
@@ -3867,8 +6190,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.interfaces`
 
 Required:
 
@@ -3879,12 +6202,12 @@ Required:
 Optional:
 
 - `access_vlan_id` (Number) access port VLAN ID, vlan id of zero will be treated as trunk port and vlan id 1 is implicitly used by linux bridges
-- `acls` (Block List) app Acls (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls))
+- `acls` (Block List) app Acls (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--acls))
 - `default_net_instance` (Boolean) default instance flag
 - `directattach` (Boolean) direct attach flag
-- `eidregister` (Block List) EID register details (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--eidregister))
+- `eidregister` (Block List) EID register details (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--eidregister))
 - `intforder` (Number) intforder
-- `io` (Block List) Physical Adapter to be matched for interface assignment. Applicable only when "direct attach" flag is true (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--io))
+- `io` (Block List) Physical Adapter to be matched for interface assignment. Applicable only when "direct attach" flag is true (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--io))
 - `ipaddr` (String) IP address
 - `macaddr` (String) MAC address
 - `netinsttag` (Map of String) Network Instance tag to be matched for interface assignment. Applicable only when "direct attach" flag is false
@@ -3894,21 +6217,21 @@ Read-Only:
 
 - `netinstid` (String) Network Instance id to be matched for interface assignment.
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.acls`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--acls"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.interfaces.acls`
 
 Optional:
 
-- `actions` (Block List) app ACE actions (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--actions))
-- `matches` (Block List) app ACE match (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--matches))
+- `actions` (Block List) app ACE actions (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--acls--actions))
+- `matches` (Block List) app ACE match (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--acls--matches))
 - `name` (String) User defined name of the app ACE, unique across the enterprise. Once object is created, name can’t be changed
 
 Read-Only:
 
 - `id` (Number) app ACE id
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--actions"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.acls.actions`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--acls--actions"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.interfaces.acls.actions`
 
 Optional:
 
@@ -3917,11 +6240,11 @@ Optional:
 - `limitburst` (Number) ACE limit burst
 - `limitrate` (Number) ACE limit rate
 - `limitunit` (String) ACE limit unit
-- `mapparams` (Block List) Application map params (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--actions--mapparams))
+- `mapparams` (Block List) Application map params (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--acls--actions--mapparams))
 - `portmap` (Boolean) application port map flag
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--actions--mapparams"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.acls.actions.mapparams`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--acls--actions--mapparams"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.interfaces.acls.actions.mapparams`
 
 Optional:
 
@@ -3929,8 +6252,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--acls--matches"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.acls.matches`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--acls--matches"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.interfaces.acls.matches`
 
 Optional:
 
@@ -3939,8 +6262,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--eidregister"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.eidregister`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--eidregister"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.interfaces.eidregister`
 
 Required:
 
@@ -3948,7 +6271,7 @@ Required:
 - `e_id` (String) EID
 - `e_id_hash_len` (Number) EID hash length
 - `lisp_instance` (Number) Lisp Instance
-- `lisp_map_servers` (Block List, Min: 1) Lisp Map Server (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--eidregister--lisp_map_servers))
+- `lisp_map_servers` (Block List, Min: 1) Lisp Map Server (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--eidregister--lisp_map_servers))
 - `lisp_signature` (String) Lisp Signature
 - `uuid` (String) UUID
 
@@ -3958,8 +6281,8 @@ Read-Only:
 - `app_private_key` (String) App private key
 - `app_public_key` (String) App public key
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--eidregister--lisp_map_servers"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.eidregister.lisp_map_servers`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--eidregister--lisp_map_servers"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.interfaces.eidregister.lisp_map_servers`
 
 Required:
 
@@ -3968,8 +6291,8 @@ Required:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--interfaces--io"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.interfaces.io`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--interfaces--io"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.interfaces.io`
 
 Optional:
 
@@ -3979,8 +6302,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_agent--parent_detail"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_agent.parent_detail`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_agent--parent_detail"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_agent.parent_detail`
 
 Optional:
 
@@ -3994,13 +6317,13 @@ Read-Only:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub`
 
 Required:
 
 - `cpus` (Number) user defined cpus for bundle
-- `manifest_json` (Block List, Min: 1) Manifest data (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json))
+- `manifest_json` (Block List, Min: 1) Manifest data (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json))
 - `memory` (Number) user defined memory for bundle
 - `name` (String) User defined name of the edge application, unique across the enterprise. Once object is created, name can’t be changed
 - `networks` (Number) user defined network options
@@ -4012,11 +6335,11 @@ Optional:
 - `app_id` (String) User defined name of the edge app, unique across the enterprise. Once app name is created, name can’t be changed
 - `app_version` (String) Current version of the attached bundle
 - `description` (String) Detailed description of the edge application
-- `interfaces` (Block List) application interfaces (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces))
+- `interfaces` (Block List) application interfaces (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces))
 - `name_app_part` (String) User provided name part  for the auto deployed app
 - `name_project_part` (String) User provided name part  for the auto deployed app
 - `naming_scheme` (String) app naming scheme
-- `parent_detail` (Block List) origin and parent related details (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--parent_detail))
+- `parent_detail` (Block List) origin and parent related details (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--parent_detail))
 - `start_delay_in_seconds` (Number) start delay is the time in seconds EVE should wait after boot before starting the application instance
 - `storage` (Number) user defined storage for bundle
 - `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
@@ -4026,8 +6349,8 @@ Read-Only:
 - `drives` (Number) user defined drives
 - `id` (String) System defined universally unique Id of the edge application
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json`
 
 Required:
 
@@ -4038,31 +6361,31 @@ Required:
 Optional:
 
 - `app_type` (String) bundle type, eg: vm, container, module
-- `configuration` (Block List) Template for Custom Configuration. Used for Cloud-Init (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration))
-- `container_detail` (Block List) Create options direct the creation of the Docker container (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--container_detail))
+- `configuration` (Block List) Template for Custom Configuration. Used for Cloud-Init (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration))
+- `container_detail` (Block List) Create options direct the creation of the Docker container (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--container_detail))
 - `cpu_pinning_enabled` (Boolean) Enable CpuPinning
 - `deployment_type` (String) type of deployment for the app, eg: azure, k3s, standalone
-- `desc` (Block List) Description of the application (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--desc))
+- `desc` (Block List) Description of the application (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--desc))
 - `description` (String) UI map: AppDetailsPage:IdentityPane:DescriptionField, AppMarketplacePage:AppCard:DescriptionField
 - `display_name` (String) UI map: AppEditPage:IdentityPane:Title_Field, AppDetailsPage:IdentityPane:Title_Field
 - `enablevnc` (Boolean) UI map: AppEditPage:IdentityPane:VNC_Field, AppDetailsPage:IdentityPane:VNC_Field
-- `images` (Block List) UI map: AppEditPage:DrivesPane, AppDetailsPage:DrivesPane (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--images))
-- `interfaces` (Block List) UI map: AppEditPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces))
-- `module` (Block List) Azure module specific details like module twin, environment variable, routes (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--module))
-- `owner` (Block List) Owner of the application (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--owner))
-- `permissions` (Block List) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--permissions))
-- `resources` (Block List) UI map: AppEditPage:ResourcesPane, AppDetailsPage:ResourcesPane (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--resources))
+- `images` (Block List) UI map: AppEditPage:DrivesPane, AppDetailsPage:DrivesPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--images))
+- `interfaces` (Block List) UI map: AppEditPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces))
+- `module` (Block List) Azure module specific details like module twin, environment variable, routes (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--module))
+- `owner` (Block List) Owner of the application (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--owner))
+- `permissions` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--permissions))
+- `resources` (Block List) UI map: AppEditPage:ResourcesPane, AppDetailsPage:ResourcesPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--resources))
 - `vmmode` (String) UI map: AppEditPage:IdentityPane:VM_Mode_Field, AppDetailsPage:IdentityPane:VM_Mode_Field
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.configuration`
 
 Optional:
 
-- `custom_config` (Block List) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config))
+- `custom_config` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config))
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config`
 
 Optional:
 
@@ -4072,20 +6395,20 @@ Optional:
 - `name` (String) Name of CustomConfig (Required)
 - `override` (Boolean) Override existing custom config from App Bundle Manifest (Optional. Default: False)
 - `template` (String) base64 encrypted template string. (Optional)
-- `variable_groups` (Block List) List of Variable groups. (Required) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups))
+- `variable_groups` (Block List) List of Variable groups. (Required) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups))
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups`
 
 Optional:
 
-- `condition` (Block List) Condition to apply the variable group. (Optional. Default: None) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--condition))
+- `condition` (Block List) Condition to apply the variable group. (Optional. Default: None) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--condition))
 - `name` (String) Name of the Variable Group(Required)
 - `required` (Boolean) Indicates if the variable group is required to be specified for the App Instance. (Optional. Default:False)
-- `variables` (Block List) List of variables(Required) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables))
+- `variables` (Block List) List of variables(Required) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables))
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--condition"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups.condition`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--condition"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups.condition`
 
 Optional:
 
@@ -4094,8 +6417,8 @@ Optional:
 - `value` (String)
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups.variables`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups.variables`
 
 Required:
 
@@ -4109,13 +6432,13 @@ Optional:
 - `default` (String) Default value of the variable. (Optional. Default: <Default value based on type>)
 - `encode` (String) Encoding of file content. Applicable if format is VARIABLE_FORMAT_FILE
 - `max_length` (String) Max length of the value of the variable(Optional. Default: 1024)
-- `options` (Block List) Key-Value pair of options. Applicable if format is VARIABLE_FORMAT_DROPDOWN (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables--options))
+- `options` (Block List) Key-Value pair of options. Applicable if format is VARIABLE_FORMAT_DROPDOWN (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables--options))
 - `process_input` (String)
 - `type` (String)
 - `value` (String) User-specified value of the variable.(Required if required is true. Optional otherwise)
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables--options"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups.variables.options`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--configuration--custom_config--variable_groups--variables--options"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.configuration.custom_config.variable_groups.variables.options`
 
 Optional:
 
@@ -4127,16 +6450,16 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--container_detail"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.container_detail`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--container_detail"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.container_detail`
 
 Optional:
 
 - `container_create_option` (String) Create options direct the creation of the Docker container
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--desc"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.desc`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--desc"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.desc`
 
 Required:
 
@@ -4153,8 +6476,8 @@ Optional:
 - `support` (String) UI map: AppEditPage:DeveloperPane:Support_Description_Field, AppDetailsPage:DeveloperPane:Support_Description_Field
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--images"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.images`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--images"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.images`
 
 Optional:
 
