diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..8d7a895
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+*	@kentik/bd
diff --git a/README.md b/README.md
index ae70ec0..fbd185e 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@
 #### Single VPC, Single Region
 * [single-vpc](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_AWS/terraform/module/examples/single-vpc)
 #### All VPC, Single Region
-* [all-vpc-from-region](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_AWS/terraform/module/examples/all-vpc-from-region) 
+* [all-vpc-from-region](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_AWS/terraform/module/examples/all-vpc-from-region)
 #### Deploy Sock Shop as an example micro-service architecture
 * [sock-shop-eks](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_AWS/terraform/module/examples/sock-shop-eks)
 
@@ -28,8 +28,6 @@
 # Stage 2 - Automate GCP
 ## Terraform
 * [Terraform](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_GCP/terraform)
-### Demo
-* [Terraform Demo](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_GCP/terraform/module/demo) (TODO)
 ### Examples
 #### Subnet-list, Single region
 * [subnet-list](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_GCP/terraform/module/examples/subnet-list)
@@ -38,17 +36,13 @@
 
 ## Ansible
 * [Ansible](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_GCP/terraform)
-### Demo
-* [Ansible Demo](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_GCP/terraform/module/demo)(TODO)
 
 # Stage 3 - Automate Azure
 ## Terraform
 * [Tearraform](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_Azure/terraform)
-### Demo
-* [Terraform Demo](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_Azure/terraform/module/demo) (TODO)
 ### Examples
-#### Subnet-list, Single region
-* [all_nsg](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_Azure/terraform/module/examples/all_nsg)
+#### All Virtual Networks from multiple Resource Groups
+* [single_account_multiple_resource_groups](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups)
 
 ## Ansible
 * [Ansible](cloud_Azure/ansible/roles/kentik_az)
@@ -56,9 +50,6 @@
 #### All NSG from resource group
 * [all_nsg](cloud_Azure/ansible/examples/all_nsg)
 
-# Stage 4 - Automate IBM Cloud
-## Timing TBD
-
 # General needs for automation
 ## Identity and Access Management
 ## Creation of Storage location
diff --git a/cloud_Azure/terraform/module/README.md b/cloud_Azure/terraform/module/README.md
index 9b12a38..dc9b7de 100644
--- a/cloud_Azure/terraform/module/README.md
+++ b/cloud_Azure/terraform/module/README.md
@@ -3,23 +3,23 @@
 Module supporting management of Azure and Kentik resources required for flow log export from Azure to Kentik.
 
 Module enables:
-* Flow logs in all Network Security Groups (NSG) found in requested Resource Groups
+* Flow logs in all Virtual Networks (VNets) found in requested Resource Groups
 
 Module creates:
-* Service Principal for Kentik NSG Flow Exporter application
+* Service Principal for Kentik VNet Flow Exporter application
 * Reader and Contributor Roles for above mentioned Service Principal
 * One Storage Account for flow logs per requested Resource Group
 * Registers flow in Kentik platform per requested Resource Group
 
 All resources created in Azure are tagged, see variable "resource_tag" in [variables.tf](./variables.tf)
 
-Module assumes that NetworkWatcher resource exists in NetworkWatcherRG resource group in specified Azure location (see variable "location" in [variables.tf](./variables.tf)).  
-For example, in location "eastus" there should be "NetworkWatcher_eastus" in "NetworkWatcherRG" resource group.  
+Module assumes that NetworkWatcher resource exists in NetworkWatcherRG resource group in specified Azure location (see variable "location" in [variables.tf](./variables.tf)).
+For example, in location "eastus" there should be "NetworkWatcher_eastus" in "NetworkWatcherRG" resource group.
 NetworkWatcher is automatically created by Azure when VirtualNetwork is created or updated, [as per documentation.](https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-create). This happens eg. when launching a new virtual machine.
 
