diff --git a/azure.yaml b/azure.yaml
index eb12323bc..890a5fe54 100644
--- a/azure.yaml
+++ b/azure.yaml
@@ -6,7 +6,6 @@ metadata:
 
 requiredVersions:
   azd: '>= 1.18.0 != 1.23.9'
-  bicep: '>= 0.33.0'
 
 hooks:
   postprovision:
diff --git a/docs/LocalDevelopmentSetup.md b/docs/LocalDevelopmentSetup.md
index 3480589db..ca7647577 100644
--- a/docs/LocalDevelopmentSetup.md
+++ b/docs/LocalDevelopmentSetup.md
@@ -300,6 +300,8 @@ You can also update the `principalId` value in `infra/main.bicep` with your Prin
 
 **Note**: RBAC permission changes can take 5-10 minutes to propagate. If you encounter "Forbidden" errors after assigning roles, wait a few minutes and try again.
 
+> **⚠️ Important**: If your deployment uses WAF or VNET-secured resources with private endpoints, you must enable public network access on all Azure services (Storage, OpenAI, Cognitive Services, Key Vault, PostgreSQL, etc.) to allow local development traffic.
+
 ### 4.4. Configure Authentication Type