@@ -4166,14 +6489,14 @@ Optional:
 - `imagename` (String) UI map: AppEditPage:DrivesPane:Image_Name_Field, AppDetailsPage:DrivesPane:Image_Name_Field
 - `maxsize` (String) UI map: AppEditPage:DrivesPane:Max_Size_Field, AppDetailsPage:DrivesPane:Max_Size_Field
 - `mountpath` (String) UI map: AppEditPage:DrivesPane:Mountpath, AppDetailsPage:DrivesPane:Mountpath_Field
-- `params` (Block List) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--images--params))
+- `params` (Block List) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--images--params))
 - `preserve` (Boolean) UI map: AppEditPage:DrivesPane:Preserve_Field, AppDetailsPage:DrivesPane:Preserve_Field
 - `readonly` (Boolean)
 - `target` (String) UI map: AppEditPage:DrivesPane:Target_Field, AppDetailsPage:DrivesPane:Target_Field
 - `volumelabel` (String) UI map: AppEditPage:DrivesPane:Volume_Label, AppDetailsPage:DrivesPane:Volume_Label
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--images--params"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.images.params`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--images--params"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.images.params`
 
 Optional:
 
@@ -4182,43 +6505,43 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.interfaces`
 
 Optional:
 
-- `acls` (Block List) Traffic access control rules for this interface. Applicable only when "direct attach" flag is false. (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls))
+- `acls` (Block List) Traffic access control rules for this interface. Applicable only when "direct attach" flag is false. (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls))
 - `directattach` (Boolean) If true, a physical adapter is assigned to the edge application directly. If false, a network instance is assigned to the edge application.
 - `name` (String) Interface name used by the edge application
 - `optional` (Boolean) Indicates if the interface is optional for edge application.
 - `privateip` (Boolean) If true, DHCP network can't be assigned and user needs to provide a static IP address.
 - `type` (String) Physical Adapter type for this interface. Applicable only when "direct attach" flag is true.
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls`
 
 Optional:
 
-- `actions` (Block List) Chain of actions to be taken on matching network traffic (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions))
-- `matches` (Block List) Network traffic matching criteria consistngs of one or more of source IP address, destination IP address, protocol, source port and destination port (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--matches))
+- `actions` (Block List) Chain of actions to be taken on matching network traffic (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions))
+- `matches` (Block List) Network traffic matching criteria consistngs of one or more of source IP address, destination IP address, protocol, source port and destination port (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--matches))
 - `name` (String) Name of the Access Control List
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.actions`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.actions`
 
 Optional:
 
 - `drop` (Boolean) Drop the packet
 - `limit` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
-- `limit_value` (Block List) Value to be used for limit action (Required if limit is true) (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--limit_value))
+- `limit_value` (Block List) Value to be used for limit action (Required if limit is true) (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--limit_value))
 - `limitburst` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
 - `limitrate` (Number) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
 - `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
 - `portmap` (Boolean) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
-- `portmapto` (Block List) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--portmapto))
+- `portmapto` (Block List) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--portmapto))
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--limit_value"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.actions.limit_value`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--limit_value"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.actions.limit_value`
 
 Optional:
 
@@ -4227,8 +6550,8 @@ Optional:
 - `limitunit` (String) UI map: AppDetailsPage:EnvironmentsPane, AppDetailsPage:EnvironmentsPane
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--portmapto"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.actions.portmapto`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--actions--portmapto"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.actions.portmapto`
 
 Optional:
 
@@ -4236,8 +6559,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--matches"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.matches`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--interfaces--acls--matches"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.interfaces.acls.matches`
 
 Optional:
 
@@ -4247,8 +6570,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--module"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.module`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--module"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.module`
 
 Optional:
 
@@ -4258,8 +6581,8 @@ Optional:
 - `twin_detail` (String) Base64 encoded module twin details, desired properties of the module will be updated to reflect these values
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--owner"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.owner`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--owner"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.owner`
 
 Optional:
 
@@ -4270,12 +6593,12 @@ Optional:
 - `website` (String) UI map: AppEditPage:DeveloperPane:Website_Field, AppDetailsPage:DeveloperPane:Website_Field
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--permissions"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.permissions`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--permissions"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.permissions`
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--manifest_json--resources"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.manifest_json.resources`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--manifest_json--resources"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.manifest_json.resources`
 
 Optional:
 
@@ -4284,8 +6607,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.interfaces`
 
 Required:
 
@@ -4296,12 +6619,12 @@ Required:
 Optional:
 
 - `access_vlan_id` (Number) access port VLAN ID, vlan id of zero will be treated as trunk port and vlan id 1 is implicitly used by linux bridges
-- `acls` (Block List) app Acls (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls))
+- `acls` (Block List) app Acls (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--acls))
 - `default_net_instance` (Boolean) default instance flag
 - `directattach` (Boolean) direct attach flag
-- `eidregister` (Block List) EID register details (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--eidregister))
+- `eidregister` (Block List) EID register details (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--eidregister))
 - `intforder` (Number) intforder
-- `io` (Block List) Physical Adapter to be matched for interface assignment. Applicable only when "direct attach" flag is true (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--io))
+- `io` (Block List) Physical Adapter to be matched for interface assignment. Applicable only when "direct attach" flag is true (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--io))
 - `ipaddr` (String) IP address
 - `macaddr` (String) MAC address
 - `netinsttag` (Map of String) Network Instance tag to be matched for interface assignment. Applicable only when "direct attach" flag is false
@@ -4311,21 +6634,21 @@ Read-Only:
 
 - `netinstid` (String) Network Instance id to be matched for interface assignment.
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.acls`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--acls"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.interfaces.acls`
 
 Optional:
 
-- `actions` (Block List) app ACE actions (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--actions))
-- `matches` (Block List) app ACE match (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--matches))
+- `actions` (Block List) app ACE actions (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--acls--actions))
+- `matches` (Block List) app ACE match (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--acls--matches))
 - `name` (String) User defined name of the app ACE, unique across the enterprise. Once object is created, name can’t be changed
 
 Read-Only:
 
 - `id` (Number) app ACE id
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--actions"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.acls.actions`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--acls--actions"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.interfaces.acls.actions`
 
 Optional:
 
@@ -4334,11 +6657,11 @@ Optional:
 - `limitburst` (Number) ACE limit burst
 - `limitrate` (Number) ACE limit rate
 - `limitunit` (String) ACE limit unit
-- `mapparams` (Block List) Application map params (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--actions--mapparams))
+- `mapparams` (Block List) Application map params (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--acls--actions--mapparams))
 - `portmap` (Boolean) application port map flag
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--actions--mapparams"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.acls.actions.mapparams`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--acls--actions--mapparams"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.interfaces.acls.actions.mapparams`
 
 Optional:
 
@@ -4346,8 +6669,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--acls--matches"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.acls.matches`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--acls--matches"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.interfaces.acls.matches`
 
 Optional:
 
@@ -4356,8 +6679,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--eidregister"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.eidregister`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--eidregister"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.interfaces.eidregister`
 
 Required:
 
@@ -4365,7 +6688,7 @@ Required:
 - `e_id` (String) EID
 - `e_id_hash_len` (Number) EID hash length
 - `lisp_instance` (Number) Lisp Instance
-- `lisp_map_servers` (Block List, Min: 1) Lisp Map Server (see [below for nested schema](#nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--eidregister--lisp_map_servers))
+- `lisp_map_servers` (Block List, Min: 1) Lisp Map Server (see [below for nested schema](#nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--eidregister--lisp_map_servers))
 - `lisp_signature` (String) Lisp Signature
 - `uuid` (String) UUID
 
@@ -4375,8 +6698,8 @@ Read-Only:
 - `app_private_key` (String) App private key
 - `app_public_key` (String) App public key
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--eidregister--lisp_map_servers"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.eidregister.lisp_map_servers`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--eidregister--lisp_map_servers"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.interfaces.eidregister.lisp_map_servers`
 
 Required:
 
@@ -4385,8 +6708,8 @@ Required:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--interfaces--io"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.interfaces.io`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--interfaces--io"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.interfaces.io`
 
 Optional:
 
@@ -4396,8 +6719,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--azure_edge_hub--parent_detail"></a>
-### Nested Schema for `attestation_policy.module_policy.azure_edge_hub.parent_detail`
+<a id="nestedblock--configuration_lock_policy--module_policy--azure_edge_hub--parent_detail"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.azure_edge_hub.parent_detail`
 
 Optional:
 
@@ -4411,8 +6734,8 @@ Read-Only:
 
 
 
-<a id="nestedblock--attestation_policy--module_policy--metrics"></a>
-### Nested Schema for `attestation_policy.module_policy.metrics`
+<a id="nestedblock--configuration_lock_policy--module_policy--metrics"></a>
+### Nested Schema for `configuration_lock_policy.module_policy.metrics`
 
 Optional:
 
@@ -4421,15 +6744,15 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--network_policy"></a>
-### Nested Schema for `attestation_policy.network_policy`
+<a id="nestedblock--configuration_lock_policy--network_policy"></a>
+### Nested Schema for `configuration_lock_policy.network_policy`
 
 Required:
 
-- `net_instance_config` (Block List, Min: 1) list of network details that will be created on all the devices of the project to which this policy is attached (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config))
+- `net_instance_config` (Block List, Min: 1) list of network details that will be created on all the devices of the project to which this policy is attached (see [below for nested schema](#nestedblock--configuration_lock_policy--network_policy--net_instance_config))
 
-<a id="nestedblock--attestation_policy--network_policy--net_instance_config"></a>
-### Nested Schema for `attestation_policy.network_policy.net_instance_config`
+<a id="nestedblock--configuration_lock_policy--network_policy--net_instance_config"></a>
+### Nested Schema for `configuration_lock_policy.network_policy.net_instance_config`
 
 Required:
 
@@ -4451,17 +6774,17 @@ Optional:
 - `description` (String) Detailed description of the network instance
 - `device_default` (Boolean) Flag to indicate if this is the default network instance for the device
 - `dhcp` (Boolean) Deprecated
-- `dns_list` (Block List) List of Static DNS entries (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--dns_list))
-- `ip` (Block List) DHCP Server Configuration (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--ip))
+- `dns_list` (Block List) List of Static DNS entries (see [below for nested schema](#nestedblock--configuration_lock_policy--network_policy--net_instance_config--dns_list))
+- `ip` (Block List) DHCP Server Configuration (see [below for nested schema](#nestedblock--configuration_lock_policy--network_policy--net_instance_config--ip))
 - `mtu` (Number) Maximum transmission unit (MTU) to set for the network instance and all application interfaces connected to it
 - `network_policy_id` (String) id of the network policy to be attached to this network instance
 - `oconfig` (String)
-- `opaque` (Block List) Service specific Config (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--opaque))
+- `opaque` (Block List) Service specific Config (see [below for nested schema](#nestedblock--configuration_lock_policy--network_policy--net_instance_config--opaque))
 - `port` (String) name of port mapping in the model
 - `port_tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
 - `project_id` (String) id of the project in which network instance is created
 - `propagate_connected_routes` (Boolean) Automatically propagate connected routes
-- `static_routes` (Block List) List of Static IP routes (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--static_routes))
+- `static_routes` (Block List) List of Static IP routes (see [below for nested schema](#nestedblock--configuration_lock_policy--network_policy--net_instance_config--static_routes))
 - `tags` (Map of String) Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
 - `type` (String) Type of DHCP for this Network Instance:
 NETWORK_INSTANCE_DHCP_TYPE_V4
@@ -4473,11 +6796,11 @@ NETWORK_INSTANCE_DHCP_TYPE_CRYPTOV6
 Read-Only:
 