 ## Usage examples
 
-* [All Network Security Groups in requested Resource Groups in single Azure Account](examples/single_account_multiple_resource_groups)
+* [All Virtual Networks in requested Resource Groups in single Azure Account](examples/single_account_multiple_resource_groups)
 * [All Network Security Groups in requested Resource Groups in multiple Azure Accounts](examples/multiple_accounts_multiple_resource_group)
 
 ## Requirements
@@ -40,27 +40,6 @@ NetworkWatcher is automatically created by Azure when VirtualNetwork is created
 | null | >= 2.1.2 |
 | external | >= 2.0.0 |
 
-## Python and dependencies
-
-This module uses Python script to list all Network Security Groups in specified Resource Groups and exposes the list to Terraform as external data source.  
-To install Python and required packages:
-* [Install Python and PIP](https://docs.python.org/3/using/index.html)
-* Install packages - in module directory, execute:  
-    PowerShell:
-    ```powershell
-    pip install virtualenv
-    virtualenv venv
-    .\venv\Scripts\activate
-    pip install -r requirements.txt
-    ```
-
-    or Bash:
-    ```bash
-    pip install virtualenv
-    virtualenv venv
-    source venv/bin/activate
-    pip install -r requirements.txt
-    ```
 ## Inputs
 
 | Name | Description | Type | Default | Required |
@@ -71,20 +50,20 @@ To install Python and required packages:
 | email | Kentik account email | `string` | none | yes |
 | token | Kentik account token | `string` | none | yes |
 | plan_id | Kentik billing plan ID | `string` | none | yes |
-| name | Cloudexport entry name in Kentik | `string` | none | yes |
+| name | Cloudexport entry name in Kentik will be appended with: resource_group_names and subscription_id to ensure uniqueness | `string` | none | yes |
 | enabled | Defines if cloud export to Kentik is enabled | `bool` | true | no |
 | description | Cloudexport entry description in Kentik | `string` | `Created using Terraform` | no |
 | resource_tag | Azure Tag value to apply to created resources | `string` | `flow_log_exporter` | no |
-| flow_exporter_application_id | Kentik NSG Flow Exporter application ID | `string` | `a20ce222-63c0-46db-86d5-58551eeee89f` | no |
-| storage_account_names | Names of Storage Accounts for storing flow logs. Names must meet Azure Storage Account naming restrictions.<br>The list should either contain 1 Storage Account name for each Resource Group, or be empty, in which case names will be generated automatically. | `list of strings` | `[]` | no |
+| flow_exporter_application_id | Kentik VNet Flow Exporter application ID | `string` | `a20ce222-63c0-46db-86d5-58551eeee89f` | no |
+| storage_account_names | Names of Storage Accounts to be created for storing flow logs. Names must meet Azure Storage Account naming restrictions.<br>The list should either contain 1 Storage Account name for each Resource Group, or be empty, in which case names will be generated automatically. Auto-generated names will use the first 12 characters of the `var.name` for the Cloudexport as a prefix appended with a random id of 12 characters for global uniqueness. | `list of strings` | `[]` | no |
 
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| network_security_groups | Id's of the Network Security Groups which flow logs will be collected |
+| vnet_ids | Id's of the Virtual Networks which to collect flow logs |
 | subscription_id | Azure subscription ID |
 | resource_group_names | Names of Resource Groups from which to collect flow logs |
 | storage_accounts | Storage Account names where flow logs will be collected |
-| principal_id | Service Principal ID created for Kentik NSG Flow Exporter application |
+| principal_id | Service Principal ID created for Kentik VNet Flow Exporter application |
diff --git a/cloud_Azure/terraform/module/cloudexport.tf b/cloud_Azure/terraform/module/cloudexport.tf
index c531284..8b8ef73 100644
--- a/cloud_Azure/terraform/module/cloudexport.tf
+++ b/cloud_Azure/terraform/module/cloudexport.tf
@@ -14,9 +14,9 @@ provider "kentik-cloudexport" {
 
