diff --git a/caf_solution/add-ons/aad-pod-identity/main.tf b/caf_solution/add-ons/aad-pod-identity/main.tf
index b7012417d..71118c6e6 100644
--- a/caf_solution/add-ons/aad-pod-identity/main.tf
+++ b/caf_solution/add-ons/aad-pod-identity/main.tf
@@ -10,7 +10,7 @@ terraform {
     }
     kustomization = {
       source  = "kbst/kustomization"
-      version = "~> 0.4.0"
+      version = "~> 0.5.0"
     }
   }
   required_version = ">= 0.13"
diff --git a/caf_solution/add-ons/aad-pod-identity/providers.tf b/caf_solution/add-ons/aad-pod-identity/providers.tf
index bc0831228..06e22a736 100644
--- a/caf_solution/add-ons/aad-pod-identity/providers.tf
+++ b/caf_solution/add-ons/aad-pod-identity/providers.tf
@@ -13,6 +13,10 @@ provider "kubernetes" {
   cluster_ca_certificate = local.k8sconfigs[var.aks_cluster_key].cluster_ca_certificate
 }
 
+provider "kustomization" {
+  kubeconfig_raw = local.k8sconfigs[var.aks_cluster_key].kube_admin_config_raw
+}
+
 locals {
   k8sconfigs = {
     for key, value in var.aks_clusters : key => {
diff --git a/caf_solution/add-ons/databricks/variables.tf b/caf_solution/add-ons/databricks/variables.tf
index 6c3a9e993..54aa3cfd8 100644
--- a/caf_solution/add-ons/databricks/variables.tf
+++ b/caf_solution/add-ons/databricks/variables.tf
@@ -137,6 +137,9 @@ variable "application_gateways" {
 variable "application_gateway_applications" {
   default = {}
 }
+variable "application_gateway_waf_policies" {
+  default = {}
+}
 variable "dynamic_keyvault_secrets" {
   default = {}
 }
diff --git a/caf_solution/local.networking.tf b/caf_solution/local.networking.tf
index 299bc4b11..91ce10d67 100644
--- a/caf_solution/local.networking.tf
+++ b/caf_solution/local.networking.tf
@@ -3,11 +3,13 @@ locals {
     var.networking,
     {
       application_gateway_applications                        = var.application_gateway_applications
+      application_gateway_waf_policies                        = var.application_gateway_waf_policies
       application_gateways                                    = var.application_gateways
       application_security_groups                             = var.application_security_groups
       azurerm_firewall_application_rule_collection_definition = var.azurerm_firewall_application_rule_collection_definition
       azurerm_firewall_nat_rule_collection_definition         = var.azurerm_firewall_nat_rule_collection_definition
       azurerm_firewall_network_rule_collection_definition     = var.azurerm_firewall_network_rule_collection_definition
+      azurerm_firewall_policies                               = var.azurerm_firewall_policies
       azurerm_firewalls                                       = var.azurerm_firewalls
       azurerm_routes                                          = var.azurerm_routes
       ddos_services                                           = var.ddos_services
diff --git a/caf_solution/local.remote.tf b/caf_solution/local.remote.tf
index b369b0f5d..385085a1c 100644
--- a/caf_solution/local.remote.tf
+++ b/caf_solution/local.remote.tf
@@ -21,6 +21,9 @@ locals {
     application_gateway_applications = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].application_gateway_applications, {}))
     }
+    application_gateway_waf_policies = {
+      for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].application_gateway_waf_policies, {}))
+    }
     application_gateways = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].application_gateways, {}))
     }
@@ -123,6 +126,9 @@ locals {
     storage_accounts = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].storage_accounts, {}))
     }
+    subscriptions = {
+      for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].subscriptions, {}))
+    }
     synapse_workspaces = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].synapse_workspaces, {}))
     }
diff --git a/caf_solution/local.security.tf b/caf_solution/local.security.tf
index 3d5daf9e9..69f91cadc 100644
--- a/caf_solution/local.security.tf
+++ b/caf_solution/local.security.tf
@@ -8,6 +8,7 @@ locals {
       keyvault_certificate_requests = var.keyvault_certificate_requests
       keyvault_certificates         = var.keyvault_certificates
       keyvault_keys                 = var.keyvault_keys
+      lighthouse_definitions        = var.lighthouse_definitions
     }
   )
 }
diff --git a/caf_solution/variables.networking.tf b/caf_solution/variables.networking.tf
index a0519ce4a..929f67597 100644
--- a/caf_solution/variables.networking.tf
+++ b/caf_solution/variables.networking.tf
@@ -5,6 +5,9 @@ variable "application_gateways" {
 variable "application_gateway_applications" {
   default = {}
 }
+variable "application_gateway_waf_policies" {
+  default = {}
+}
 variable "application_security_groups" {
   default = {}
 }
@@ -20,6 +23,9 @@ variable "azurerm_firewall_nat_rule_collection_definition" {
 variable "azurerm_firewall_network_rule_collection_definition" {
   default = {}
 }
+variable "azurerm_firewall_policies" {
+  default = {}
+}
 variable "azurerm_routes" {
   default = {}
 }
diff --git a/caf_solution/variables.security.tf b/caf_solution/variables.security.tf
index 5caae44dd..a2afd3fdb 100644
--- a/caf_solution/variables.security.tf
+++ b/caf_solution/variables.security.tf
@@ -13,7 +13,10 @@ variable "keyvault_certificates" {
 variable "keyvault_keys" {
   default = {}
 }
+variable "lighthouse_definitions" {
+  default = {}
+}
 ## Security variables
 variable "security" {
   default = {}
-}
\ No newline at end of file
+}