 - `id` (String) System defined universally unique ID of the network instance
-- `lisp` (List of Object) Lisp Config : read only for now. Deprecated. (see [below for nested schema](#nestedatt--attestation_policy--network_policy--net_instance_config--lisp))
-- `revision` (List of Object) system defined info for the object (see [below for nested schema](#nestedatt--attestation_policy--network_policy--net_instance_config--revision))
+- `lisp` (List of Object) Lisp Config : read only for now. Deprecated. (see [below for nested schema](#nestedatt--configuration_lock_policy--network_policy--net_instance_config--lisp))
+- `revision` (List of Object) system defined info for the object (see [below for nested schema](#nestedatt--configuration_lock_policy--network_policy--net_instance_config--revision))
 
-<a id="nestedblock--attestation_policy--network_policy--net_instance_config--dns_list"></a>
-### Nested Schema for `attestation_policy.network_policy.net_instance_config.dns_list`
+<a id="nestedblock--configuration_lock_policy--network_policy--net_instance_config--dns_list"></a>
+### Nested Schema for `configuration_lock_policy.network_policy.net_instance_config.dns_list`
 
 Optional:
 
@@ -4485,12 +6808,12 @@ Optional:
 - `hostname` (String) Host name
 
 
-<a id="nestedblock--attestation_policy--network_policy--net_instance_config--ip"></a>
-### Nested Schema for `attestation_policy.network_policy.net_instance_config.ip`
+<a id="nestedblock--configuration_lock_policy--network_policy--net_instance_config--ip"></a>
+### Nested Schema for `configuration_lock_policy.network_policy.net_instance_config.ip`
 
 Optional:
 
-- `dhcp_range` (Block List) Range of IP addresses to be used for DHCP (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--ip--dhcp_range))
+- `dhcp_range` (Block List) Range of IP addresses to be used for DHCP (see [below for nested schema](#nestedblock--configuration_lock_policy--network_policy--net_instance_config--ip--dhcp_range))
 - `dns` (List of String) IP Addresses of DNS servers
 - `domain` (String) Network domain
 - `gateway` (String) IP Address of Network Gateway
@@ -4498,8 +6821,8 @@ Optional:
 - `ntp` (String) IP Address of NTP Server
 - `subnet` (String) Subnet address
 
-<a id="nestedblock--attestation_policy--network_policy--net_instance_config--ip--dhcp_range"></a>
-### Nested Schema for `attestation_policy.network_policy.net_instance_config.ip.dhcp_range`
+<a id="nestedblock--configuration_lock_policy--network_policy--net_instance_config--ip--dhcp_range"></a>
+### Nested Schema for `configuration_lock_policy.network_policy.net_instance_config.ip.dhcp_range`
 
 Optional:
 
@@ -4508,17 +6831,17 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--network_policy--net_instance_config--opaque"></a>
-### Nested Schema for `attestation_policy.network_policy.net_instance_config.opaque`
+<a id="nestedblock--configuration_lock_policy--network_policy--net_instance_config--opaque"></a>
+### Nested Schema for `configuration_lock_policy.network_policy.net_instance_config.opaque`
 
 Optional:
 
-- `lisp` (Block List) Deprecated - Lisp config (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--opaque--lisp))
+- `lisp` (Block List) Deprecated - Lisp config (see [below for nested schema](#nestedblock--configuration_lock_policy--network_policy--net_instance_config--opaque--lisp))
 - `oconfig` (String) base64 encoded string of opaque config
 - `type` (String) type of Opaque config
 
-<a id="nestedblock--attestation_policy--network_policy--net_instance_config--opaque--lisp"></a>
-### Nested Schema for `attestation_policy.network_policy.net_instance_config.opaque.lisp`
+<a id="nestedblock--configuration_lock_policy--network_policy--net_instance_config--opaque--lisp"></a>
+### Nested Schema for `configuration_lock_policy.network_policy.net_instance_config.opaque.lisp`
 
 Optional:
 
@@ -4527,10 +6850,10 @@ Optional:
 - `allocationprefixlen` (Number) Allocation Prefix Length
 - `exportprivate` (Boolean) Export Private flag
 - `lispiid` (Number) lisp id
-- `sp` (Block List) Service Point List (see [below for nested schema](#nestedblock--attestation_policy--network_policy--net_instance_config--opaque--lisp--sp))
+- `sp` (Block List) Service Point List (see [below for nested schema](#nestedblock--configuration_lock_policy--network_policy--net_instance_config--opaque--lisp--sp))
 
-<a id="nestedblock--attestation_policy--network_policy--net_instance_config--opaque--lisp--sp"></a>
-### Nested Schema for `attestation_policy.network_policy.net_instance_config.opaque.lisp.sp`
+<a id="nestedblock--configuration_lock_policy--network_policy--net_instance_config--opaque--lisp--sp"></a>
+### Nested Schema for `configuration_lock_policy.network_policy.net_instance_config.opaque.lisp.sp`
 
 Optional:
 
@@ -4541,8 +6864,8 @@ Optional:
 
 
 
-<a id="nestedblock--attestation_policy--network_policy--net_instance_config--static_routes"></a>
-### Nested Schema for `attestation_policy.network_policy.net_instance_config.static_routes`
+<a id="nestedblock--configuration_lock_policy--network_policy--net_instance_config--static_routes"></a>
+### Nested Schema for `configuration_lock_policy.network_policy.net_instance_config.static_routes`
 
 Optional:
 
@@ -4550,8 +6873,8 @@ Optional:
 - `prefix` (String) IP Prefix
 
 
-<a id="nestedatt--attestation_policy--network_policy--net_instance_config--lisp"></a>
-### Nested Schema for `attestation_policy.network_policy.net_instance_config.lisp`
+<a id="nestedatt--configuration_lock_policy--network_policy--net_instance_config--lisp"></a>
+### Nested Schema for `configuration_lock_policy.network_policy.net_instance_config.lisp`
 
 Read-Only:
 
@@ -4560,10 +6883,10 @@ Read-Only:
 - `allocationprefixlen` (Number)
 - `exportprivate` (Boolean)
 - `lispiid` (Number)
-- `sp` (List of Object) (see [below for nested schema](#nestedobjatt--attestation_policy--network_policy--net_instance_config--lisp--sp))
+- `sp` (List of Object) (see [below for nested schema](#nestedobjatt--configuration_lock_policy--network_policy--net_instance_config--lisp--sp))
 
-<a id="nestedobjatt--attestation_policy--network_policy--net_instance_config--lisp--sp"></a>
-### Nested Schema for `attestation_policy.network_policy.net_instance_config.lisp.sp`
+<a id="nestedobjatt--configuration_lock_policy--network_policy--net_instance_config--lisp--sp"></a>
+### Nested Schema for `configuration_lock_policy.network_policy.net_instance_config.lisp.sp`
 
 Read-Only:
 
@@ -4573,8 +6896,8 @@ Read-Only:
 
 
 
-<a id="nestedatt--attestation_policy--network_policy--net_instance_config--revision"></a>
-### Nested Schema for `attestation_policy.network_policy.net_instance_config.revision`
+<a id="nestedatt--configuration_lock_policy--network_policy--net_instance_config--revision"></a>
+### Nested Schema for `configuration_lock_policy.network_policy.net_instance_config.revision`
 
 Read-Only:
 
@@ -4588,8 +6911,8 @@ Read-Only:
 
 
 
-<a id="nestedatt--attestation_policy--revision"></a>
-### Nested Schema for `attestation_policy.revision`
+<a id="nestedatt--configuration_lock_policy--revision"></a>
+### Nested Schema for `configuration_lock_policy.revision`
 
 Read-Only:
 
@@ -5504,6 +7827,7 @@ Optional:
 - `attr` (Map of String) Mapping of policy  variable keys and policy variable values
 - `azure_policy` (Block List) azure policy, which is used in configuring azure iot-edge. (see [below for nested schema](#nestedblock--edgeview_policy--azure_policy))
 - `cluster_policy` (Block List) cluster policy to bring up cluster on devices in this project (see [below for nested schema](#nestedblock--edgeview_policy--cluster_policy))
+- `configuration_lock_policy` (Block List) configuration lock policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--edgeview_policy--configuration_lock_policy))
 - `description` (String) Detailed description of the policy
 - `edgeview_policy` (Block List) edgeview policy on devices of this project (see [below for nested schema](#nestedblock--edgeview_policy--edgeview_policy))
 - `local_operator_console_policy` (Block List) local operator console policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--edgeview_policy--local_operator_console_policy))
@@ -6237,6 +8561,18 @@ Optional:
 
 
 
+<a id="nestedblock--edgeview_policy--configuration_lock_policy"></a>
+### Nested Schema for `edgeview_policy.configuration_lock_policy`
+
+Required:
+
+- `config_lock` (String) configuration lock setting
+
+Read-Only:
+
+- `id` (String) unique policy id
+
+
 <a id="nestedblock--edgeview_policy--edgeview_policy"></a>
 ### Nested Schema for `edgeview_policy.edgeview_policy`
 
@@ -7785,6 +10121,7 @@ Optional:
 - `attr` (Map of String) Mapping of policy  variable keys and policy variable values
 - `azure_policy` (Block List) azure policy, which is used in configuring azure iot-edge. (see [below for nested schema](#nestedblock--local_operator_console_policy--azure_policy))
 - `cluster_policy` (Block List) cluster policy to bring up cluster on devices in this project (see [below for nested schema](#nestedblock--local_operator_console_policy--cluster_policy))
+- `configuration_lock_policy` (Block List) configuration lock policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--local_operator_console_policy--configuration_lock_policy))
 - `description` (String) Detailed description of the policy
 - `edgeview_policy` (Block List) edgeview policy on devices of this project (see [below for nested schema](#nestedblock--local_operator_console_policy--edgeview_policy))
 - `local_operator_console_policy` (Block List) local operator console policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--local_operator_console_policy--local_operator_console_policy))
@@ -8518,6 +10855,18 @@ Optional:
 
 
 
+<a id="nestedblock--local_operator_console_policy--configuration_lock_policy"></a>
+### Nested Schema for `local_operator_console_policy.configuration_lock_policy`
+
+Required:
+
+- `config_lock` (String) configuration lock setting
+
+Read-Only:
+
+- `id` (String) unique policy id
+
+
 <a id="nestedblock--local_operator_console_policy--edgeview_policy"></a>
 ### Nested Schema for `local_operator_console_policy.edgeview_policy`
 
