diff --git a/README.md b/README.md
index 1ee322b7..3d64a98e 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ The following requirements are needed by this module:
 
 - <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.3.0)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.71.0)
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.86.0)
 
 - <a name="requirement_local"></a> [local](#requirement\_local) (2.4.1)
 
@@ -35,7 +35,7 @@ The following requirements are needed by this module:
 
 The following providers are used by this module:
 
-- <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) (>= 3.71.0)
+- <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) (>= 3.86.0)
 
 - <a name="provider_local"></a> [local](#provider\_local) (2.4.1)
 
@@ -48,7 +48,10 @@ The following resources are used by this module:
 - [azurerm_container_registry.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry) (resource)
 - [azurerm_kubernetes_cluster.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) (resource)
 - [azurerm_kubernetes_cluster_node_pool.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool) (resource)
+- [azurerm_log_analytics_workspace.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) (resource)
+- [azurerm_log_analytics_workspace_table.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace_table) (resource)
 - [azurerm_management_lock.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock) (resource)
+- [azurerm_monitor_diagnostic_setting.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) (resource)
 - [azurerm_private_endpoint.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) (resource)
 - [azurerm_private_endpoint_application_security_group_association.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint_application_security_group_association) (resource)
 - [azurerm_resource_group_template_deployment.telemetry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_template_deployment) (resource)
@@ -56,6 +59,7 @@ The following resources are used by this module:
 - [azurerm_role_assignment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [random_id.telem](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) (resource)
 - [random_string.acr_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) (resource)
+- [azurerm_monitor_diagnostic_categories.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_diagnostic_categories) (data source)
 - [local_file.compute_provider](https://registry.terraform.io/providers/hashicorp/local/2.4.1/docs/data-sources/file) (data source)
 - [local_file.locations](https://registry.terraform.io/providers/hashicorp/local/2.4.1/docs/data-sources/file) (data source)
 
@@ -145,6 +149,14 @@ Type: `list(string)`
 
 Default: `null`
 
+### <a name="input_key_vault_secrets_provider_enabled"></a> [key\_vault\_secrets\_provider\_enabled](#input\_key\_vault\_secrets\_provider\_enabled)
+
+Description: (Optional) Whether to use the Azure Key Vault Provider for Secrets Store CSI Driver in an AKS cluster. For more details: https://docs.microsoft.com/en-us/azure/aks/csi-secrets-store-driver
+
+Type: `bool`
+
+Default: `false`
+
 ### <a name="input_lock"></a> [lock](#input\_lock)
 
 Description: The lock level to apply. Default is `None`. Possible values are `None`, `CanNotDelete`, and `ReadOnly`.
@@ -160,6 +172,14 @@ object({
 
 Default: `{}`
 
+### <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id)
+
+Description: (Optional) The ID of the Log Analytics Workspace to use for the OMS agent.
+
+Type: `string`
+
+Default: `null`
+
 ### <a name="input_managed_identities"></a> [managed\_identities](#input\_managed\_identities)
 
 Description: Managed identities to be created for the resource.
@@ -175,6 +195,25 @@ object({
 
 Default: `{}`
 
+### <a name="input_monitor_metrics"></a> [monitor\_metrics](#input\_monitor\_metrics)
+
+Description: (Optional) Specifies a Prometheus add-on profile for the Kubernetes Cluster  
+object({  
+  annotations\_allowed = "(Optional) Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric."  
+  labels\_allowed      = "(Optional) Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric."
+})
+
+Type:
+
+```hcl
+object({
+    annotations_allowed = optional(string)
+    labels_allowed      = optional(string)
+  })
+```
+
+Default: `null`
+
 ### <a name="input_node_pools"></a> [node\_pools](#input\_node\_pools)
 
 Description: A map of node pools that need to be created and attached on the Kubernetes cluster. The key of the map can be the name of the node pool, and the key must be static string. The value of the map is a `node_pool` block as defined below:  
diff --git a/locals.tf b/locals.tf
index ff59cefb..8728bf5c 100644
--- a/locals.tf
+++ b/locals.tf
@@ -59,4 +59,7 @@ locals {
       }
     ]
   ])
+}
+locals {
+  log_analytics_tables = ["AKSAudit", "AKSAuditAdmin", "AKSControlPlane"]
 }
\ No newline at end of file
diff --git a/main.tf b/main.tf
index fa11734d..835e64f9 100644
--- a/main.tf
+++ b/main.tf
@@ -43,15 +43,13 @@ resource "azurerm_kubernetes_cluster" "this" {
   workload_identity_enabled         = true
 
