diff --git a/src/_nebari/constants.py b/src/_nebari/constants.py
index 725a1d91b4..f30da0f870 100644
--- a/src/_nebari/constants.py
+++ b/src/_nebari/constants.py
@@ -16,7 +16,7 @@
 DEFAULT_NEBARI_IMAGE_TAG = CURRENT_RELEASE
 DEFAULT_NEBARI_WORKFLOW_CONTROLLER_IMAGE_TAG = CURRENT_RELEASE
 
-DEFAULT_CONDA_STORE_IMAGE_TAG = "2024.3.1"
+DEFAULT_CONDA_STORE_IMAGE_TAG = "2024.11.2"
 
 LATEST_SUPPORTED_PYTHON_VERSION = "3.10"
 
diff --git a/src/_nebari/stages/infrastructure/__init__.py b/src/_nebari/stages/infrastructure/__init__.py
index 067161f6a4..553e520e3a 100644
--- a/src/_nebari/stages/infrastructure/__init__.py
+++ b/src/_nebari/stages/infrastructure/__init__.py
@@ -95,6 +95,7 @@ class AzureInputVars(schema.Base):
     name: str
     environment: str
     region: str
+    authorized_ip_ranges: List[str] = ["0.0.0.0/0"]
     kubeconfig_filename: str = get_kubeconfig_filename()
     kubernetes_version: str
     node_groups: Dict[str, AzureNodeGroupInputVars]
@@ -105,7 +106,7 @@ class AzureInputVars(schema.Base):
     tags: Dict[str, str] = {}
     max_pods: Optional[int] = None
     network_profile: Optional[Dict[str, str]] = None
-    azure_policy_enabled: bool = None
+    azure_policy_enabled: Optional[bool] = None
     workload_identity_enabled: bool = False
 
 
@@ -362,6 +363,7 @@ class AzureProvider(schema.Base):
     region: str
     kubernetes_version: Optional[str] = None
     storage_account_postfix: str
+    authorized_ip_ranges: Optional[List[str]] = ["0.0.0.0/0"]
     resource_group_name: Optional[str] = None
     node_groups: Dict[str, AzureNodeGroup] = DEFAULT_AZURE_NODE_GROUPS
     storage_account_postfix: str
@@ -372,6 +374,7 @@ class AzureProvider(schema.Base):
     network_profile: Optional[Dict[str, str]] = None
     max_pods: Optional[int] = None
     workload_identity_enabled: bool = False
+    azure_policy_enabled: Optional[bool] = None
 
     @model_validator(mode="before")
     @classmethod
@@ -799,6 +802,7 @@ def input_vars(self, stage_outputs: Dict[str, Dict[str, Any]]):
                 environment=self.config.namespace,
                 region=self.config.azure.region,
                 kubernetes_version=self.config.azure.kubernetes_version,
+                authorized_ip_ranges=self.config.azure.authorized_ip_ranges,
                 node_groups={
                     name: AzureNodeGroupInputVars(
                         instance=node_group.instance,
diff --git a/src/_nebari/stages/infrastructure/template/azure/main.tf b/src/_nebari/stages/infrastructure/template/azure/main.tf
index 594a6a4aa2..960b755f8c 100644
--- a/src/_nebari/stages/infrastructure/template/azure/main.tf
+++ b/src/_nebari/stages/infrastructure/template/azure/main.tf
@@ -28,6 +28,7 @@ module "kubernetes" {
   kubernetes_version       = var.kubernetes_version
   tags                     = var.tags
   max_pods                 = var.max_pods
+  authorized_ip_ranges     = var.authorized_ip_ranges
 
   network_profile = var.network_profile
 
diff --git a/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/main.tf b/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/main.tf
index 66b46e13eb..f97f1f6383 100644
--- a/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/main.tf
+++ b/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/main.tf
@@ -4,6 +4,9 @@ resource "azurerm_kubernetes_cluster" "main" {
   location            = var.location
   resource_group_name = var.resource_group_name
   tags                = var.tags
+  api_server_access_profile {
+    authorized_ip_ranges = var.authorized_ip_ranges
+  }
 
   # To enable Azure AD Workload Identity oidc_issuer_enabled must be set to true.
   oidc_issuer_enabled       = var.workload_identity_enabled
diff --git a/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/variables.tf b/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/variables.tf
index 355b284ba0..95d2045420 100644
--- a/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/variables.tf
+++ b/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/variables.tf
@@ -77,6 +77,12 @@ variable "workload_identity_enabled" {
   default     = false
 }
 
+variable "authorized_ip_ranges" {
+  description = "The ip range allowed to access the Kubernetes API server, defaults to 0.0.0.0/0"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}
+
 variable "azure_policy_enabled" {
   description = "Enable Azure Policy"
   type        = bool
diff --git a/src/_nebari/stages/infrastructure/template/azure/variables.tf b/src/_nebari/stages/infrastructure/template/azure/variables.tf
index 657435c7da..44ef90463f 100644
--- a/src/_nebari/stages/infrastructure/template/azure/variables.tf
+++ b/src/_nebari/stages/infrastructure/template/azure/variables.tf
@@ -83,7 +83,14 @@ variable "workload_identity_enabled" {
   default     = false
 }
 
+variable "authorized_ip_ranges" {
+  description = "The ip range allowed to access the Kubernetes API server, defaults to 0.0.0.0/0"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}
+
 variable "azure_policy_enabled" {
   description = "Enable Azure Policy"
   type        = bool
+  default     = false
 }
diff --git a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/conda-store/config/conda_store_config.py b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/conda-store/config/conda_store_config.py
index ad9b79843a..f14c352973 100644
--- a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/conda-store/config/conda_store_config.py
+++ b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/conda-store/config/conda_store_config.py
@@ -10,9 +10,10 @@
 from pathlib import Path
 
 import requests
-from conda_store_server import api, orm, schema
+from conda_store_server import api
+from conda_store_server._internal import schema
+from conda_store_server._internal.server.dependencies import get_conda_store
 from conda_store_server.server.auth import GenericOAuthAuthentication
-from conda_store_server.server.dependencies import get_conda_store
 from conda_store_server.storage import S3Storage
 
 
@@ -422,8 +423,7 @@ async def authenticate(self, request):
             for namespace in namespaces:
                 _namespace = api.get_namespace(db, name=namespace)
                 if _namespace is None:
-                    db.add(orm.Namespace(name=namespace))
-                    db.commit()
+                    api.ensure_namespace(db, name=namespace)
 
         return schema.AuthenticationToken(
             primary_namespace=username,
diff --git a/tests/common/handlers.py b/tests/common/handlers.py
index 51964d3ac5..761a6efd88 100644
--- a/tests/common/handlers.py
+++ b/tests/common/handlers.py
@@ -298,7 +298,9 @@ def _open_conda_store_service(self):
 
     def _open_new_environment_tab(self):
         self.page.get_by_label("Create a new environment in").click()
-        expect(self.page.get_by_text("Create Environment")).to_be_visible()
+        expect(
+            self.page.get_by_role("button", name="Create", exact=True)
+        ).to_be_visible()
 
     def _assert_user_namespace(self):
         expect(