@@ -10066,6 +12415,7 @@ Optional:
 - `attr` (Map of String) Mapping of policy  variable keys and policy variable values
 - `azure_policy` (Block List) azure policy, which is used in configuring azure iot-edge. (see [below for nested schema](#nestedblock--network_policy--azure_policy))
 - `cluster_policy` (Block List) cluster policy to bring up cluster on devices in this project (see [below for nested schema](#nestedblock--network_policy--cluster_policy))
+- `configuration_lock_policy` (Block List) configuration lock policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--network_policy--configuration_lock_policy))
 - `description` (String) Detailed description of the policy
 - `edgeview_policy` (Block List) edgeview policy on devices of this project (see [below for nested schema](#nestedblock--network_policy--edgeview_policy))
 - `local_operator_console_policy` (Block List) local operator console policy to enforce on all devices in this project (see [below for nested schema](#nestedblock--network_policy--local_operator_console_policy))
@@ -10799,6 +13149,18 @@ Optional:
 
 
 
+<a id="nestedblock--network_policy--configuration_lock_policy"></a>
+### Nested Schema for `network_policy.configuration_lock_policy`
+
+Required:
+
+- `config_lock` (String) configuration lock setting
+
+Read-Only:
+
+- `id` (String) unique policy id
+
+
 <a id="nestedblock--network_policy--edgeview_policy"></a>
 ### Nested Schema for `network_policy.edgeview_policy`
 
@@ -12337,6 +14699,14 @@ Read-Only:
 
 
 
+<a id="nestedblock--tag_level_settings"></a>
+### Nested Schema for `tag_level_settings`
+
+Optional:
+
+- `flow_log_transmission` (String) Flow log transmission setting for the network instances
+
+
 <a id="nestedatt--cloud_policy"></a>
 ### Nested Schema for `cloud_policy`
 
@@ -12347,6 +14717,7 @@ Read-Only:
 - `attr` (Map of String)
 - `azure_policy` (List of Object) (see [below for nested schema](#nestedobjatt--cloud_policy--azure_policy))
 - `cluster_policy` (List of Object) (see [below for nested schema](#nestedobjatt--cloud_policy--cluster_policy))
+- `configuration_lock_policy` (List of Object) (see [below for nested schema](#nestedobjatt--cloud_policy--configuration_lock_policy))
 - `description` (String)
 - `edgeview_policy` (List of Object) (see [below for nested schema](#nestedobjatt--cloud_policy--edgeview_policy))
 - `id` (String)
@@ -13038,6 +15409,15 @@ Read-Only:
 
 
 
+<a id="nestedobjatt--cloud_policy--configuration_lock_policy"></a>
+### Nested Schema for `cloud_policy.configuration_lock_policy`
+
+Read-Only:
+
+- `config_lock` (String)
+- `id` (String)
+
+
 <a id="nestedobjatt--cloud_policy--edgeview_policy"></a>
 ### Nested Schema for `cloud_policy.edgeview_policy`
 
@@ -14478,6 +16858,7 @@ Read-Only:
 - `attr` (Map of String)
 - `azure_policy` (List of Object) (see [below for nested schema](#nestedobjatt--module_policy--azure_policy))
 - `cluster_policy` (List of Object) (see [below for nested schema](#nestedobjatt--module_policy--cluster_policy))
+- `configuration_lock_policy` (List of Object) (see [below for nested schema](#nestedobjatt--module_policy--configuration_lock_policy))
 - `description` (String)
 - `edgeview_policy` (List of Object) (see [below for nested schema](#nestedobjatt--module_policy--edgeview_policy))
 - `id` (String)
@@ -15169,6 +17550,15 @@ Read-Only:
 
 
 
+<a id="nestedobjatt--module_policy--configuration_lock_policy"></a>
+### Nested Schema for `module_policy.configuration_lock_policy`
+
+Read-Only:
+
+- `config_lock` (String)
+- `id` (String)
+
+
 <a id="nestedobjatt--module_policy--edgeview_policy"></a>
 ### Nested Schema for `module_policy.edgeview_policy`
 
diff --git a/v2/models/configuration_lock.go b/v2/models/configuration_lock.go
new file mode 100644
index 00000000..54f34f4d
--- /dev/null
+++ b/v2/models/configuration_lock.go
@@ -0,0 +1,81 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
+)
+
+// ConfigurationLock configuration lock
+//
+// swagger:model ConfigurationLock
+type ConfigurationLock string
+
+func NewConfigurationLock(value ConfigurationLock) *ConfigurationLock {
+	return &value
+}
+
+// Pointer returns a pointer to a freshly-allocated ConfigurationLock.
+func (m ConfigurationLock) Pointer() *ConfigurationLock {
+	return &m
+}
+
+const (
+
+	// ConfigurationLockCONFIGURATIONLOCKUNSPECIFIED captures enum value "CONFIGURATION_LOCK_UNSPECIFIED"
+	ConfigurationLockCONFIGURATIONLOCKUNSPECIFIED ConfigurationLock = "CONFIGURATION_LOCK_UNSPECIFIED"
+
+	// ConfigurationLockCONFIGURATIONLOCKENABLED captures enum value "CONFIGURATION_LOCK_ENABLED"
+	ConfigurationLockCONFIGURATIONLOCKENABLED ConfigurationLock = "CONFIGURATION_LOCK_ENABLED"
+
+	// ConfigurationLockCONFIGURATIONLOCKDISABLED captures enum value "CONFIGURATION_LOCK_DISABLED"
+	ConfigurationLockCONFIGURATIONLOCKDISABLED ConfigurationLock = "CONFIGURATION_LOCK_DISABLED"
+)
+
+// for schema
+var configurationLockEnum []interface{}
+
+func init() {
+	var res []ConfigurationLock
+	if err := json.Unmarshal([]byte(`["CONFIGURATION_LOCK_UNSPECIFIED","CONFIGURATION_LOCK_ENABLED","CONFIGURATION_LOCK_DISABLED"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		configurationLockEnum = append(configurationLockEnum, v)
+	}
+}
+
+func (m ConfigurationLock) validateConfigurationLockEnum(path, location string, value ConfigurationLock) error {
+	if err := validate.EnumCase(path, location, value, configurationLockEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Validate validates this configuration lock
+func (m ConfigurationLock) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	// value enum
+	if err := m.validateConfigurationLockEnum("", "body", m); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// ContextValidate validates this configuration lock based on context it is used
+func (m ConfigurationLock) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
diff --git a/v2/models/configuration_lock_policy.go b/v2/models/configuration_lock_policy.go
new file mode 100644
index 00000000..f5fa3c12
--- /dev/null
+++ b/v2/models/configuration_lock_policy.go
@@ -0,0 +1,148 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// ConfigurationLockPolicy configuration lock policy body detail
+//
+// # Configuration lock policy to enforce on all devices of the project
+//
+// swagger:model ConfigurationLockPolicy
+type ConfigurationLockPolicy struct {
+
+	// configuration lock setting
+	// Required: true
+	ConfigLock *ConfigurationLock `json:"configLock"`
+
+	// unique policy id
+	// Read Only: true
+	// Pattern: [0-9-a-z-]+
+	ID string `json:"id,omitempty"`
+}
+
+// Validate validates this configuration lock policy
+func (m *ConfigurationLockPolicy) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateConfigLock(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ConfigurationLockPolicy) validateConfigLock(formats strfmt.Registry) error {
+
+	if err := validate.Required("configLock", "body", m.ConfigLock); err != nil {
+		return err
+	}
+
+	if err := validate.Required("configLock", "body", m.ConfigLock); err != nil {
+		return err
+	}
+
+	if m.ConfigLock != nil {
+		if err := m.ConfigLock.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("configLock")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("configLock")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ConfigurationLockPolicy) validateID(formats strfmt.Registry) error {
+	if swag.IsZero(m.ID) { // not required
+		return nil
+	}
+
+	if err := validate.Pattern("id", "body", m.ID, `[0-9-a-z-]+`); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validate this configuration lock policy based on the context it is used
+func (m *ConfigurationLockPolicy) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateConfigLock(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateID(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ConfigurationLockPolicy) contextValidateConfigLock(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.ConfigLock != nil {
+
+		if err := m.ConfigLock.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("configLock")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("configLock")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ConfigurationLockPolicy) contextValidateID(ctx context.Context, formats strfmt.Registry) error {
+
+	if err := validate.ReadOnly(ctx, "id", "body", string(m.ID)); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ConfigurationLockPolicy) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ConfigurationLockPolicy) UnmarshalBinary(b []byte) error {
+	var res ConfigurationLockPolicy
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
diff --git a/v2/models/network_instance_flow_log_transmission.go b/v2/models/network_instance_flow_log_transmission.go
new file mode 100644
index 00000000..adf4f5b0
--- /dev/null
+++ b/v2/models/network_instance_flow_log_transmission.go
@@ -0,0 +1,91 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
+)
+
+// NetworkInstanceFlowLogTransmission NetworkInstanceFlowLogTransmission represents the status of flow log transmission
+// within a network instance. This enum is used to enable or disable the transmission
+// of flow logs for monitoring and troubleshooting purposes.
+//
+//   - NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED: Default value. This value is not specified and should not be used.
+//   - NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_ENABLED: Flow log transmission is enabled. Logs will be sent to the designated
+//
+// logging service for the network instance.
+//   - NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_DISABLED: Flow log transmission is disabled. No logs will be sent from the
+//
+// network instance.
+//
+// swagger:model NetworkInstanceFlowLogTransmission
+type NetworkInstanceFlowLogTransmission string
+
+func NewNetworkInstanceFlowLogTransmission(value NetworkInstanceFlowLogTransmission) *NetworkInstanceFlowLogTransmission {
+	return &value
+}
+
+// Pointer returns a pointer to a freshly-allocated NetworkInstanceFlowLogTransmission.
+func (m NetworkInstanceFlowLogTransmission) Pointer() *NetworkInstanceFlowLogTransmission {
+	return &m
+}
+
+const (
+
+	// NetworkInstanceFlowLogTransmissionNETWORKINSTANCEFLOWLOGTRANSMISSIONUNSPECIFIED captures enum value "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+	NetworkInstanceFlowLogTransmissionNETWORKINSTANCEFLOWLOGTRANSMISSIONUNSPECIFIED NetworkInstanceFlowLogTransmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+
+	// NetworkInstanceFlowLogTransmissionNETWORKINSTANCEFLOWLOGTRANSMISSIONENABLED captures enum value "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_ENABLED"
+	NetworkInstanceFlowLogTransmissionNETWORKINSTANCEFLOWLOGTRANSMISSIONENABLED NetworkInstanceFlowLogTransmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_ENABLED"
+
+	// NetworkInstanceFlowLogTransmissionNETWORKINSTANCEFLOWLOGTRANSMISSIONDISABLED captures enum value "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_DISABLED"
+	NetworkInstanceFlowLogTransmissionNETWORKINSTANCEFLOWLOGTRANSMISSIONDISABLED NetworkInstanceFlowLogTransmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_DISABLED"
+)
+
+// for schema
+var networkInstanceFlowLogTransmissionEnum []interface{}
+
+func init() {
+	var res []NetworkInstanceFlowLogTransmission
+	if err := json.Unmarshal([]byte(`["NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED","NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_ENABLED","NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_DISABLED"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		networkInstanceFlowLogTransmissionEnum = append(networkInstanceFlowLogTransmissionEnum, v)
+	}
+}
+
+func (m NetworkInstanceFlowLogTransmission) validateNetworkInstanceFlowLogTransmissionEnum(path, location string, value NetworkInstanceFlowLogTransmission) error {
+	if err := validate.EnumCase(path, location, value, networkInstanceFlowLogTransmissionEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Validate validates this network instance flow log transmission
+func (m NetworkInstanceFlowLogTransmission) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	// value enum
+	if err := m.validateNetworkInstanceFlowLogTransmissionEnum("", "body", m); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// ContextValidate validates this network instance flow log transmission based on context it is used
+func (m NetworkInstanceFlowLogTransmission) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
diff --git a/v2/models/policy_config.go b/v2/models/policy_config.go
index 8e32bc9b..0a179c2e 100644
--- a/v2/models/policy_config.go
+++ b/v2/models/policy_config.go
@@ -36,6 +36,9 @@ type Policy struct {
 	// cluster policy to bring up cluster on devices in this project
 	ClusterPolicy *ClusterPolicy `json:"clusterPolicy,omitempty"`
 
