diff --git a/.github/linters/.arm-ttk.psd1 b/.github/linters/.arm-ttk.psd1
index 81cbfaa..6646dba 100644
--- a/.github/linters/.arm-ttk.psd1
+++ b/.github/linters/.arm-ttk.psd1
@@ -11,5 +11,8 @@
         'IDs Should Be Derived From ResourceIDs'
         'Parameters Must Be Referenced'
         'Variables Must Be Referenced'
+        'apiVersions Should Be Recent In Reference Functions'
+        'URIs Should Be Properly Constructed'
+        'apiVersions Should Be Recent'
     )
 }
diff --git a/infra/main.json b/infra/main.json
index 597c752..a850d54 100644
--- a/infra/main.json
+++ b/infra/main.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.4.1124.51302",
-      "templateHash": "2607815037718360205"
+      "templateHash": "13815148279457621508"
     }
   },
   "parameters": {
@@ -255,7 +255,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.4.1124.51302",
-              "templateHash": "12660131753967436973"
+              "templateHash": "13895317050613293148"
             }
           },
           "parameters": {
@@ -282,7 +282,7 @@
           "resources": [
             {
               "type": "Microsoft.KeyVault/vaults",
-              "apiVersion": "2021-04-01-preview",
+              "apiVersion": "2021-06-01-preview",
               "name": "[parameters('keyvaultName')]",
               "location": "[parameters('location')]",
               "tags": "[parameters('tags')]",
@@ -295,6 +295,7 @@
                 "enablePurgeProtection": true,
                 "enableRbacAuthorization": true,
                 "enableSoftDelete": true,
+                "publicNetworkAccess": "Disabled",
                 "networkAcls": {
                   "bypass": "AzureServices",
                   "defaultAction": "Deny",
diff --git a/infra/modules/services/keyvault.bicep b/infra/modules/services/keyvault.bicep
index daeaa10..aa90ab4 100644
--- a/infra/modules/services/keyvault.bicep
+++ b/infra/modules/services/keyvault.bicep
@@ -15,7 +15,7 @@ param privateDnsZoneIdKeyVault string = ''
 var keyVaultPrivateEndpointName = '${keyVault.name}-private-endpoint'
 
 // Resources
-resource keyVault 'Microsoft.KeyVault/vaults@2021-04-01-preview' = {
+resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' = {
   name: keyvaultName
   location: location
   tags: tags
@@ -28,6 +28,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2021-04-01-preview' = {
     enablePurgeProtection: true
     enableRbacAuthorization: true
     enableSoftDelete: true
+    publicNetworkAccess: 'Disabled'
     networkAcls: {
       bypass: 'AzureServices'
       defaultAction: 'Deny'