diff --git a/.gitignore b/.gitignore
index b0eabb61a6ee..507e19286e63 100644
--- a/.gitignore
+++ b/.gitignore
@@ -127,6 +127,7 @@ tools/*.dll
 *.pfx
 TestConfigurations.xml
 *.json.env
+*.bicep.env
 
 # Backup & report files from converting an old project file to a newer
 # Visual Studio version. Backup files are not needed, because we have git ;-)
diff --git a/sdk/core/Azure.Core.TestFramework/src/TestEnvironment.cs b/sdk/core/Azure.Core.TestFramework/src/TestEnvironment.cs
index e263904613fa..10bcdb0d2e96 100644
--- a/sdk/core/Azure.Core.TestFramework/src/TestEnvironment.cs
+++ b/sdk/core/Azure.Core.TestFramework/src/TestEnvironment.cs
@@ -60,16 +60,26 @@ protected TestEnvironment()
 
             _prefix = serviceName.ToUpperInvariant() + "_";
 
-            var testEnvironmentFile = Path.Combine(serviceSdkDirectory, "test-resources.json.env");
-            if (File.Exists(testEnvironmentFile))
+            var testEnvironmentFiles = new[]
             {
-                var json = JsonDocument.Parse(
-                    ProtectedData.Unprotect(File.ReadAllBytes(testEnvironmentFile), null, DataProtectionScope.CurrentUser)
-                );
+                Path.Combine(serviceSdkDirectory, "test-resources.bicep.env"),
+                Path.Combine(serviceSdkDirectory, "test-resources.json.env")
+            };
 
-                foreach (var property in json.RootElement.EnumerateObject())
+            foreach (var testEnvironmentFile in testEnvironmentFiles)
+            {
+                if (File.Exists(testEnvironmentFile))
                 {
-                    _environmentFile[property.Name] = property.Value.GetString();
+                    var json = JsonDocument.Parse(
+                        ProtectedData.Unprotect(File.ReadAllBytes(testEnvironmentFile), null, DataProtectionScope.CurrentUser)
+                    );
+
+                    foreach (var property in json.RootElement.EnumerateObject())
+                    {
+                        _environmentFile[property.Name] = property.Value.GetString();
+                    }
+
+                    break;
                 }
             }
         }
diff --git a/sdk/extensions/Azure.Extensions.AspNetCore.DataProtection.Blobs/tests/DataProtectionTestEnvironment.cs b/sdk/extensions/Azure.Extensions.AspNetCore.DataProtection.Blobs/tests/DataProtectionTestEnvironment.cs
index d76abd2bee76..9122264aa0b8 100644
--- a/sdk/extensions/Azure.Extensions.AspNetCore.DataProtection.Blobs/tests/DataProtectionTestEnvironment.cs
+++ b/sdk/extensions/Azure.Extensions.AspNetCore.DataProtection.Blobs/tests/DataProtectionTestEnvironment.cs
@@ -2,12 +2,36 @@
 // Licensed under the MIT License.
 
 using System;
+using System.IO;
+using System.Threading.Tasks;
 using Azure.Core.TestFramework;
+using Azure.Storage.Blobs;
 
 namespace Azure.Extensions.AspNetCore.DataProtection.Blobs.Tests
 {
     public class DataProtectionTestEnvironment: TestEnvironment
     {
         public Uri BlobStorageEndpoint => new(GetVariable("BLOB_STORAGE_ENDPOINT"));
+
+        protected override async ValueTask<bool> IsEnvironmentReadyAsync()
+        {
+            try
+            {
+                var client = new BlobServiceClient(BlobStorageEndpoint, Credential);
+                var container = client.GetBlobContainerClient("test");
+                await container.CreateIfNotExistsAsync();
+
+                var blob = container.GetBlobClient("test-blob");
+                await blob.UploadAsync(new MemoryStream());
+                await blob.DeleteAsync();
+                await container.DeleteAsync();
+
+                return await base.IsEnvironmentReadyAsync();
+            }
+            catch (RequestFailedException e) when (e is { Status: 403})
+            {
+                return false;
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/sdk/extensions/test-resources.bicep b/sdk/extensions/test-resources.bicep
index 71999a8efd11..e71a47a3e07f 100644
--- a/sdk/extensions/test-resources.bicep
+++ b/sdk/extensions/test-resources.bicep
@@ -16,7 +16,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = {
   properties: {
     sku: {
       family: 'A'
-      name: 'premium'
+      name: 'standard'
     }
     tenantId: tenantId
     accessPolicies: [
@@ -93,5 +93,15 @@ resource blobAcount 'Microsoft.Storage/storageAccounts@2019-04-01' = {
   }
 }
 
+var blobDataContributorRole = 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
+resource blobContributorAssignment 'Microsoft.Authorization/roleAssignments@2018-09-01-preview' = {
+  name:  guid(resourceGroup().id, testApplicationOid, blobDataContributorRole)
+  scope: resourceGroup()
+  properties: {
+    principalId: testApplicationOid
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', blobDataContributorRole)
+  }
+}
+
 output AZURE_KEYVAULT_URL string = keyVault.properties.vaultUri
 output BLOB_STORAGE_ENDPOINT string = blobAcount.properties.primaryEndpoints.blob