+	// configuration lock policy to enforce on all devices in this project
+	ConfigurationLockPolicy *ConfigurationLockPolicy `json:"configurationLockPolicy,omitempty"`
+
 	// Detailed description of the policy
 	// Max Length: 256
 	Description string `json:"description,omitempty"`
@@ -108,6 +111,10 @@ func (m *Policy) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}
 
+	if err := m.validateConfigurationLockPolicy(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateDescription(formats); err != nil {
 		res = append(res, err)
 	}
@@ -238,6 +245,21 @@ func (m *Policy) validateClusterPolicy(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *Policy) validateConfigurationLockPolicy(formats strfmt.Registry) error {
+	if m.ConfigurationLockPolicy != nil {
+		if err := m.ConfigurationLockPolicy.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("configurationLockPolicy")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("configurationLockPolicy")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Policy) validateDescription(formats strfmt.Registry) error {
 	if swag.IsZero(m.Description) { // not required
 		return nil
@@ -474,6 +496,10 @@ func (m *Policy) ContextValidate(ctx context.Context, formats strfmt.Registry) e
 		res = append(res, err)
 	}
 
+	if err := m.contextValidateConfigurationLockPolicy(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateEdgeviewPolicy(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -576,6 +602,22 @@ func (m *Policy) contextValidateClusterPolicy(ctx context.Context, formats strfm
 	return nil
 }
 
+func (m *Policy) contextValidateConfigurationLockPolicy(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.ConfigurationLockPolicy != nil {
+		if err := m.ConfigurationLockPolicy.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("configurationLockPolicy")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("configurationLockPolicy")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Policy) contextValidateEdgeviewPolicy(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.EdgeviewPolicy != nil {
diff --git a/v2/models/tag.go b/v2/models/tag.go
index 82a7825c..81df3e6d 100644
--- a/v2/models/tag.go
+++ b/v2/models/tag.go
@@ -38,6 +38,9 @@ type Tag struct {
 	// Read Only: true
 	CloudPolicy *Policy `json:"cloudPolicy,omitempty"`
 
+	// Configuration lock prevents users to send unintentional misconfigurations
+	ConfigurationLockPolicy *Policy `json:"configurationLockPolicy,omitempty"`
+
 	// Deployment template containing different types of policies
 	Deployment *Deployment `json:"deployment,omitempty"`
 
@@ -78,6 +81,12 @@ type Tag struct {
 	// Read Only: true
 	Revision *ObjectRevision `json:"revision,omitempty"`
 
+	// tag level setting within a enterprise
+	TagLevelSettings *TagLevelSettings `json:"tagLevelSettings,omitempty"`
+
+	// Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.
+	Tags map[string]string `json:"tags,omitempty"`
+
 	// User defined title of the resource group. Title can be changed at any time.
 	// Required: true
 	// Max Length: 256
@@ -106,6 +115,10 @@ func (m *Tag) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}
 
+	if err := m.validateConfigurationLockPolicy(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateDeployment(formats); err != nil {
 		res = append(res, err)
 	}
@@ -142,6 +155,10 @@ func (m *Tag) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}
 
+	if err := m.validateTagLevelSettings(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateTitle(formats); err != nil {
 		res = append(res, err)
 	}
@@ -213,6 +230,25 @@ func (m *Tag) validateCloudPolicy(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *Tag) validateConfigurationLockPolicy(formats strfmt.Registry) error {
+	if swag.IsZero(m.ConfigurationLockPolicy) { // not required
+		return nil
+	}
+
+	if m.ConfigurationLockPolicy != nil {
+		if err := m.ConfigurationLockPolicy.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("configurationLockPolicy")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("configurationLockPolicy")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Tag) validateDeployment(formats strfmt.Registry) error {
 	if swag.IsZero(m.Deployment) { // not required
 		return nil
@@ -379,6 +415,25 @@ func (m *Tag) validateRevision(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *Tag) validateTagLevelSettings(formats strfmt.Registry) error {
+	if swag.IsZero(m.TagLevelSettings) { // not required
+		return nil
+	}
+
+	if m.TagLevelSettings != nil {
+		if err := m.TagLevelSettings.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("tagLevelSettings")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("tagLevelSettings")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Tag) validateTitle(formats strfmt.Registry) error {
 
 	if err := validate.Required("title", "body", m.Title); err != nil {
@@ -444,6 +499,10 @@ func (m *Tag) ContextValidate(ctx context.Context, formats strfmt.Registry) erro
 		res = append(res, err)
 	}
 
+	if err := m.contextValidateConfigurationLockPolicy(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateDeployment(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -476,6 +535,10 @@ func (m *Tag) ContextValidate(ctx context.Context, formats strfmt.Registry) erro
 		res = append(res, err)
 	}
 
+	if err := m.contextValidateTagLevelSettings(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateType(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -539,6 +602,22 @@ func (m *Tag) contextValidateCloudPolicy(ctx context.Context, formats strfmt.Reg
 	return nil
 }
 
+func (m *Tag) contextValidateConfigurationLockPolicy(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.ConfigurationLockPolicy != nil {
+		if err := m.ConfigurationLockPolicy.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("configurationLockPolicy")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("configurationLockPolicy")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Tag) contextValidateDeployment(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Deployment != nil {
@@ -661,6 +740,22 @@ func (m *Tag) contextValidateRevision(ctx context.Context, formats strfmt.Regist
 	return nil
 }
 
+func (m *Tag) contextValidateTagLevelSettings(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.TagLevelSettings != nil {
+		if err := m.TagLevelSettings.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("tagLevelSettings")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("tagLevelSettings")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Tag) contextValidateType(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Type != nil {
diff --git a/v2/models/tag_level_settings.go b/v2/models/tag_level_settings.go
new file mode 100644
index 00000000..78fe46cb
--- /dev/null
+++ b/v2/models/tag_level_settings.go
@@ -0,0 +1,111 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TagLevelSettings TagLevelSettings defines settings at a specific tag level within a enterprise.
+// It includes configurations that control certain behaviors or features,
+// such as the transmission of flow logs for monitoring and analysis purposes.
+//
+// swagger:model TagLevelSettings
+type TagLevelSettings struct {
+
+	// Flow log transmission setting for the network instances
+	FlowLogTransmission *NetworkInstanceFlowLogTransmission `json:"flowLogTransmission,omitempty"`
+}
+
+// Validate validates this tag level settings
+func (m *TagLevelSettings) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateFlowLogTransmission(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *TagLevelSettings) validateFlowLogTransmission(formats strfmt.Registry) error {
+	if swag.IsZero(m.FlowLogTransmission) { // not required
+		return nil
+	}
+
+	if m.FlowLogTransmission != nil {
+		if err := m.FlowLogTransmission.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("flowLogTransmission")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("flowLogTransmission")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this tag level settings based on the context it is used
+func (m *TagLevelSettings) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateFlowLogTransmission(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *TagLevelSettings) contextValidateFlowLogTransmission(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.FlowLogTransmission != nil {
+
+		if swag.IsZero(m.FlowLogTransmission) { // not required
+			return nil
+		}
+
+		if err := m.FlowLogTransmission.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("flowLogTransmission")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("flowLogTransmission")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TagLevelSettings) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TagLevelSettings) UnmarshalBinary(b []byte) error {
+	var res TagLevelSettings
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
diff --git a/v2/resources/testdata/application/create.tf b/v2/resources/testdata/application/create.tf
index c087c40b..17a81af2 100644
--- a/v2/resources/testdata/application/create.tf
+++ b/v2/resources/testdata/application/create.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
 			type = "ATTEST_POLICY_TYPE_ACCEPT"
 		}
 	}
+	tag_level_settings {
+		flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+	}
 }
 
 resource "zedcloud_application" "test_tf_provider" {
diff --git a/v2/resources/testdata/application_instance/create.tf b/v2/resources/testdata/application_instance/create.tf
index 8e3bb551..cef03300 100644
--- a/v2/resources/testdata/application_instance/create.tf
+++ b/v2/resources/testdata/application_instance/create.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
       type = "ATTEST_POLICY_TYPE_ACCEPT"
     }
   }
+  tag_level_settings {
+    flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+  }
 }
 
 resource "zedcloud_datastore"  "test_tf_provider" {
diff --git a/v2/resources/testdata/datastore/create.tf b/v2/resources/testdata/datastore/create.tf
index e23abe96..e95698f3 100644
--- a/v2/resources/testdata/datastore/create.tf
+++ b/v2/resources/testdata/datastore/create.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
             type = "ATTEST_POLICY_TYPE_ACCEPT"
         }
     }
+    tag_level_settings {
+        flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+    }
 }
 
 resource "zedcloud_datastore"  "test_datastore" {
diff --git a/v2/resources/testdata/image/create.tf b/v2/resources/testdata/image/create.tf
index 35655dca..4167a6d7 100644
--- a/v2/resources/testdata/image/create.tf
+++ b/v2/resources/testdata/image/create.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
             type = "ATTEST_POLICY_TYPE_ACCEPT"
         }
     }
+    tag_level_settings {
+        flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+    }
 }
 
 
diff --git a/v2/resources/testdata/network/create_complete_with_pac.tf b/v2/resources/testdata/network/create_complete_with_pac.tf
index e64a77f0..e5807b41 100644
--- a/v2/resources/testdata/network/create_complete_with_pac.tf
+++ b/v2/resources/testdata/network/create_complete_with_pac.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
             type = "ATTEST_POLICY_TYPE_ACCEPT"
         }
     }
+    tag_level_settings {
+        flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+    }
 }
 
 
diff --git a/v2/resources/testdata/network/create_complete_with_proxy.tf b/v2/resources/testdata/network/create_complete_with_proxy.tf
index cc2f48db..2adecd55 100644
--- a/v2/resources/testdata/network/create_complete_with_proxy.tf
+++ b/v2/resources/testdata/network/create_complete_with_proxy.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
       type = "ATTEST_POLICY_TYPE_ACCEPT"
     }
   }
+  tag_level_settings {
+    flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+  }
 }
 