 # Creates one Kentik CloudExport for every requested Resource Group
 resource "kentik-cloudexport_item" "azure_export" {
-  count = length(var.resource_group_names)
+  for_each = { for rg in var.resource_group_names : rg => rg }
 
-  name           = "${var.name}-${var.resource_group_names[count.index]}-${var.subscription_id}" # resource group name + subscription id make the name unique
+  name           = "${var.name}-${each.key}-${var.subscription_id}" # resource group name + subscription id make the name unique
   type           = "CLOUD_EXPORT_TYPE_KENTIK_MANAGED"
   enabled        = var.enabled
   description    = var.description
@@ -25,8 +25,8 @@ resource "kentik-cloudexport_item" "azure_export" {
   azure {
     subscription_id            = var.subscription_id
     location                   = var.location
-    resource_group             = var.resource_group_names[count.index]
-    storage_account            = azurerm_storage_account.logs_storage_account[count.index].name # storage accounts are mapped to resource groups 1:1
+    resource_group             = each.key
+    storage_account            = azurerm_storage_account.logs_storage_account[each.key].name # storage accounts are mapped to resource groups 1:1
     security_principal_enabled = true
   }
-}
\ No newline at end of file
+}
diff --git a/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/README.md b/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/README.md
index d724701..9113486 100644
--- a/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/README.md
+++ b/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/README.md
@@ -15,7 +15,7 @@ None.
     location = "eastus"
     resource_group_names = ["resource-group-1", "resource-group-2", "resource-group-3"] # groups must exist in selected location
     storage_account_names = []
-    
+
     # Kentik
     email = "dummy@test.mail"
     token = "dummy_token"
@@ -29,8 +29,6 @@ None.
 
 1. Execute:
     ```bash
-    virtualenv venv && source venv/bin/activate
-    pip install -r ../../requirements.txt
     terraform init
     ```
 
diff --git a/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/main.tf b/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/main.tf
index c96cc1b..725f162 100644
--- a/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/main.tf
+++ b/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/main.tf
@@ -3,11 +3,11 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 3.10"
+      version = "~> 4.15"
     }
     azuread = {
       source  = "hashicorp/azuread"
-      version = "~> 2.24"
+      version = "~> 3.0"
     }
     kentik-cloudexport = {
       source  = "kentik/kentik-cloudexport"
diff --git a/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/output.tf b/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/output.tf
index 69348b1..665f42b 100644
--- a/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/output.tf
+++ b/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups/output.tf
@@ -1,7 +1,7 @@
 
-output "network_security_groups" {
-  value       = module.kentik_azure_integration.network_security_groups
-  description = "Id's of the Network Security Groups which flow logs will be collected"
+output "vnet_ids" {
+  value       = module.kentik_azure_integration.vnet_ids
+  description = "Id's of the Virtual Networks from which to collect flow logs"
 }
 
 output "subscription_id" {
@@ -22,4 +22,4 @@ output "storage_accounts" {
 output "principal_id" {
   value       = module.kentik_azure_integration.principal_id
   description = "Service Principal ID created for Kentik NSG Flow Exporter application"
-}
\ No newline at end of file
+}
diff --git a/cloud_Azure/terraform/module/get_nsg.py b/cloud_Azure/terraform/module/get_nsg.py
deleted file mode 100755
index 4b31455..0000000
--- a/cloud_Azure/terraform/module/get_nsg.py
+++ /dev/null
@@ -1,34 +0,0 @@
-import sys
-from typing import Dict, List
-
-from az.cli import az
-from terraform_external_data import terraform_external_data
-
-
-@terraform_external_data
-def get_nsg_from_rg(query: Dict[str, str]) -> Dict[str, str]:
-    """
-    Gather all Network Security Groups for each requested Resource Group
-    """
-
-    if query["resource_group_names"] == "":
-        return {}
-
-    resource_group_names: List[str] = query["resource_group_names"].split(",")
-    result: Dict[str, str] = {}
-
-    for rg in resource_group_names:
-        exit_code, result_dict, logs = az(f"network nsg list --resource-group {rg} --query '[].id' -o json")
-        if exit_code == 0:
-            network_security_group_ids = str(result_dict).strip("[]").replace("'", "").replace(" ", "")
-            result[rg] = network_security_group_ids
-        else:
-            # Terraform-Python communication protocol: on error, print message to stderr and exit with non-zero code
-            print(logs, file=sys.stderr)
-            exit(1)
-
-    return result  # result is consumed by function decorator
-
-
-if __name__ == "__main__":
-    get_nsg_from_rg()  # pylint: disable=no-value-for-parameter
diff --git a/cloud_Azure/terraform/module/network_watcher.tf b/cloud_Azure/terraform/module/network_watcher.tf
index b2dbca0..c75674e 100644
--- a/cloud_Azure/terraform/module/network_watcher.tf
+++ b/cloud_Azure/terraform/module/network_watcher.tf
@@ -5,55 +5,42 @@ data "azurerm_network_watcher" "network_watcher" {
   resource_group_name = "NetworkWatcherRG"
 }
 
