diff --git a/infra/app/api.bicep b/infra/app/api.bicep
index 0b1e126..20cea0c 100644
--- a/infra/app/api.bicep
+++ b/infra/app/api.bicep
@@ -62,7 +62,7 @@ resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing
 }
 
 // Create a Flex Consumption Function App to host the API
-module api 'br/public:avm/res/web/site:0.15.1' = {
+module api 'br/public:avm/res/web/site:0.22.0' = {
   name: '${serviceName}-flex-consumption'
   params: {
     kind: kind
@@ -99,8 +99,13 @@ module api 'br/public:avm/res/web/site:0.15.1' = {
     siteConfig: {
       alwaysOn: false
     }
-    virtualNetworkSubnetId: !empty(virtualNetworkSubnetId) ? virtualNetworkSubnetId : null
-    appSettingsKeyValuePairs: allAppSettings
+    virtualNetworkSubnetResourceId: !empty(virtualNetworkSubnetId) ? virtualNetworkSubnetId : null
+    configs: [
+      {
+        name: 'appsettings'
+        properties: allAppSettings
+      }
+    ]
   }
 }
 
diff --git a/infra/app/storage-PrivateEndpoint.bicep b/infra/app/storage-PrivateEndpoint.bicep
index b592747..d7bc0eb 100644
--- a/infra/app/storage-PrivateEndpoint.bicep
+++ b/infra/app/storage-PrivateEndpoint.bicep
@@ -22,7 +22,7 @@ var queuePrivateDNSZoneName = 'privatelink.queue.${environment().suffixes.storag
 var tablePrivateDNSZoneName = 'privatelink.table.${environment().suffixes.storage}'
 
 // AVM module for Blob Private Endpoint with private DNS zone
-module blobPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.11.0' = if (enableBlob) {
+module blobPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.11.1' = if (enableBlob) {
   name: 'blob-private-endpoint-deployment'
   params: {
     name: 'blob-private-endpoint'
@@ -55,7 +55,7 @@ module blobPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.11.0' =
 }
 
 // AVM module for Queue Private Endpoint with private DNS zone
-module queuePrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.11.0' = if (enableQueue) {
+module queuePrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.11.1' = if (enableQueue) {
   name: 'queue-private-endpoint-deployment'
   params: {
     name: 'queue-private-endpoint'
@@ -88,7 +88,7 @@ module queuePrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.11.0'
 }
 
 // AVM module for Table Private Endpoint with private DNS zone
-module tablePrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.11.0' = if (enableTable) {
+module tablePrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.11.1' = if (enableTable) {
   name: 'table-private-endpoint-deployment'
   params: {
     name: 'table-private-endpoint'
@@ -121,7 +121,7 @@ module tablePrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.11.0'
 }
 
 // AVM module for Blob Private DNS Zone
-module privateDnsZoneBlobDeployment 'br/public:avm/res/network/private-dns-zone:0.7.1' = if (enableBlob) {
+module privateDnsZoneBlobDeployment 'br/public:avm/res/network/private-dns-zone:0.8.0' = if (enableBlob) {
   name: 'blob-private-dns-zone-deployment'
   params: {
     name: blobPrivateDNSZoneName
@@ -140,7 +140,7 @@ module privateDnsZoneBlobDeployment 'br/public:avm/res/network/private-dns-zone:
 }
 
 // AVM module for Queue Private DNS Zone
-module privateDnsZoneQueueDeployment 'br/public:avm/res/network/private-dns-zone:0.7.1' = if (enableQueue) {
+module privateDnsZoneQueueDeployment 'br/public:avm/res/network/private-dns-zone:0.8.0' = if (enableQueue) {
   name: 'queue-private-dns-zone-deployment'
   params: {
     name: queuePrivateDNSZoneName
@@ -159,7 +159,7 @@ module privateDnsZoneQueueDeployment 'br/public:avm/res/network/private-dns-zone
 }
 