 
diff --git a/v2/resources/testdata/network/create_required_only.tf b/v2/resources/testdata/network/create_required_only.tf
index e7c65f34..5f41c491 100644
--- a/v2/resources/testdata/network/create_required_only.tf
+++ b/v2/resources/testdata/network/create_required_only.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
             type = "ATTEST_POLICY_TYPE_ACCEPT"
         }
     }
+    tag_level_settings {
+        flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+    }
 }
 
 resource "zedcloud_network" "required_only" {
diff --git a/v2/resources/testdata/network_instance/create_complete.tf b/v2/resources/testdata/network_instance/create_complete.tf
index f01f3678..3584dca1 100644
--- a/v2/resources/testdata/network_instance/create_complete.tf
+++ b/v2/resources/testdata/network_instance/create_complete.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
             type = "ATTEST_POLICY_TYPE_ACCEPT"
         }
     }
+    tag_level_settings {
+        flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+    }
 }
 
 
diff --git a/v2/resources/testdata/network_instance/create_required_only.tf b/v2/resources/testdata/network_instance/create_required_only.tf
index 8aecff3f..4f7a8e3c 100644
--- a/v2/resources/testdata/network_instance/create_required_only.tf
+++ b/v2/resources/testdata/network_instance/create_required_only.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
       type = "ATTEST_POLICY_TYPE_ACCEPT"
     }
   }
+  tag_level_settings {
+    flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+  }
 }
 
 
diff --git a/v2/resources/testdata/node/create_all.tf b/v2/resources/testdata/node/create_all.tf
index b2b3b456..2b4517fb 100644
--- a/v2/resources/testdata/node/create_all.tf
+++ b/v2/resources/testdata/node/create_all.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
 			type = "ATTEST_POLICY_TYPE_ACCEPT"
 		}
 	}
+	tag_level_settings {
+		flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+	}
 }
 
 
diff --git a/v2/resources/testdata/node/create_required_only.tf b/v2/resources/testdata/node/create_required_only.tf
index db0f8a3f..02920e9c 100644
--- a/v2/resources/testdata/node/create_required_only.tf
+++ b/v2/resources/testdata/node/create_required_only.tf
@@ -18,6 +18,9 @@ resource "zedcloud_project" "test_tf_provider" {
 			type = "ATTEST_POLICY_TYPE_ACCEPT"
 		}
 	}
+	tag_level_settings {
+		flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+	}
 }
 
 
diff --git a/v2/resources/testdata/node/update_all.tf b/v2/resources/testdata/node/update_all.tf
index cfb896e2..568c9e66 100644
--- a/v2/resources/testdata/node/update_all.tf
+++ b/v2/resources/testdata/node/update_all.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
 			type = "ATTEST_POLICY_TYPE_ACCEPT"
 		}
 	}
+	tag_level_settings {
+		flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+	}
 }
 
 
diff --git a/v2/resources/testdata/patch_envelope/create.tf b/v2/resources/testdata/patch_envelope/create.tf
index ee573f39..79ebd261 100644
--- a/v2/resources/testdata/patch_envelope/create.tf
+++ b/v2/resources/testdata/patch_envelope/create.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
       type = "ATTEST_POLICY_TYPE_ACCEPT"
     }
   }
+  tag_level_settings {
+    flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+  }
 }
 
 
diff --git a/v2/resources/testdata/patch_reference_update/create.tf b/v2/resources/testdata/patch_reference_update/create.tf
index a2eb32df..e79dd100 100644
--- a/v2/resources/testdata/patch_reference_update/create.tf
+++ b/v2/resources/testdata/patch_reference_update/create.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
       type = "ATTEST_POLICY_TYPE_ACCEPT"
     }
   }
+  tag_level_settings {
+    flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+  }
 }
 
 
diff --git a/v2/resources/testdata/project/create.tf b/v2/resources/testdata/project/create.tf
index cdaedafc..8f45a415 100644
--- a/v2/resources/testdata/project/create.tf
+++ b/v2/resources/testdata/project/create.tf
@@ -1454,4 +1454,7 @@ resource "zedcloud_project" "test_tf_provider" {
         # }
 		#     status_message = ""
     # }
+	tag_level_settings {
+		flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+	}
 }
diff --git a/v2/resources/testdata/project/create.yaml b/v2/resources/testdata/project/create.yaml
index 92191c77..9af01521 100644
--- a/v2/resources/testdata/project/create.yaml
+++ b/v2/resources/testdata/project/create.yaml
@@ -32,3 +32,6 @@ edgeviewpolicy:
   statusmessage: "Policy configured successfully"
   type: POLICY_TYPE_EDGEVIEW
   title: ""
+taglevelsettings:
+  flowlogtransmission: "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+tags: {}  
diff --git a/v2/resources/testdata/project/create_required_only.tf b/v2/resources/testdata/project/create_required_only.tf
index 60e12a25..aaaddd43 100644
--- a/v2/resources/testdata/project/create_required_only.tf
+++ b/v2/resources/testdata/project/create_required_only.tf
@@ -1434,4 +1434,7 @@ resource "zedcloud_project" "test_tf_provider" {
         # }
 		#     status_message = ""
     # }
+	tag_level_settings {
+		flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+	}
 }
diff --git a/v2/resources/testdata/project/create_required_only.yaml b/v2/resources/testdata/project/create_required_only.yaml
index 78ab587e..d46f02ff 100644
--- a/v2/resources/testdata/project/create_required_only.yaml
+++ b/v2/resources/testdata/project/create_required_only.yaml
@@ -3,3 +3,6 @@ type: TAG_TYPE_PROJECT
 title: title
 attr: {}
 modulepolicy: []
+taglevelsettings:
+  flowlogtransmission: "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+tags: {}  
diff --git a/v2/resources/testdata/volume_instance/create.tf b/v2/resources/testdata/volume_instance/create.tf
index 7c01256b..18863956 100644
--- a/v2/resources/testdata/volume_instance/create.tf
+++ b/v2/resources/testdata/volume_instance/create.tf
@@ -15,6 +15,9 @@ resource "zedcloud_project" "test_tf_provider" {
       type = "ATTEST_POLICY_TYPE_ACCEPT"
     }
   }
+  tag_level_settings {
+    flow_log_transmission = "NETWORK_INSTANCE_FLOW_LOG_TRANSMISSION_UNSPECIFIED"
+  }
 }
 