-# Runs python script to gather network security groups from each requested resource group
-# This is required because no Terraform provider exposes such functionality
-# Resulting "data.external.nsg_data_source.results" is a map of string -> string, eg.
-# {
-#   "ResourceGroupName1" -> "NetworkSercurityGroupId1,NetworkSecurityGroupId2",
-#   "ResourceGroupName2" -> "NetworkSercurityGroupId3,NetworkSecurityGroupId4"
-# }
-data "external" "nsg_data_source" {
-  program = ["python3", "${path.module}/get_nsg.py"]
-  query = {
-    resource_group_names = join(",", var.resource_group_names)
-  }
+# Fetch all VNets for each resource group
+data "azurerm_resources" "vnet" {
+  for_each            = toset(var.resource_group_names)
+  type                = "Microsoft.Network/virtualNetworks"
+  resource_group_name = each.key
 }
 
-# Convert map of string -> string:
-# {
-#   "ResourceGroupName1" -> "NetworkSercurityGroupId1,NetworkSecurityGroupId2",
-#   "ResourceGroupName2" -> "NetworkSercurityGroupId3,NetworkSecurityGroupId4"
-# }
-# to list of objects:
-# [
-#   {rg = "ResourceGroupName1", nsg = "NetworkSercurityGroupId1"},
-#   {rg = "ResourceGroupName1", nsg = "NetworkSercurityGroupId2"},
-#   {rg = "ResourceGroupName2", nsg = "NetworkSercurityGroupId3"},
-#   {rg = "ResourceGroupName2", nsg = "NetworkSercurityGroupId4"}
-# ]
+# Map resource group names to their corresponding VNets
+# Flatten map to list of objects
 locals {
-  flat_nsgs = flatten([
-    for rg, nsg_list in data.external.nsg_data_source.result : [
-      for nsg in split(",", nsg_list) : {
-        rg  = rg  # Resource Group name
-        nsg = nsg # Network Security Group ID
+  flat_vnets = flatten([
+    for rg in var.resource_group_names : [
+      for vnet in data.azurerm_resources.vnet[rg].resources : {
+        key = "${rg}-${vnet.name}"
+        value = {
+          rg   = rg
+          name = vnet.name
+          id   = vnet.id
+        }
       }
-    ] if length(nsg_list) > 0 # filter out Resource Groups that have no Network Security Groups
+    ] if length(data.azurerm_resources.vnet[rg].resources) > 0 # filter out resource groups without VNets
   ])
 }
 
-# Turns on flow logs for all network security groups in requested resource groups
+# Turns on vnet flow logs for all vnets in requested resource groups
 resource "azurerm_network_watcher_flow_log" "kentik_network_flow_log" {
-  count = length(local.flat_nsgs)
+  for_each = { for vnet in local.flat_vnets : vnet.key => vnet.value }
 