 // AVM module for Table Private DNS Zone
-module privateDnsZoneTableDeployment 'br/public:avm/res/network/private-dns-zone:0.7.1' = if (enableTable) {
+module privateDnsZoneTableDeployment 'br/public:avm/res/network/private-dns-zone:0.8.0' = if (enableTable) {
   name: 'table-private-dns-zone-deployment'
   params: {
     name: tablePrivateDNSZoneName
diff --git a/infra/app/vnet.bicep b/infra/app/vnet.bicep
index 6b75848..b900ff6 100644
--- a/infra/app/vnet.bicep
+++ b/infra/app/vnet.bicep
@@ -13,7 +13,7 @@ param appSubnetName string = 'app'
 param tags object = {}
 
 // Migrated to use AVM module instead of direct resource declaration
-module virtualNetwork 'br/public:avm/res/network/virtual-network:0.6.1' = {
+module virtualNetwork 'br/public:avm/res/network/virtual-network:0.7.2' = {
   name: 'vnet-deployment'
   params: {
     // Required parameters
@@ -36,7 +36,7 @@ module virtualNetwork 'br/public:avm/res/network/virtual-network:0.6.1' = {
         addressPrefix: '10.0.2.0/24'
         privateEndpointNetworkPolicies: 'Disabled'
         privateLinkServiceNetworkPolicies: 'Enabled'
-        delegation: 'Microsoft.App/environments'
+        delegation: 'Microsoft.Web/serverFarms'
       }
     ]
   }
diff --git a/infra/main.bicep b/infra/main.bicep
index e512b18..1156f8d 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -74,7 +74,7 @@ resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
 
 // User assigned managed identity to be used by the function app to reach storage and other dependencies
 // Assign specific roles to this identity in the RBAC module
-module apiUserAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.1' = {
+module apiUserAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.5.0' = {
   name: 'apiUserAssignedIdentity'
   scope: rg
   params: {
@@ -85,7 +85,7 @@ module apiUserAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned
 }
 
 // Create an App Service Plan to group applications under the same payment plan and SKU
-module appServicePlan 'br/public:avm/res/web/serverfarm:0.1.1' = {
+module appServicePlan 'br/public:avm/res/web/serverfarm:0.7.0' = {
   name: 'appserviceplan'
   scope: rg
   params: {
@@ -125,18 +125,18 @@ module api './app/api.bicep' = {
 }
 
 // Backing storage for Azure functions backend API
-module storage 'br/public:avm/res/storage/storage-account:0.8.3' = {
+module storage 'br/public:avm/res/storage/storage-account:0.31.1' = {
   name: 'storage'
   scope: rg
   params: {
     name: !empty(storageAccountName) ? storageAccountName : '${abbrs.storageStorageAccounts}${resourceToken}'
     allowBlobPublicAccess: false
-    allowSharedKeyAccess: false // Disable local authentication methods as per policy
+    allowSharedKeyAccess: true // Enable for Function Apps deployment and runtime operations
     dnsEndpointType: 'Standard'
     publicNetworkAccess: vnetEnabled ? 'Disabled' : 'Enabled'
     networkAcls: vnetEnabled ? {
       defaultAction: 'Deny'
-      bypass: 'None'
+      bypass: 'AzureServices'
     } : {
       defaultAction: 'Allow'
       bypass: 'AzureServices'
@@ -202,7 +202,7 @@ module storagePrivateEndpoint 'app/storage-PrivateEndpoint.bicep' = if (vnetEnab
 }
 
 // Monitor application with Azure Monitor - Log Analytics and Application Insights
-module logAnalytics 'br/public:avm/res/operational-insights/workspace:0.11.1' = {
+module logAnalytics 'br/public:avm/res/operational-insights/workspace:0.15.0' = {
   name: '${uniqueString(deployment().name, location)}-loganalytics'
   scope: rg
   params: {
@@ -213,7 +213,7 @@ module logAnalytics 'br/public:avm/res/operational-insights/workspace:0.11.1' =
   }
 }
  
-module monitoring 'br/public:avm/res/insights/component:0.6.0' = {
+module monitoring 'br/public:avm/res/insights/component:0.7.1' = {
   name: '${uniqueString(deployment().name, location)}-appinsights'
   scope: rg
   params: {