 resource "zedcloud_brand" "test_tf_provider" {
diff --git a/v2/schemas/configuration_lock.go b/v2/schemas/configuration_lock.go
new file mode 100644
index 00000000..851f6f94
--- /dev/null
+++ b/v2/schemas/configuration_lock.go
@@ -0,0 +1,37 @@
+package schemas
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/zededa/terraform-provider-zedcloud/v2/models"
+)
+
+func ConfigurationLockModel(d *schema.ResourceData) *models.ConfigurationLock {
+	configurationLock, _ := d.Get("configuration_lock").(models.ConfigurationLock)
+	return &configurationLock
+}
+
+func ConfigurationLockModelFromMap(m map[string]interface{}) *models.ConfigurationLock {
+	configurationLock := m["configuration_lock"].(models.ConfigurationLock)
+	return &configurationLock
+}
+
+func SetConfigurationLockResourceData(d *schema.ResourceData, m *models.ConfigurationLock) {
+}
+
+func SetConfigurationLockSubResourceData(m []*models.ConfigurationLock) (d []*map[string]interface{}) {
+	for _, ConfigurationLockModel := range m {
+		if ConfigurationLockModel != nil {
+			properties := make(map[string]interface{})
+			d = append(d, &properties)
+		}
+	}
+	return
+}
+
+func ConfigurationLockSchema() map[string]*schema.Schema {
+	return map[string]*schema.Schema{}
+}
+
+func GetConfigurationLockPropertyFields() (t []string) {
+	return []string{}
+}
diff --git a/v2/schemas/configuration_lock_policy.go b/v2/schemas/configuration_lock_policy.go
new file mode 100644
index 00000000..7a1d7df1
--- /dev/null
+++ b/v2/schemas/configuration_lock_policy.go
@@ -0,0 +1,74 @@
+package schemas
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/zededa/terraform-provider-zedcloud/v2/models"
+)
+
+func ConfigurationLockPolicyModel(d *schema.ResourceData) *models.ConfigurationLockPolicy {
+	var configLock *models.ConfigurationLock // ConfigurationLock
+	configLockInterface, configLockIsSet := d.GetOk("config_lock")
+	if configLockIsSet {
+		configLockModel := configLockInterface.(string)
+		configLock = models.NewConfigurationLock(models.ConfigurationLock(configLockModel))
+	}
+	id, _ := d.Get("id").(string)
+	return &models.ConfigurationLockPolicy{
+		ConfigLock: configLock,
+		ID:         id,
+	}
+}
+
+func ConfigurationLockPolicyModelFromMap(m map[string]interface{}) *models.ConfigurationLockPolicy {
+	var configLock *models.ConfigurationLock // ConfigurationLock
+	configLockInterface, configLockIsSet := m["config_lock"]
+	if configLockIsSet {
+		configLockModel := configLockInterface.(string)
+		configLock = models.NewConfigurationLock(models.ConfigurationLock(configLockModel))
+	}
+	id := m["id"].(string)
+	return &models.ConfigurationLockPolicy{
+		ConfigLock: configLock,
+		ID:         id,
+	}
+}
+
+func SetConfigurationLockPolicyResourceData(d *schema.ResourceData, m *models.ConfigurationLockPolicy) {
+	d.Set("config_lock", m.ConfigLock)
+	d.Set("id", m.ID)
+}
+
+func SetConfigurationLockPolicySubResourceData(m []*models.ConfigurationLockPolicy) (d []*map[string]interface{}) {
+	for _, ConfigurationLockPolicyModel := range m {
+		if ConfigurationLockPolicyModel != nil {
+			properties := make(map[string]interface{})
+			properties["config_lock"] = ConfigurationLockPolicyModel.ConfigLock
+			properties["id"] = ConfigurationLockPolicyModel.ID
+			d = append(d, &properties)
+		}
+	}
+	return
+}
+
+func ConfigurationLockPolicySchema() map[string]*schema.Schema {
+	return map[string]*schema.Schema{
+		"config_lock": {
+			Description: `configuration lock setting`,
+			Type:        schema.TypeString,
+			Required:    true,
+		},
+
+		"id": {
+			Description: `unique policy id`,
+			Type:        schema.TypeString,
+			Computed:    true,
+		},
+	}
+}
+
+func GetConfigurationLockPolicyPropertyFields() (t []string) {
+	return []string{
+		"config_lock",
+		"id",
+	}
+}
diff --git a/v2/schemas/network_instance_flow_log_transmission.go b/v2/schemas/network_instance_flow_log_transmission.go
new file mode 100644
index 00000000..5995c7d6
--- /dev/null
+++ b/v2/schemas/network_instance_flow_log_transmission.go
@@ -0,0 +1,37 @@
+package schemas
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/zededa/terraform-provider-zedcloud/v2/models"
+)
+
+func NetworkInstanceFlowLogTransmissionModel(d *schema.ResourceData) *models.NetworkInstanceFlowLogTransmission {
+	networkInstanceFlowLogTransmission, _ := d.Get("network_instance_flow_log_transmission").(models.NetworkInstanceFlowLogTransmission)
+	return &networkInstanceFlowLogTransmission
+}
+
+func NetworkInstanceFlowLogTransmissionModelFromMap(m map[string]interface{}) *models.NetworkInstanceFlowLogTransmission {
+	networkInstanceFlowLogTransmission := m["network_instance_flow_log_transmission"].(models.NetworkInstanceFlowLogTransmission)
+	return &networkInstanceFlowLogTransmission
+}
+
+func SetNetworkInstanceFlowLogTransmissionResourceData(d *schema.ResourceData, m *models.NetworkInstanceFlowLogTransmission) {
+}
+
+func SetNetworkInstanceFlowLogTransmissionSubResourceData(m []*models.NetworkInstanceFlowLogTransmission) (d []*map[string]interface{}) {
+	for _, NetworkInstanceFlowLogTransmissionModel := range m {
+		if NetworkInstanceFlowLogTransmissionModel != nil {
+			properties := make(map[string]interface{})
+			d = append(d, &properties)
+		}
+	}
+	return
+}
+
+func NetworkInstanceFlowLogTransmissionSchema() map[string]*schema.Schema {
+	return map[string]*schema.Schema{}
+}
+
+func GetNetworkInstanceFlowLogTransmissionPropertyFields() (t []string) {
+	return []string{}
+}
diff --git a/v2/schemas/policy_config.go b/v2/schemas/policy_config.go
index 97ba44e0..74519d16 100644
--- a/v2/schemas/policy_config.go
+++ b/v2/schemas/policy_config.go
@@ -50,6 +50,14 @@ func PolicyConfigModel(d *schema.ResourceData) *models.Policy {
 			clusterPolicy = ClusterPolicyModelFromMap(clusterPolicyMap[0].(map[string]interface{}))
 		}
 	}
+	var configurationLockPolicy *models.ConfigurationLockPolicy // ConfigurationLockPolicy
+	configurationLockPolicyInterface, configurationLockPolicyIsSet := d.GetOk("configuration_lock_policy")
+	if configurationLockPolicyIsSet && configurationLockPolicyInterface != nil {
+		configurationLockPolicyMap := configurationLockPolicyInterface.([]interface{})
+		if len(configurationLockPolicyMap) > 0 {
+			configurationLockPolicy = ConfigurationLockPolicyModelFromMap(configurationLockPolicyMap[0].(map[string]interface{}))
+		}
+	}
 	description, _ := d.Get("description").(string)
 	var edgeviewPolicy *models.EdgeviewPolicy // EdgeviewPolicy
 	edgeviewPolicyInterface, edgeviewPolicyIsSet := d.GetOk("edgeview_policy")
@@ -99,15 +107,16 @@ func PolicyConfigModel(d *schema.ResourceData) *models.Policy {
 		Attr:                       attr,
 		AzurePolicy:                azurePolicy,
 		ClusterPolicy:              clusterPolicy,
+		ConfigurationLockPolicy:    configurationLockPolicy,
 		Description:                description,
 		EdgeviewPolicy:             edgeviewPolicy,
 		ID:                         id,
 		LocalOperatorConsolePolicy: localOperatorConsolePolicy,
 		ModulePolicy:               modulePolicy,
-		Name:                       &name, // string true false false
+		Name:                       &name, // string
 		NetworkPolicy:              networkPolicy,
 		StatusMessage:              statusMessage,
-		Title:                      &title, // string true false false
+		Title:                      &title, // string
 		Type:                       typeVar,
 	}
 }
@@ -161,6 +170,15 @@ func PolicyConfigModelFromMap(m map[string]interface{}) *models.Policy {
 		}
 	}
 	//
+	var configurationLockPolicy *models.ConfigurationLockPolicy // ConfigurationLockPolicy
+	configurationLockPolicyInterface, configurationLockPolicyIsSet := m["configuration_lock_policy"]
+	if configurationLockPolicyIsSet && configurationLockPolicyInterface != nil {
+		configurationLockPolicyMap := configurationLockPolicyInterface.([]interface{})
+		if len(configurationLockPolicyMap) > 0 {
+			configurationLockPolicy = ConfigurationLockPolicyModelFromMap(configurationLockPolicyMap[0].(map[string]interface{}))
+		}
+	}
+	//
 	description := m["description"].(string)
 	var edgeviewPolicy *models.EdgeviewPolicy // EdgeviewPolicy
 	edgeviewPolicyInterface, edgeviewPolicyIsSet := m["edgeview_policy"]
@@ -214,6 +232,7 @@ func PolicyConfigModelFromMap(m map[string]interface{}) *models.Policy {
 		Attr:                       attr,
 		AzurePolicy:                azurePolicy,
 		ClusterPolicy:              clusterPolicy,
+		ConfigurationLockPolicy:    configurationLockPolicy,
 		Description:                description,
 		EdgeviewPolicy:             edgeviewPolicy,
 		ID:                         id,
@@ -233,6 +252,7 @@ func SetPolicyConfigResourceData(d *schema.ResourceData, m *models.Policy) {
 	d.Set("attr", m.Attr)
 	d.Set("azure_policy", SetAzurePolicySubResourceData([]*models.AzurePolicy{m.AzurePolicy}))
 	d.Set("cluster_policy", SetClusterPolicySubResourceData([]*models.ClusterPolicy{m.ClusterPolicy}))
+	d.Set("configuration_lock_policy", SetConfigurationLockPolicySubResourceData([]*models.ConfigurationLockPolicy{m.ConfigurationLockPolicy}))
 	d.Set("description", m.Description)
 	d.Set("edgeview_policy", SetEdgeviewPolicySubResourceData([]*models.EdgeviewPolicy{m.EdgeviewPolicy}))
 	d.Set("id", m.ID)
@@ -256,6 +276,7 @@ func SetPolicyConfigSubResourceData(m []*models.Policy) (d []*map[string]interfa
 			properties["attr"] = PolicyConfigModel.Attr
 			properties["azure_policy"] = SetAzurePolicySubResourceData([]*models.AzurePolicy{PolicyConfigModel.AzurePolicy})
 			properties["cluster_policy"] = SetClusterPolicySubResourceData([]*models.ClusterPolicy{PolicyConfigModel.ClusterPolicy})
+			properties["configuration_lock_policy"] = SetConfigurationLockPolicySubResourceData([]*models.ConfigurationLockPolicy{PolicyConfigModel.ConfigurationLockPolicy})
 			properties["description"] = PolicyConfigModel.Description
 			properties["edgeview_policy"] = SetEdgeviewPolicySubResourceData([]*models.EdgeviewPolicy{PolicyConfigModel.EdgeviewPolicy})
 			properties["id"] = PolicyConfigModel.ID
@@ -322,6 +343,15 @@ func Policy() map[string]*schema.Schema {
 			Optional: true,
 		},
 