-  name = "${var.name}_flow_log_${count.index}"
+  name                 = "${var.name}-flowLog-${each.value.name}"
   network_watcher_name = data.azurerm_network_watcher.network_watcher.name
-  resource_group_name  = data.azurerm_network_watcher.network_watcher.resource_group_name
+  resource_group_name  = "NetworkWatcherRG"
 
-  network_security_group_id = local.flat_nsgs[count.index].nsg
-  storage_account_id        = azurerm_storage_account.logs_storage_account[index(var.resource_group_names, local.flat_nsgs[count.index].rg)].id
-  enabled                   = true
-  version                   = 2
+  target_resource_id = each.value.id
+  storage_account_id = azurerm_storage_account.logs_storage_account[each.value.rg].id
+  enabled            = true
+  version            = 2
   retention_policy {
     enabled = true
     days    = 7
diff --git a/cloud_Azure/terraform/module/output.tf b/cloud_Azure/terraform/module/output.tf
index 743b480..70053e9 100644
--- a/cloud_Azure/terraform/module/output.tf
+++ b/cloud_Azure/terraform/module/output.tf
@@ -1,6 +1,6 @@
-output "network_security_groups" {
-  value       = [for v in local.flat_nsgs : v.nsg]
-  description = "Id's of the Network Security Groups which flow logs will be collected"
+output "vnet_ids" {
+  value       = [for vnet in local.flat_vnets : vnet.value.id]
+  description = "Id's of the Virtual Networks from which to collect flow logs"
 }
 
 output "subscription_id" {
@@ -14,11 +14,11 @@ output "resource_group_names" {
 }
 
 output "storage_accounts" {
-  value       = azurerm_storage_account.logs_storage_account[*].name
+  value       = [for sa in azurerm_storage_account.logs_storage_account : sa.name]
   description = "Storage Account names where flow logs will be collected"
 }
 
 output "principal_id" {
-  value       = local.kentik_nsg_flow_exporter_id
-  description = "Service Principal ID created for Kentik NSG Flow Exporter application"
-}
\ No newline at end of file
+  value       = local.kentik_vnet_flow_exporter_id
+  description = "Service Principal ID created for Kentik VNet Flow Exporter application"
+}
diff --git a/cloud_Azure/terraform/module/providers.tf b/cloud_Azure/terraform/module/providers.tf
deleted file mode 100644
index 1cc54b2..0000000
--- a/cloud_Azure/terraform/module/providers.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-# Enable network watcher feature
-resource "null_resource" "feature_allow_watcher" {
-  provisioner "local-exec" {
-    command = "az feature register --namespace Microsoft.Network --name AllowNetworkWatcher"
-  }
-
-  provisioner "local-exec" {
-    command = "az provider register -n Microsoft.Network"
-  }
-}
-
-# Enable Microsoft Insights
-resource "null_resource" "feature_insights_register" {
-  provisioner "local-exec" {
-    command = "az provider register -n Microsoft.Insights"
-  }
-}
diff --git a/cloud_Azure/terraform/module/requirements.txt b/cloud_Azure/terraform/module/requirements.txt
deleted file mode 100644
index a547788..0000000
--- a/cloud_Azure/terraform/module/requirements.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-az.cli>=0.4
-virtualenv>=20.4.0
-terraform-external-data>=1.0.3
\ No newline at end of file
diff --git a/cloud_Azure/terraform/module/roles.tf b/cloud_Azure/terraform/module/roles.tf
index 79b018d..73b5e2b 100644
--- a/cloud_Azure/terraform/module/roles.tf
+++ b/cloud_Azure/terraform/module/roles.tf
@@ -1,17 +1,17 @@
 # Provide service principal Contributor role to each storage account
-resource "azurerm_role_assignment" "kentic_role_contributor" {
-  count = length(azurerm_storage_account.logs_storage_account)
+resource "azurerm_role_assignment" "kentik_role_contributor" {
+  for_each = azurerm_storage_account.logs_storage_account
 
