diff --git a/customer-managed/azure/terraform/.terraform.lock.hcl b/customer-managed/azure/terraform/.terraform.lock.hcl
index 5155643..05b315b 100644
--- a/customer-managed/azure/terraform/.terraform.lock.hcl
+++ b/customer-managed/azure/terraform/.terraform.lock.hcl
@@ -2,21 +2,21 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.terraform.io/hashicorp/azurerm" {
-  version     = "3.98.0"
-  constraints = "3.98.0"
+  version     = "4.47.0"
+  constraints = "4.47.0"
   hashes = [
-    "h1:NgUpYK0Ym3DUtSORtakyJQsUEUtqBXIqe5bWs65oCvY=",
-    "zh:012c79f671cff194d769ee53d50c56e7d353d4b78de8fceec9915bcf5955878b",
-    "zh:022d07683f84f8534fa40567860f76da6d15713d678cbc979c1d8cd502bb3246",
-    "zh:12cefd7df62c23c434d853e1824d421b4f18ff683540861376cf37138d70795b",
-    "zh:42626315686f504c59bec02745d7beff2bdfa732c3ecfaca7794f6641fbebfdc",
-    "zh:44708deec3fe13ea7cdd899ee766971fd024c06e2d8e189c30b59bd56ef3a5d3",
-    "zh:54a54fb4c8fc6537aae658503182e03af545e9151afe68da0f254d9b31037c63",
-    "zh:8265688742f6b532f06a3cd0bb14a891eb2277a834cf126f4b483b6de0a8d8fa",
-    "zh:97294d6e502e4e07e0cd8d2669a05d7e5d1f42da542ced299b5d4a3849e8736e",
-    "zh:bf4b48606c53db399f53b3880d94f70fc1701c72fde269472d8231f6dda5cf49",
-    "zh:c5a957d61e4c705e2c94d53c6fff579d5262137b2192562d0dfbbda374891717",
-    "zh:e2a8232f20f74602632b24d50c5c9d21741b0345560e4133bfb38e257d20fb77",
-    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+    "h1:vYuNFnIf83/oCbyNqnxCjkWZNjVvxkDaoXyHiEb4PGU=",
+    "zh:07ade226563e3f1ba32d494847ab9f533b3dae8374fba7ef74cf327687e06d49",
+    "zh:0c3a44c2e7ae7c1c747ce7f72a4a1a1791a289d0e58a050b3aef340b5a691a37",
+    "zh:1fb4a2484af5a712a3385ea0adddb43b34099b4b7b4c4c9a9657e21fb2d30096",
+    "zh:6a10f37c806b8c54830246b129e7f22e152556a645c2933d25cf65ad288a6bb6",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:7db1967af8a60a41d956ea4e8eb3bb8c766a5efa10f7312c3b67159ecc546077",
+    "zh:aa2fd886b176bb940357c38b4a3612ae1d7e169da534ba132ea8cf96bf7eb298",
+    "zh:be710e8d8c73f8a4ee8d03465a23d9775540d99a2a20726399218d7ec17ce9d1",
+    "zh:d01f1df60f209801f490dd7882f10eaed9f1b9c07f288b9c98bf145898cae106",
+    "zh:d5fced275588ad7ff9c2a3760424ee92073cd96ea76a184251124b79a54f2e8c",
+    "zh:e7d2fead9efd643e9322e0a40c6088595aed0f42b561437f2d3e1495248b0d90",
+    "zh:edfb9610552691d6a36691dd6e27b0a0829d72d08eb41bc031a19d4dcf57a6e9",
   ]
 }
diff --git a/customer-managed/azure/terraform/network.tf b/customer-managed/azure/terraform/network.tf
index 59c95e0..9cbbd65 100644
--- a/customer-managed/azure/terraform/network.tf
+++ b/customer-managed/azure/terraform/network.tf
@@ -28,6 +28,8 @@ resource "azurerm_subnet" "private" {
   virtual_network_name = local.vnet_name
   address_prefixes     = [each.value.cidr]
 
+  private_endpoint_network_policies = "Enabled"
+
   # Use Azure's internal network to reach out to the following Azure services
   service_endpoints = [
     "Microsoft.Storage.Global",
@@ -51,6 +53,8 @@ resource "azurerm_subnet" "public" {
   virtual_network_name = local.vnet_name
   address_prefixes     = [each.value.cidr]
 
+  private_endpoint_network_policies = "Enabled"
+
   # Use Azure's internal network to reach out to the following Azure services
   service_endpoints = [
     "Microsoft.Storage.Global",
diff --git a/customer-managed/azure/terraform/providers.tf b/customer-managed/azure/terraform/providers.tf
index 4aa0c98..3c7042c 100644
--- a/customer-managed/azure/terraform/providers.tf
+++ b/customer-managed/azure/terraform/providers.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=3.98.0"
+      version = "=4.47.0"
     }
   }
 }
diff --git a/customer-managed/azure/terraform/storage.tf b/customer-managed/azure/terraform/storage.tf
index 9bf8248..f9f7dd9 100644
--- a/customer-managed/azure/terraform/storage.tf
+++ b/customer-managed/azure/terraform/storage.tf
@@ -13,7 +13,7 @@ resource "azurerm_storage_account" "management" {
   access_tier              = "Hot"
 
   public_network_access_enabled   = true
-  allow_nested_items_to_be_public = true
+  allow_nested_items_to_be_public = false
 
   cross_tenant_replication_enabled = false
   shared_access_key_enabled        = false
@@ -38,8 +38,8 @@ resource "azurerm_storage_account" "management" {
 resource "azurerm_storage_container" "management" {
   ###### TODO change var. to local.
   name                  = "${local.resource_name_prefix}${var.redpanda_management_storage_container_name}"
-  storage_account_name  = azurerm_storage_account.management.name
-  container_access_type = "blob"
+  storage_account_id    = azurerm_storage_account.management.id
+  container_access_type = "private"
   depends_on = [
     azurerm_storage_account.management
   ]
@@ -62,7 +62,7 @@ resource "azurerm_storage_account" "tiered_storage" {
   cross_tenant_replication_enabled  = false
   shared_access_key_enabled         = false
   infrastructure_encryption_enabled = true
-  enable_https_traffic_only         = true
+  https_traffic_only_enabled        = true
   default_to_oauth_authentication   = true
 
   blob_properties {
@@ -75,7 +75,6 @@ resource "azurerm_storage_account" "tiered_storage" {
 }
 
 resource "azurerm_storage_container" "tiered_storage" {
-  name                  = "${local.resource_name_prefix}${var.redpanda_tiered_storage_container_name}"
-  storage_account_name  = azurerm_storage_account.tiered_storage.name
-  container_access_type = "private"
+  name               = "${local.resource_name_prefix}${var.redpanda_tiered_storage_container_name}"
+  storage_account_id = azurerm_storage_account.tiered_storage.id
 }