+		"configuration_lock_policy": {
+			Description: `configuration lock policy to enforce on all devices in this project`,
+			Type:        schema.TypeList, //GoType: ConfigurationLockPolicy
+			Elem: &schema.Resource{
+				Schema: ConfigurationLockPolicySchema(),
+			},
+			Optional: true,
+		},
+
 		"description": {
 			Description: `Detailed description of the policy`,
 			Type:        schema.TypeString,
@@ -419,6 +449,7 @@ func GetPolicyConfigPropertyFields() (t []string) {
 		"attr",
 		"azure_policy",
 		"cluster_policy",
+		"configuration_lock_policy",
 		"description",
 		"edgeview_policy",
 		"id",
diff --git a/v2/schemas/tag.go b/v2/schemas/tag.go
index 4f151562..5865a88a 100644
--- a/v2/schemas/tag.go
+++ b/v2/schemas/tag.go
@@ -14,6 +14,14 @@ func TagModel(d *schema.ResourceData) *models.Tag {
 			attestationPolicy = PolicyConfigModelFromMap(attestationPolicyMap[0].(map[string]interface{}))
 		}
 	}
+	var configurationLockPolicy *models.Policy // Policy
+	configurationLockPolicyInterface, configurationLockPolicyIsSet := d.GetOk("configuration_lock_policy")
+	if configurationLockPolicyIsSet && configurationLockPolicyInterface != nil {
+		configurationLockPolicyMap := configurationLockPolicyInterface.([]interface{})
+		if len(configurationLockPolicyMap) > 0 {
+			configurationLockPolicy = PolicyConfigModelFromMap(configurationLockPolicyMap[0].(map[string]interface{}))
+		}
+	}
 	var deployment *models.Deployment // Deployment
 	deploymentInterface, deploymentIsSet := d.GetOk("deployment")
 	if deploymentIsSet && deploymentInterface != nil {
@@ -23,7 +31,7 @@ func TagModel(d *schema.ResourceData) *models.Tag {
 		}
 	}
 	description, _ := d.Get("description").(string)
-	var edgeviewPolicy *models.Policy // PolicyConfig
+	var edgeviewPolicy *models.Policy // Policy
 	edgeviewPolicyInterface, edgeviewPolicyIsSet := d.GetOk("edgeview_policy")
 	if edgeviewPolicyIsSet && edgeviewPolicyInterface != nil {
 		edgeviewPolicyMap := edgeviewPolicyInterface.([]interface{})
@@ -49,6 +57,26 @@ func TagModel(d *schema.ResourceData) *models.Tag {
 			networkPolicy = PolicyConfigModelFromMap(networkPolicyMap[0].(map[string]interface{}))
 		}
 	}
+	var tagLevelSettings *models.TagLevelSettings // TagLevelSettings
+	tagLevelSettingsInterface, tagLevelSettingsIsSet := d.GetOk("tag_level_settings")
+	if tagLevelSettingsIsSet && tagLevelSettingsInterface != nil {
+		tagLevelSettingsMap := tagLevelSettingsInterface.([]interface{})
+		if len(tagLevelSettingsMap) > 0 {
+			tagLevelSettings = TagLevelSettingsModelFromMap(tagLevelSettingsMap[0].(map[string]interface{}))
+		}
+	}
+	tags := map[string]string{}
+	tagsInterface, tagsIsSet := d.GetOk("tags")
+	if tagsIsSet {
+		tagsMap := tagsInterface.(map[string]interface{})
+		for k, v := range tagsMap {
+			if v == nil {
+				continue
+			}
+			tags[k] = v.(string)
+		}
+	}
+
 	title, _ := d.Get("title").(string)
 	var typeVar *models.TagType // TagType
 	typeInterface, typeIsSet := d.GetOk("type")
@@ -58,14 +86,17 @@ func TagModel(d *schema.ResourceData) *models.Tag {
 	}
 	return &models.Tag{
 		AttestationPolicy:          attestationPolicy,
+		ConfigurationLockPolicy:    configurationLockPolicy,
 		Deployment:                 deployment,
 		Description:                description,
 		EdgeviewPolicy:             edgeviewPolicy,
 		ID:                         id,
 		LocalOperatorConsolePolicy: localOperatorConsolePolicy,
-		Name:                       &name, // string true false false
+		Name:                       &name, // string
 		NetworkPolicy:              networkPolicy,
-		Title:                      &title, // string true false false
+		TagLevelSettings:           tagLevelSettings,
+		Tags:                       tags,
+		Title:                      &title, // string
 		Type:                       typeVar,
 	}
 }
@@ -80,6 +111,15 @@ func TagModelFromMap(m map[string]interface{}) *models.Tag {
 		}
 	}
 	//
+	var configurationLockPolicy *models.Policy // Policy
+	configurationLockPolicyInterface, configurationLockPolicyIsSet := m["configuration_lock_policy"]
+	if configurationLockPolicyIsSet && configurationLockPolicyInterface != nil {
+		configurationLockPolicyMap := configurationLockPolicyInterface.([]interface{})
+		if len(configurationLockPolicyMap) > 0 {
+			configurationLockPolicy = PolicyConfigModelFromMap(configurationLockPolicyMap[0].(map[string]interface{}))
+		}
+	}
+	//
 	var deployment *models.Deployment // Deployment
 	deploymentInterface, deploymentIsSet := m["deployment"]
 	if deploymentIsSet && deploymentInterface != nil {
@@ -119,6 +159,27 @@ func TagModelFromMap(m map[string]interface{}) *models.Tag {
 		}
 	}
 	//
+	var tagLevelSettings *models.TagLevelSettings // TagLevelSettings
+	tagLevelSettingsInterface, tagLevelSettingsIsSet := m["tag_level_settings"]
+	if tagLevelSettingsIsSet && tagLevelSettingsInterface != nil {
+		tagLevelSettingsMap := tagLevelSettingsInterface.([]interface{})
+		if len(tagLevelSettingsMap) > 0 {
+			tagLevelSettings = TagLevelSettingsModelFromMap(tagLevelSettingsMap[0].(map[string]interface{}))
+		}
+	}
+	//
+	tags := map[string]string{}
+	tagsInterface, tagsIsSet := m["tags"]
+	if tagsIsSet {
+		tagsMap := tagsInterface.(map[string]interface{})
+		for k, v := range tagsMap {
+			if v == nil {
+				continue
+			}
+			tags[k] = v.(string)
+		}
+	}
+
 	title := m["title"].(string)
 	var typeVar *models.TagType // TagType
 	typeInterface, typeIsSet := m["type"]
@@ -128,6 +189,7 @@ func TagModelFromMap(m map[string]interface{}) *models.Tag {
 	}
 	return &models.Tag{
 		AttestationPolicy:          attestationPolicy,
+		ConfigurationLockPolicy:    configurationLockPolicy,
 		Deployment:                 deployment,
 		Description:                description,
 		EdgeviewPolicy:             edgeviewPolicy,
@@ -135,6 +197,8 @@ func TagModelFromMap(m map[string]interface{}) *models.Tag {
 		LocalOperatorConsolePolicy: localOperatorConsolePolicy,
 		Name:                       &name,
 		NetworkPolicy:              networkPolicy,
+		TagLevelSettings:           tagLevelSettings,
+		Tags:                       tags,
 		Title:                      &title,
 		Type:                       typeVar,
 	}
@@ -145,6 +209,7 @@ func SetTagResourceData(d *schema.ResourceData, m *models.Tag) {
 	d.Set("attestation_policy", SetPolicyConfigSubResourceData([]*models.Policy{m.AttestationPolicy}))
 	d.Set("attr", m.Attr)
 	d.Set("cloud_policy", SetPolicyConfigSubResourceData([]*models.Policy{m.CloudPolicy}))
+	d.Set("configuration_lock_policy", SetPolicyConfigSubResourceData([]*models.Policy{m.ConfigurationLockPolicy}))
 	d.Set("deployment", SetDeploymentSubResourceData([]*models.Deployment{m.Deployment}))
 	d.Set("description", m.Description)
 	d.Set("edgeview_policy", SetPolicyConfigSubResourceData([]*models.Policy{m.EdgeviewPolicy}))
@@ -155,6 +220,8 @@ func SetTagResourceData(d *schema.ResourceData, m *models.Tag) {
 	d.Set("network_policy", SetPolicyConfigSubResourceData([]*models.Policy{m.NetworkPolicy}))
 	d.Set("numdevices", m.Numdevices)
 	d.Set("revision", SetObjectRevisionSubResourceData([]*models.ObjectRevision{m.Revision}))
+	d.Set("tag_level_settings", SetTagLevelSettingsSubResourceData([]*models.TagLevelSettings{m.TagLevelSettings}))
+	d.Set("tags", m.Tags)
 	d.Set("title", m.Title)
 	d.Set("type", m.Type)
 }
@@ -167,6 +234,7 @@ func SetTagSubResourceData(m []*models.Tag) (d []*map[string]interface{}) {
 			properties["attestation_policy"] = SetPolicyConfigSubResourceData([]*models.Policy{TagModel.AttestationPolicy})
 			properties["attr"] = TagModel.Attr
 			properties["cloud_policy"] = SetPolicyConfigSubResourceData([]*models.Policy{TagModel.CloudPolicy})
+			properties["configuration_lock_policy"] = SetPolicyConfigSubResourceData([]*models.Policy{TagModel.ConfigurationLockPolicy})
 			properties["deployment"] = SetDeploymentSubResourceData([]*models.Deployment{TagModel.Deployment})
 			properties["description"] = TagModel.Description
 			properties["edgeview_policy"] = SetPolicyConfigSubResourceData([]*models.Policy{TagModel.EdgeviewPolicy})
@@ -177,6 +245,8 @@ func SetTagSubResourceData(m []*models.Tag) (d []*map[string]interface{}) {
 			properties["network_policy"] = SetPolicyConfigSubResourceData([]*models.Policy{TagModel.NetworkPolicy})
 			properties["numdevices"] = TagModel.Numdevices
 			properties["revision"] = SetObjectRevisionSubResourceData([]*models.ObjectRevision{TagModel.Revision})
+			properties["tag_level_settings"] = SetTagLevelSettingsSubResourceData([]*models.TagLevelSettings{TagModel.TagLevelSettings})
+			properties["tags"] = TagModel.Tags
 			properties["title"] = TagModel.Title
 			properties["type"] = TagModel.Type
 			d = append(d, &properties)
@@ -224,6 +294,15 @@ func Project() map[string]*schema.Schema {
 			Computed: true,
 		},
 
+		"configuration_lock_policy": {
+			Description: `Configuration lock prevents users to send unintentional misconfigurations`,
+			Type:        schema.TypeList, //GoType: Policy
+			Elem: &schema.Resource{
+				Schema: Policy(),
+			},
+			Optional: true,
+		},
+
 		"deployment": {
 			Description: `Deployment template containing different types of policies`,
 			Type:        schema.TypeList, //GoType: Deployment
@@ -303,6 +382,24 @@ func Project() map[string]*schema.Schema {
 			Computed: true,
 		},
 
+		"tag_level_settings": {
+			Description: `tag level setting within a enterprise`,
+			Type:        schema.TypeList, //GoType: TagLevelSettings
+			Elem: &schema.Resource{
+				Schema: TagLevelSettingsSchema(),
+			},
+			Optional: true,
+		},
+
+		"tags": {
+			Description: `Tags are name/value pairs that enable you to categorize resources. Tag names are case insensitive with max_length 512 and min_length 3. Tag values are case sensitive with max_length 256 and min_length 3.`,
+			Type:        schema.TypeMap, //GoType: map[string]string
+			Elem: &schema.Schema{
+				Type: schema.TypeString,
+			},
+			Optional: true,
+		},
+
 		"title": {
 			Description: `User defined title of the resource group. Title can be changed at any time.`,
 			Type:        schema.TypeString,
@@ -320,6 +417,7 @@ func Project() map[string]*schema.Schema {
 func GetTagPropertyFields() (t []string) {
 	return []string{
 		"attestation_policy",
+		"configuration_lock_policy",
 		"deployment",
 		"description",
 		"edgeview_policy",
@@ -327,6 +425,8 @@ func GetTagPropertyFields() (t []string) {
 		"local_operator_console_policy",
 		"name",
 		"network_policy",
+		"tag_level_settings",
+		"tags",
 		"title",
 		"type",
 	}
diff --git a/v2/schemas/tag_level_settings.go b/v2/schemas/tag_level_settings.go
new file mode 100644
index 00000000..bd1861d2
--- /dev/null
+++ b/v2/schemas/tag_level_settings.go
@@ -0,0 +1,61 @@
+package schemas
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/zededa/terraform-provider-zedcloud/v2/models"
+)
+
+func TagLevelSettingsModel(d *schema.ResourceData) *models.TagLevelSettings {
+	var flowLogTransmission *models.NetworkInstanceFlowLogTransmission // NetworkInstanceFlowLogTransmission
+	flowLogTransmissionInterface, flowLogTransmissionIsSet := d.GetOk("flow_log_transmission")
+	if flowLogTransmissionIsSet {
+		flowLogTransmissionModel := flowLogTransmissionInterface.(string)
+		flowLogTransmission = models.NewNetworkInstanceFlowLogTransmission(models.NetworkInstanceFlowLogTransmission(flowLogTransmissionModel))
+	}
+	return &models.TagLevelSettings{
+		FlowLogTransmission: flowLogTransmission,
+	}
+}
+
+func TagLevelSettingsModelFromMap(m map[string]interface{}) *models.TagLevelSettings {
+	var flowLogTransmission *models.NetworkInstanceFlowLogTransmission // NetworkInstanceFlowLogTransmission
+	flowLogTransmissionInterface, flowLogTransmissionIsSet := m["flow_log_transmission"]
+	if flowLogTransmissionIsSet {
+		flowLogTransmissionModel := flowLogTransmissionInterface.(string)
+		flowLogTransmission = models.NewNetworkInstanceFlowLogTransmission(models.NetworkInstanceFlowLogTransmission(flowLogTransmissionModel))
+	}
+	return &models.TagLevelSettings{
+		FlowLogTransmission: flowLogTransmission,
+	}
+}
+
+func SetTagLevelSettingsResourceData(d *schema.ResourceData, m *models.TagLevelSettings) {
+	d.Set("flow_log_transmission", m.FlowLogTransmission)
+}
+
+func SetTagLevelSettingsSubResourceData(m []*models.TagLevelSettings) (d []*map[string]interface{}) {
+	for _, TagLevelSettingsModel := range m {
+		if TagLevelSettingsModel != nil {
+			properties := make(map[string]interface{})
+			properties["flow_log_transmission"] = TagLevelSettingsModel.FlowLogTransmission
+			d = append(d, &properties)
+		}
+	}
+	return
+}
+
+func TagLevelSettingsSchema() map[string]*schema.Schema {
+	return map[string]*schema.Schema{
+		"flow_log_transmission": {
+			Description: `Flow log transmission setting for the network instances`,
+			Type:        schema.TypeString,
+			Optional:    true,
+		},
+	}
+}
+
+func GetTagLevelSettingsPropertyFields() (t []string) {
+	return []string{
+		"flow_log_transmission",
+	}
+}