-  scope                = azurerm_storage_account.logs_storage_account[count.index].id
+  scope                = each.value.id
   role_definition_name = "Contributor"
-  principal_id         = local.kentik_nsg_flow_exporter_id
+  principal_id         = local.kentik_vnet_flow_exporter_id
 }
 
 # Provide service principal Reader role to each Resource Group
-resource "azurerm_role_assignment" "kentic_role_reader" {
-  count = length(var.resource_group_names)
+resource "azurerm_role_assignment" "kentik_role_reader" {
+  for_each = toset(var.resource_group_names)
 
-  scope                = "/subscriptions/${var.subscription_id}/resourceGroups/${var.resource_group_names[count.index]}"
+  scope                = "/subscriptions/${var.subscription_id}/resourceGroups/${each.value}"
   role_definition_name = "Reader"
-  principal_id         = local.kentik_nsg_flow_exporter_id
+  principal_id         = local.kentik_vnet_flow_exporter_id
 }
diff --git a/cloud_Azure/terraform/module/service_principal.tf b/cloud_Azure/terraform/module/service_principal.tf
index d625e84..f5e0bc7 100644
--- a/cloud_Azure/terraform/module/service_principal.tf
+++ b/cloud_Azure/terraform/module/service_principal.tf
@@ -1,20 +1,20 @@
 data "azuread_client_config" "current" {}
 
-data "azuread_service_principals" "existing_nsg_flow_exporter" {
-  client_ids = [var.flow_exporter_application_id]
+data "azuread_service_principals" "existing_vnet_flow_exporter" {
+  client_ids     = [var.flow_exporter_application_id]
   ignore_missing = true
 }
 
 locals {
-  nsg_flow_exporter_already_exists = length(data.azuread_service_principals.existing_nsg_flow_exporter.object_ids) == 1 ? true : false
+  vnet_flow_exporter_already_exists = length(data.azuread_service_principals.existing_vnet_flow_exporter.object_ids) == 1
 }
 
-# Creates Service Principal for pre-existing "Kentik NSG Flow Exporter" app, so the app can access flow logs in Azure cloud
+# Creates Service Principal for pre-existing "Kentik VNet Flow Exporter" app, so the app can access flow logs in Azure cloud
 # This resource is shared across Azure Account, so only create it if doesn't exist yet
-resource "azuread_service_principal" "new_nsg_flow_exporter" {
-  count = local.nsg_flow_exporter_already_exists ? 0 : 1
+resource "azuread_service_principal" "new_vnet_flow_exporter" {
+  count = local.vnet_flow_exporter_already_exists ? 0 : 1
 
-  client_id               = var.flow_exporter_application_id
+  client_id                    = var.flow_exporter_application_id
   app_role_assignment_required = false
   owners                       = [data.azuread_client_config.current.object_id]
 
@@ -24,5 +24,5 @@ resource "azuread_service_principal" "new_nsg_flow_exporter" {
 }
 
 locals {
-  kentik_nsg_flow_exporter_id = local.nsg_flow_exporter_already_exists ? data.azuread_service_principals.existing_nsg_flow_exporter.object_ids[0] : azuread_service_principal.new_nsg_flow_exporter[0].object_id
-}
\ No newline at end of file
+  kentik_vnet_flow_exporter_id = local.vnet_flow_exporter_already_exists ? data.azuread_service_principals.existing_vnet_flow_exporter.object_ids[0] : azuread_service_principal.new_vnet_flow_exporter[0].object_id
+}
diff --git a/cloud_Azure/terraform/module/storage_account.tf b/cloud_Azure/terraform/module/storage_account.tf
index 1b57d24..0552652 100644
--- a/cloud_Azure/terraform/module/storage_account.tf
+++ b/cloud_Azure/terraform/module/storage_account.tf
@@ -1,20 +1,36 @@
 # Prepare names that meet Azure Storage Account naming restrictions (only alphanum letters, max 24 length, Azure-wide unique)
-# Each output name is concatenation of Resource Group name and Subscription ID, adjusted to naming restrictions
+resource "random_id" "storage_account_id" {
+  count       = length(var.resource_group_names)
+  byte_length = 6 # 6 bytes = 12 characters when base64 encoded
+}
+
+# Each output name is concatenation of the exporter name truncated to 12 chars and a random id of 12 chars, adjusted to naming restrictions
 locals {
-  _names                          = [for name in var.resource_group_names : "${name}${var.subscription_id}"]
+  truncated_name                  = substr(var.name, 0, 12)
+  _names                          = [for idx in range(length(var.resource_group_names)) : "${local.truncated_name}${random_id.storage_account_id[idx].hex}"]
   _lowercase_names                = [for name in local._names : lower(name)]
   _alphanum_lowercase_names       = [for name in local._lowercase_names : join("", regexall("[[:alnum:]]+", name))]
   generated_storage_account_names = [for name in local._alphanum_lowercase_names : substr(name, 0, 24)]
 }
 
