diff --git a/infra/main.tf b/infra/main.tf
index 9e18803..b5bbd09 100644
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -127,15 +127,15 @@ module "openai" {
 }
 
 module "cog" {
-  source                  = "./modules/cog"
-  location                = azurerm_resource_group.rg.location
-  resource_group_name     = azurerm_resource_group.rg.name
-  resource_group_id       = azurerm_resource_group.rg.id
-  principal_id            = module.mi.principal_id
-  bing_name               = local.bing_name
-  cognitive_services_name = local.cognitive_services_name
-  content_safety_name     = local.content_safety_name
-  speech_name             = local.speech_name
+  source                             = "./modules/cog"
+  location                           = azurerm_resource_group.rg.location
+  resource_group_name                = azurerm_resource_group.rg.name
+  resource_group_id                  = azurerm_resource_group.rg.id
+  bing_name                          = local.bing_name
+  cognitive_services_name            = local.cognitive_services_name
+  content_safety_name                = local.content_safety_name
+  speech_name                        = local.speech_name
+  content_safety_storage_resource_id = module.st.storage_account_id
 }
 
 module "cae" {
diff --git a/infra/modules/ca-aihub/main.tf b/infra/modules/ca-aihub/main.tf
index ddde418..53e4df5 100644
--- a/infra/modules/ca-aihub/main.tf
+++ b/infra/modules/ca-aihub/main.tf
@@ -98,6 +98,10 @@ resource "azapi_resource" "ca_back" {
                 name  = "BrandAnalyzer__OpenAISubscriptionKey",
                 value = ""
               },
+              {
+                name  = "BrandAnalyzer__DeploymentName",
+                value = "DemoBuild"
+              },
               {
                 name  = "CallCenter__OpenAIEndpoint",
                 value = "${var.openai_endpoint}"
@@ -106,6 +110,10 @@ resource "azapi_resource" "ca_back" {
                 name  = "CallCenter__OpenAISubscriptionKey",
                 value = ""
               },
+              {
+                name  = "CallCenter__DeploymentName",
+                value = "DemoBuild"
+              },
               {
                 name  = "ImageAnalyzer__VisionEndpoint",
                 value = "${var.cognitive_service_endpoint}computervision/imageanalysis:analyze?api-version=2023-02-01-preview&features=denseCaptions&language=en&gender-neutral-caption=False"
@@ -130,6 +138,10 @@ resource "azapi_resource" "ca_back" {
                 name  = "ImageAnalyzer__ContainerName",
                 value = "image-analyzer"
               },
+              {
+                name  = "ImageAnalyzer__DeploymentName",
+                value = "DemoBuild"
+              },
               {
                 name  = "FormAnalyzer__FormRecogEndpoint",
                 value = "${var.cognitive_service_endpoint}formrecognizer/documentModels/prebuilt-layout:analyze?api-version=2023-07-31"
@@ -150,6 +162,10 @@ resource "azapi_resource" "ca_back" {
                 name  = "FormAnalyzer__ContainerName",
                 value = "form-analyzer"
               },
+              {
+                name  = "FormAnalyzer__DeploymentName",
+                value = "DemoBuild"
+              },
               {
                 name      = "Storage__ConnectionString",
                 secretRef = "storage-connection-string"
diff --git a/infra/modules/cog/main.tf b/infra/modules/cog/main.tf
index 14b283d..7e72f11 100644
--- a/infra/modules/cog/main.tf
+++ b/infra/modules/cog/main.tf
@@ -6,6 +6,9 @@ resource "azurerm_cognitive_account" "content_safety" {
   resource_group_name           = var.resource_group_name
   public_network_access_enabled = true
   custom_subdomain_name         = var.content_safety_name
+  identity {
+    type = "SystemAssigned"
+  }
 }
 
 resource "azurerm_cognitive_account" "cognitive" {
@@ -47,10 +50,8 @@ resource "azapi_resource" "bing" {
   response_export_values = ["properties.endpoint"]
 }
 
-
-
-# resource "azurerm_role_assignment" "openai_user" {
-#   scope                = azurerm_cognitive_account.openai.id
-#   role_definition_name = "Cognitive Services OpenAI User"
-#   principal_id         = var.principal_id
-# }
+resource "azurerm_role_assignment" "reader" {
+  scope                = var.content_safety_storage_resource_id
+  role_definition_name = "Storage Blob Data Reader"
+  principal_id         = azurerm_cognitive_account.content_safety.identity[0].principal_id
+}
diff --git a/infra/modules/cog/variables.tf b/infra/modules/cog/variables.tf
index 4f81339..0acd9d6 100644
--- a/infra/modules/cog/variables.tf
+++ b/infra/modules/cog/variables.tf
@@ -1,8 +1,8 @@
 variable "resource_group_name" {}
 variable "resource_group_id" {}
 variable "location" {}
-variable "principal_id" {}
 variable "content_safety_name" {}
 variable "cognitive_services_name" {}
 variable "speech_name" {}
 variable "bing_name" {}
+variable "content_safety_storage_resource_id" {}
diff --git a/infra/modules/st/outputs.tf b/infra/modules/st/outputs.tf
index a229fdc..c56be2c 100644
--- a/infra/modules/st/outputs.tf
+++ b/infra/modules/st/outputs.tf
@@ -13,3 +13,7 @@ output "connection_string" {
 output "key" {
   value = azurerm_storage_account.sa.primary_access_key
 }
+
+output "storage_account_id" {
+  value = azurerm_storage_account.sa.id
+}
diff --git a/infra/variables.tf b/infra/variables.tf
index 804998e..c249b02 100644
--- a/infra/variables.tf
+++ b/infra/variables.tf
@@ -99,11 +99,11 @@ variable "use_random_suffix" {
 }
 
 variable "enable_entra_id_authentication" {
-  default = false
+  default = true
 }
 
 variable "enable_apim" {
-  default = false
+  default = true
 }
 
 variable "bing_key" {