diff --git a/.gitignore b/.gitignore
index ce8dfb6..d6ac377 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,6 +34,7 @@ override.tf
 override.tf.json
 *_override.tf
 *_override.tf.json
+terraform.log
 
 # Include override files you do wish to add to version control using negated pattern
 #
diff --git a/examples/base/outputs.tf b/examples/base/outputs.tf
index 1f87b90..bff5aa1 100755
--- a/examples/base/outputs.tf
+++ b/examples/base/outputs.tf
@@ -3,10 +3,10 @@ locals {
   testbedconfig = <<TB
 
 1) Copy the SSH key to the bastion host
-scp -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ${var.name_prefix}-key-${random_string.suffix.result}.pem centos@${module.bastion.public_ip}:/home/centos/.
+scp -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ${var.name_prefix}-key-${random_string.suffix.result}.pem ubuntu@${module.bastion.public_ip}:/home/ubuntu/.
 
 2) SSH to the bastion host
-ssh -i ${var.name_prefix}-key-${random_string.suffix.result}.pem centos@${module.bastion.public_ip}
+ssh -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ubuntu@${module.bastion.public_ip}
 
 Resource Group: 
 ${module.network.resource_group_name}
diff --git a/examples/base_pse/README.md b/examples/base_pse/README.md
index 217d72c..355a90d 100644
--- a/examples/base_pse/README.md
+++ b/examples/base_pse/README.md
@@ -50,7 +50,7 @@ From base_pse directory execute:
 | <a name="requirement_null"></a> [null](#requirement\_null) | ~> 3.2.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.6.0 |
 | <a name="requirement_tls"></a> [tls](#requirement\_tls) | ~> 4.0.0 |
-| <a name="requirement_zpa"></a> [zpa](#requirement\_zpa) | ~> 3.31.0 |
+| <a name="requirement_zpa"></a> [zpa](#requirement\_zpa) | ~> 3 |
 
 ## Providers
 
@@ -112,7 +112,7 @@ From base_pse directory execute:
 | <a name="input_pse_subnets"></a> [pse\_subnets](#input\_pse\_subnets) | Private Service Edge Subnets to create in VNet. This is only required if you want to override the default subnets that this code creates via network\_address\_space variable. | `list(string)` | `null` | no |
 | <a name="input_psevm_image_offer"></a> [psevm\_image\_offer](#input\_psevm\_image\_offer) | Azure Marketplace RHEL Image Offer | `string` | `"rh-rhel"` | no |
 | <a name="input_psevm_image_publisher"></a> [psevm\_image\_publisher](#input\_psevm\_image\_publisher) | Red Hat Inc | `string` | `"redhat"` | no |
-| <a name="input_psevm_image_sku"></a> [psevm\_image\_sku](#input\_psevm\_image\_sku) | Azure Marketplace RHEL Image SKU | `string` | `"rh-rhel9-gen1"` | no |
+| <a name="input_psevm_image_sku"></a> [psevm\_image\_sku](#input\_psevm\_image\_sku) | Azure Marketplace RHEL Image SKU | `string` | `"rh-rhel9"` | no |
 | <a name="input_psevm_image_version"></a> [psevm\_image\_version](#input\_psevm\_image\_version) | Azure Marketplace RHEL Image Version | `string` | `"latest"` | no |
 | <a name="input_psevm_instance_type"></a> [psevm\_instance\_type](#input\_psevm\_instance\_type) | Private Service Edge Image size | `string` | `"Standard_D2s_v3"` | no |
 | <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | Public/Bastion Subnets to create in VNet. This is only required if you want to override the default subnets that this code creates via network\_address\_space variable. | `list(string)` | `null` | no |
diff --git a/examples/base_pse/outputs.tf b/examples/base_pse/outputs.tf
index ce35978..2f17f30 100755
--- a/examples/base_pse/outputs.tf
+++ b/examples/base_pse/outputs.tf
@@ -3,13 +3,13 @@ locals {
   testbedconfig = <<TB
 
 1) Copy the SSH key to the bastion host
-scp -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ${var.name_prefix}-key-${random_string.suffix.result}.pem centos@${module.bastion.public_ip}:/home/centos/.
+scp -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ${var.name_prefix}-key-${random_string.suffix.result}.pem ubuntu@${module.bastion.public_ip}:/home/ubuntu/.
 