+# Create a map of resource group names to storage account names
+locals {
+  resource_group_to_storage_account = {
+    for idx, rg in var.resource_group_names : rg => (
+      length(var.storage_account_names) == length(var.resource_group_names) ?
+      var.storage_account_names[idx] :
+      local.generated_storage_account_names[idx]
+    )
+  }
+}
+
 # Creates one storage account per resource group to store flow logs
-# StorageAccounts are mapped 1:1 to resource_group_names and this fact is used to get storage account id for given resource group name 
+# StorageAccounts are mapped 1:1 to resource_group_names and this fact is used to get storage account id for given resource group name
 resource "azurerm_storage_account" "logs_storage_account" {
-  count = length(var.resource_group_names)
+  for_each = local.resource_group_to_storage_account
 
-  # use either custom name if one is provided, or generated one
-  name                     = length(var.storage_account_names) == length(var.resource_group_names) ? var.storage_account_names[count.index] : local.generated_storage_account_names[count.index]
-  resource_group_name      = var.resource_group_names[count.index]
+  name                     = each.value
+  resource_group_name      = each.key
   location                 = var.location
   account_tier             = "Standard"
   account_replication_type = "GRS"
@@ -22,4 +38,4 @@ resource "azurerm_storage_account" "logs_storage_account" {
   tags = {
     app = var.resource_tag
   }
-}
\ No newline at end of file
+}
diff --git a/cloud_Azure/terraform/module/tests/main.tf b/cloud_Azure/terraform/module/tests/main.tf
index 6737976..f8e4bd4 100644
--- a/cloud_Azure/terraform/module/tests/main.tf
+++ b/cloud_Azure/terraform/module/tests/main.tf
@@ -3,11 +3,11 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 3.10"
+      version = "~> 4.15"
     }
     azuread = {
       source  = "hashicorp/azuread"
-      version = "~> 2.24"
+      version = "~> 3.0"
     }
     kentik-cloudexport = {
       source  = "kentik/kentik-cloudexport"
diff --git a/cloud_Azure/terraform/module/variables.tf b/cloud_Azure/terraform/module/variables.tf
index 8a589ef..2988dcb 100644
--- a/cloud_Azure/terraform/module/variables.tf
+++ b/cloud_Azure/terraform/module/variables.tf
@@ -1,4 +1,4 @@
-# provideres: azurerm & azuread
+# providers: azurerm & azuread
 variable "subscription_id" {
   type        = string
   description = "Azure subscription ID"
@@ -62,5 +62,5 @@ variable "enabled" {
 variable "flow_exporter_application_id" {
   type        = string
   default     = "a20ce222-63c0-46db-86d5-58551eeee89f"
-  description = "Kentik NSG Flow Exporter application ID"
-}
\ No newline at end of file
+  description = "Kentik VNet Flow Exporter application ID"
+}
diff --git a/cloud_IBM/README.md b/cloud_IBM/README.md
deleted file mode 100644
index 55f985c..0000000
--- a/cloud_IBM/README.md
+++ /dev/null
@@ -1 +0,0 @@
-place holder