diff --git a/samples/templates/default-azuredeploy-docker.json b/samples/templates/default-azuredeploy-docker.json
index 12e793e817..ebdf7455c7 100644
--- a/samples/templates/default-azuredeploy-docker.json
+++ b/samples/templates/default-azuredeploy-docker.json
@@ -863,6 +863,51 @@
                 },
                 "accessMode": "Learning"
             }
+        },
+        {
+            "type": "Microsoft.Network/networkSecurityPerimeters/resourceAssociations",
+            "apiVersion": "2023-07-01-preview",
+            "name": "[concat(variables('networkSecurityPerimeterName'), '/cosmosdb-', uniqueString(variables('serviceName')))]",
+            "condition": "[equals(parameters('solutionType'),'FhirServerCosmosDB')]",
+            "dependsOn": [
+                "[resourceId('Microsoft.Network/networkSecurityPerimeters', variables('networkSecurityPerimeterName'))]",
+                "[resourceId('Microsoft.Network/networkSecurityPerimeters/profiles', variables('networkSecurityPerimeterName'), parameters('networkSecurityPerimeterProfileName'))]",
+                "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('serviceName'))]"
+            ],
+            "properties": {
+                "accessMode": "Learning",
+                "privateLinkResource": {
+                    "id": "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('serviceName'))]"
+                },
+                "profile": {
+                    "id": "[resourceId('Microsoft.Network/networkSecurityPerimeters/profiles', variables('networkSecurityPerimeterName'), parameters('networkSecurityPerimeterProfileName'))]"
+                }
+            }
+        },
+        {
+            "type": "Microsoft.Network/networkSecurityPerimeters/loggingConfigurations",
+            "apiVersion": "2023-08-01-preview",
+            "name": "[concat(variables('networkSecurityPerimeterName'), '/instance')]",
+            "dependsOn": [
+                "[resourceId('Microsoft.Network/networkSecurityPerimeters', variables('networkSecurityPerimeterName'))]"
+            ],
+            "properties": {
+                "enabledLogCategories": [
+                    "NspPublicInboundPerimeterRulesAllowed",
+                    "NspPublicInboundPerimeterRulesDenied",
+                    "NspPublicOutboundPerimeterRulesAllowed",
+                    "NspPublicOutboundPerimeterRulesDenied",
+                    "NspOutboundAttempt",
+                    "NspIntraPerimeterInboundAllowed",
+                    "NspPublicInboundResourceRulesAllowed",
+                    "NspPublicInboundResourceRulesDenied",
+                    "NspPublicOutboundResourceRulesAllowed",
+                    "NspPublicOutboundResourceRulesDenied",
+                    "NspCrossPerimeterInboundAllowed",
+                    "NspCrossPerimeterOutboundAllowed",
+                    "NspPrivateInboundAllowed"
+                ]
+            }
         }
     ]
 }