 2) SSH to the bastion host
-ssh -i ${var.name_prefix}-key-${random_string.suffix.result}.pem centos@${module.bastion.public_ip}
+ssh -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ubuntu@${module.bastion.public_ip}
 
 3) SSH to the Private Service Edge
-ssh -i ${var.name_prefix}-key-${random_string.suffix.result}.pem zpse-admin@${module.pse_vm.private_ip[0]} -o "proxycommand ssh -W %h:%p -i ${var.name_prefix}-key-${random_string.suffix.result}.pem centos@${module.bastion.public_ip}"
+ssh -i ${var.name_prefix}-key-${random_string.suffix.result}.pem zpse-admin@${module.pse_vm.private_ip[0]} -o "proxycommand ssh -W %h:%p -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ubuntu@${module.bastion.public_ip}"
 
 All Private Service Edge Management IPs. Replace private IP below with "zpse-admin"@"ip address" in ssh example command above.
 ${join("\n", module.pse_vm.private_ip)}
diff --git a/examples/base_pse/terraform.tfvars b/examples/base_pse/terraform.tfvars
index 3ef7f1b..82dcd39 100755
--- a/examples/base_pse/terraform.tfvars
+++ b/examples/base_pse/terraform.tfvars
@@ -61,7 +61,7 @@
 ## 5. Azure region where Private Service Edge resources will be deployed. This environment variable is automatically populated if running zspse script
 ##    and thus will override any value set here. Only uncomment and set this value if you are deploying terraform standalone. (Default: westus2)
 
-#arm_location                               = "eastus"
+# arm_location                               = "westus2"
 
 ## 6. Private Service Edge Azure VM Instance size selection. Uncomment acvm_instance_type line with desired vm size to change.
 ##    (Default: Standard_D4s_v3)
@@ -73,7 +73,7 @@
 ##     subnets based on the zones or byo_subnet_names variable and loop through for any deployments where pse_count > zones.
 ##     E.g. pse_count set to 4 and 2 zones set ['1","2"] will create 2x ACs in AZ1 and 2x ACs in AZ2
 
-#pse_count                                  = 1
+pse_count = 1
 
 ## 8. By default, no zones are specified in any resource creation meaning they are either auto-assigned by Azure
 ##    (Virtual Machines and NAT Gateways) or Zone-Redundant (Public IP) based on whatever default configuration is.
diff --git a/examples/base_pse/variables.tf b/examples/base_pse/variables.tf
index 3a4b3f3..261ba9c 100755
--- a/examples/base_pse/variables.tf
+++ b/examples/base_pse/variables.tf
@@ -78,7 +78,7 @@ variable "psevm_image_offer" {
 variable "psevm_image_sku" {
   type        = string
   description = "Azure Marketplace RHEL Image SKU"
-  default     = "rh-rhel9-gen1"
+  default     = "rh-rhel9"
 }
 
