diff --git a/contributors.jenkins.io.tf b/contributors.jenkins.io.tf
index c9119196..3fe69278 100644
--- a/contributors.jenkins.io.tf
+++ b/contributors.jenkins.io.tf
@@ -13,11 +13,20 @@ resource "azurerm_storage_account" "contributors_jenkins_io" {
   resource_group_name       = azurerm_resource_group.contributors_jenkins_io.name
   location                  = azurerm_resource_group.contributors_jenkins_io.location
   account_tier              = "Standard"
-  account_replication_type  = "GRS"
-  account_kind              = "Storage"
+  account_replication_type  = "ZRS"
+  account_kind              = "StorageV2"
   enable_https_traffic_only = true
   min_tls_version           = "TLS1_2"
 
+  network_rules {
+    default_action = "Deny"
+    ip_rules = flatten(concat(
+      [for key, value in module.jenkins_infra_shared_data.admin_public_ips : value]
+    ))
+    virtual_network_subnet_ids = [data.azurerm_subnet.privatek8s_tier.id, data.azurerm_subnet.publick8s_tier.id]
+    bypass                     = ["AzureServices"]
+  }
+
   tags = local.default_tags
 }