   default_node_pool {
-    name                = "agentpool"
-    vm_size             = "Standard_D4d_v5"
-    enable_auto_scaling = true
-    # autoscaler profile setting on the old module use the configuration
+    name                   = "agentpool"
+    vm_size                = "Standard_D4d_v5"
+    enable_auto_scaling    = true
     enable_host_encryption = true
-    max_count              = 5
+    max_count              = 9
     max_pods               = 110
-    min_count              = 2
-    node_count             = 5
+    min_count              = 3
     os_sku                 = "Ubuntu"
     tags                   = merge(var.tags, var.agents_tags)
     zones                  = try([for zone in local.regions_by_name_or_display_name[var.location].zones : zone], null)
@@ -69,6 +67,101 @@ resource "azurerm_kubernetes_cluster" "this" {
   key_vault_secrets_provider {
     secret_rotation_enabled = true
   }
+  dynamic "monitor_metrics" {
+
+    for_each = var.monitor_metrics != null ? [var.monitor_metrics] : []
+
+    content {
+      annotations_allowed = var.monitor_metrics.annotations_allowed
+      labels_allowed      = var.monitor_metrics.labels_allowed
+    }
+  }
+  network_profile {
+    network_plugin      = "azure"
+    load_balancer_sku   = "standard"
+    network_plugin_mode = "overlay"
+    network_policy      = "calico"
+    outbound_type       = "managedNATGateway"
+  }
+  oms_agent {
+    log_analytics_workspace_id      = azurerm_log_analytics_workspace.this.id
+    msi_auth_for_monitoring_enabled = true
+  }
+}
+
+data "azurerm_monitor_diagnostic_categories" "aks" {
+  resource_id = azurerm_kubernetes_cluster.this.id
+}
+
+resource "azurerm_log_analytics_workspace" "this" {
+  location            = var.location
+  name                = "${var.name}-aks"
+  resource_group_name = var.resource_group_name
+  sku                 = "PerGB2018"
+  tags                = var.tags
+}
+
+resource "azurerm_log_analytics_workspace_table" "this" {
+  for_each = toset(local.log_analytics_tables)
+
+  name         = each.value
+  workspace_id = azurerm_log_analytics_workspace.this.id
+  plan         = "Basic"
+}
+
+resource "azurerm_monitor_diagnostic_setting" "aks" {
+  name                           = "${var.name}-aks"
+  target_resource_id             = azurerm_kubernetes_cluster.this.id
+  log_analytics_destination_type = "Dedicated"
+  log_analytics_workspace_id     = azurerm_log_analytics_workspace.this.id
+
+  # Kubernetes API Server
+  enabled_log {
+    category = "kube-apiserver"
+  }
+  # Kubernetes Audit
+  enabled_log {
+    category = "kube-audit"
+  }
+  # Kubernetes Audit Admin Logs
+  enabled_log {
+    category = "kube-audit-admin"
+  }
+  # Kubernetes Controller Manager
+  enabled_log {
+    category = "kube-controller-manager"
+  }
+  # Kubernetes Scheduler
+  enabled_log {
+    category = "kube-scheduler"
+  }
+  #Kubernetes Cluster Autoscaler
+  enabled_log {
+    category = "cluster-autoscaler"
+  }
+  #Kubernetes Cloud Controller Manager
+  enabled_log {
+    category = "cloud-controller-manager"
+  }
+  #guard
+  enabled_log {
+    category = "guard"
+  }
+  #csi-azuredisk-controller
+  enabled_log {
+    category = "csi-azuredisk-controller"
+  }
+  #csi-azurefile-controller
+  enabled_log {
+    category = "csi-azurefile-controller"
+  }
+  #csi-snapshot-controller
+  enabled_log {
+    category = "csi-snapshot-controller"
+  }
+  metric {
+    category = "AllMetrics"
+  }
 }
 
 # required AVM resources interfaces
@@ -118,4 +211,4 @@ data "local_file" "compute_provider" {
 
 data "local_file" "locations" {
   filename = "${path.module}/data/locations.json"
-}
\ No newline at end of file
+}
diff --git a/terraform.tf b/terraform.tf
index 970d068b..1f81a01f 100644
--- a/terraform.tf
+++ b/terraform.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.71.0"
+      version = ">= 3.86.0"
     }
     local = {
       source  = "hashicorp/local"
diff --git a/variables.tf b/variables.tf
index 8425851a..c0d14a1f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -71,6 +71,13 @@ variable "identity_ids" {
   description = "(Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster."
 }
 
+variable "key_vault_secrets_provider_enabled" {
+  type        = bool
+  default     = false
+  description = "(Optional) Whether to use the Azure Key Vault Provider for Secrets Store CSI Driver in an AKS cluster. For more details: https://docs.microsoft.com/en-us/azure/aks/csi-secrets-store-driver"
+  nullable    = false
+}
+
 variable "lock" {
   type = object({
     name = optional(string, null)
@@ -86,6 +93,12 @@ variable "lock" {
   }
 }
 
+variable "log_analytics_workspace_id" {
+  type        = string
+  default     = null
+  description = "(Optional) The ID of the Log Analytics Workspace to use for the OMS agent."
+}
+
 # tflint-ignore: terraform_unused_declarations
 variable "managed_identities" {
   type = object({
@@ -96,6 +109,21 @@ variable "managed_identities" {
   description = "Managed identities to be created for the resource."
 }
 
+variable "monitor_metrics" {
+  type = object({
+    annotations_allowed = optional(string)
+    labels_allowed      = optional(string)
+  })
+  default     = null
+  description = <<-EOT
+  (Optional) Specifies a Prometheus add-on profile for the Kubernetes Cluster
+  object({
+    annotations_allowed = "(Optional) Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric."
+    labels_allowed      = "(Optional) Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric."
+  })
+EOT
+}
+
 variable "node_pools" {
   type = map(object({
     name    = string