 variable "psevm_image_version" {
diff --git a/examples/base_pse/versions.tf b/examples/base_pse/versions.tf
index b9f24f3..af20981 100755
--- a/examples/base_pse/versions.tf
+++ b/examples/base_pse/versions.tf
@@ -22,7 +22,7 @@ terraform {
     }
     zpa = {
       source  = "zscaler/zpa"
-      version = "~> 3.31.0"
+      version = "~> 3"
     }
   }
   required_version = ">= 0.13.7, < 2.0.0"
diff --git a/examples/pse/versions.tf b/examples/pse/versions.tf
index b9f24f3..af20981 100755
--- a/examples/pse/versions.tf
+++ b/examples/pse/versions.tf
@@ -22,7 +22,7 @@ terraform {
     }
     zpa = {
       source  = "zscaler/zpa"
-      version = "~> 3.31.0"
+      version = "~> 3"
     }
   }
   required_version = ">= 0.13.7, < 2.0.0"
diff --git a/modules/terraform-zpa-provisioning-key/README.md b/modules/terraform-zpa-provisioning-key/README.md
index 5e6e279..52d486a 100644
--- a/modules/terraform-zpa-provisioning-key/README.md
+++ b/modules/terraform-zpa-provisioning-key/README.md
@@ -10,13 +10,13 @@ There is a "BYO" option where you can conditionally create new or reference an e
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| <a name="requirement_zpa"></a> [zpa](#requirement\_zpa) | ~> 3.31.0 |
+| <a name="requirement_zpa"></a> [zpa](#requirement\_zpa) | ~> 3 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_zpa"></a> [zpa](#provider\_zpa) | ~> 3.31.0 |
+| <a name="provider_zpa"></a> [zpa](#provider\_zpa) | ~> 3 |
 
 ## Modules
 
diff --git a/modules/terraform-zpa-provisioning-key/versions.tf b/modules/terraform-zpa-provisioning-key/versions.tf
index 07f0e32..f0df7b7 100755
--- a/modules/terraform-zpa-provisioning-key/versions.tf
+++ b/modules/terraform-zpa-provisioning-key/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     zpa = {
       source  = "zscaler/zpa"
-      version = "~> 3.31.0"
+      version = "~> 3"
     }
   }
   required_version = ">= 0.13.7, < 2.0.0"
diff --git a/modules/terraform-zpa-service-edge-group/README.md b/modules/terraform-zpa-service-edge-group/README.md
index 1a84b74..336c2f4 100644
--- a/modules/terraform-zpa-service-edge-group/README.md
+++ b/modules/terraform-zpa-service-edge-group/README.md
@@ -8,13 +8,13 @@ This module provides the resources necessary to create a new ZPA Service Edge Gr
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| <a name="requirement_zpa"></a> [zpa](#requirement\_zpa) | ~> 3.31.0 |
+| <a name="requirement_zpa"></a> [zpa](#requirement\_zpa) | ~> 3 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_zpa"></a> [zpa](#provider\_zpa) | ~> 3.31.0 |
+| <a name="provider_zpa"></a> [zpa](#provider\_zpa) | ~> 3 |
 
 ## Modules
 
diff --git a/modules/terraform-zpa-service-edge-group/versions.tf b/modules/terraform-zpa-service-edge-group/versions.tf
index 07f0e32..f0df7b7 100755
--- a/modules/terraform-zpa-service-edge-group/versions.tf
+++ b/modules/terraform-zpa-service-edge-group/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     zpa = {
       source  = "zscaler/zpa"
-      version = "~> 3.31.0"
+      version = "~> 3"
     }
   }
   required_version = ">= 0.13.7, < 2.0.0"
diff --git a/modules/terraform-zpse-vm-azure/README.md b/modules/terraform-zpse-vm-azure/README.md
index cc86d59..5c3a53e 100644
--- a/modules/terraform-zpse-vm-azure/README.md
+++ b/modules/terraform-zpse-vm-azure/README.md
@@ -38,6 +38,7 @@ No modules.
 |------|------|
 | [azurerm_availability_set.pse_availability_set](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/availability_set) | resource |
 | [azurerm_linux_virtual_machine.pse_vm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) | resource |
+| [azurerm_marketplace_agreement.zs_image_agreement](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/marketplace_agreement) | resource |
 | [azurerm_network_interface.pse_nic](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource |
 | [azurerm_network_interface_security_group_association.pse_nic_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association) | resource |
 
@@ -53,8 +54,8 @@ No modules.
 | <a name="input_pse_subnet_id"></a> [pse\_subnet\_id](#input\_pse\_subnet\_id) | Private Service Edge subnet id | `list(string)` | n/a | yes |
 | <a name="input_pse_username"></a> [pse\_username](#input\_pse\_username) | Default Private Service Edge admin/root username | `string` | `"zpse-admin"` | no |
 | <a name="input_psevm_image_offer"></a> [psevm\_image\_offer](#input\_psevm\_image\_offer) | Azure Marketplace RHEL Image Offer | `string` | `"rh-rhel"` | no |
-| <a name="input_psevm_image_publisher"></a> [psevm\_image\_publisher](#input\_psevm\_image\_publisher) | Red Hat Inc | `string` | `"redhat"` | no |
-| <a name="input_psevm_image_sku"></a> [psevm\_image\_sku](#input\_psevm\_image\_sku) | Azure Marketplace RHEL Image SKU | `string` | `"rh-rhel9-gen1"` | no |
+| <a name="input_psevm_image_publisher"></a> [psevm\_image\_publisher](#input\_psevm\_image\_publisher) | Red Hat Inc | `string` | `"RedHat"` | no |
+| <a name="input_psevm_image_sku"></a> [psevm\_image\_sku](#input\_psevm\_image\_sku) | Azure Marketplace RHEL Image SKU | `string` | `"rh-rhel9"` | no |
 | <a name="input_psevm_image_version"></a> [psevm\_image\_version](#input\_psevm\_image\_version) | Azure Marketplace RHEL Image Version | `string` | `"latest"` | no |
 | <a name="input_psevm_instance_type"></a> [psevm\_instance\_type](#input\_psevm\_instance\_type) | Private Service Edge Image size | `string` | `"Standard_D2s_v3"` | no |
 | <a name="input_resource_group"></a> [resource\_group](#input\_resource\_group) | Main Resource Group Name | `string` | n/a | yes |
diff --git a/modules/terraform-zpse-vm-azure/main.tf b/modules/terraform-zpse-vm-azure/main.tf
index 022df38..4d8d538 100755
--- a/modules/terraform-zpse-vm-azure/main.tf
+++ b/modules/terraform-zpse-vm-azure/main.tf
@@ -30,6 +30,15 @@ resource "azurerm_network_interface_security_group_association" "pse_nic_associa
   depends_on = [azurerm_network_interface.pse_nic]
 }
 
+################################################################################
+# Make sure that ZPA App Connector image terms have been accepted
+################################################################################
+resource "azurerm_marketplace_agreement" "zs_image_agreement" {
+  offer     = var.psevm_image_offer
+  plan      = var.psevm_image_sku
+  publisher = var.psevm_image_publisher
+}
+
 
 ################################################################################
 # Create App Connector VM
@@ -77,7 +86,8 @@ resource "azurerm_linux_virtual_machine" "pse_vm" {
   tags = var.global_tags
 
   depends_on = [
-    azurerm_network_interface_security_group_association.pse_nic_association
+    azurerm_network_interface_security_group_association.pse_nic_association,
+    azurerm_marketplace_agreement.zs_image_agreement
   ]
 }
 
diff --git a/modules/terraform-zpse-vm-azure/variables.tf b/modules/terraform-zpse-vm-azure/variables.tf
index d7553c2..fcc902f 100755
--- a/modules/terraform-zpse-vm-azure/variables.tf
+++ b/modules/terraform-zpse-vm-azure/variables.tf
@@ -63,7 +63,7 @@ variable "user_data" {
 variable "psevm_image_publisher" {
   type        = string
   description = "Red Hat Inc"
-  default     = "redhat"
+  default     = "RedHat"
 }
 
 variable "psevm_image_offer" {
@@ -75,7 +75,7 @@ variable "psevm_image_offer" {
 variable "psevm_image_sku" {
   type        = string
   description = "Azure Marketplace RHEL Image SKU"
-  default     = "rh-rhel9-gen1"
+  default     = "rh-rhel9"
 }
 
 variable "psevm_image_version" {