diff --git a/.cruft.json b/.cruft.json
index c2a747d..5fc4738 100644
--- a/.cruft.json
+++ b/.cruft.json
@@ -1,6 +1,6 @@
 {
   "template": "https://github.com/Azure-Samples/Azure-Python-Standardization-Template-Generator",
-  "commit": "ab89511a94d0e2e2a58acb9428a5cf4875af1c23",
+  "commit": "895511f3a3fb63b5e485f9efd3769c844e5b3296",
   "checkout": null,
   "context": {
     "cookiecutter": {
diff --git a/ps-rule.yaml b/ps-rule.yaml
index 21b1d31..3bc10f5 100644
--- a/ps-rule.yaml
+++ b/ps-rule.yaml
@@ -9,4 +9,6 @@ rule:
   exclude:
   # Ignore ACA public access rules since all these templates are for public facing web apps
   - Azure.ContainerApp.RestrictIngress
-  - Azure.ContainerApp.PublicAccess
\ No newline at end of file
+  - Azure.ContainerApp.PublicAccess
+  # Don't require NSG for an internal VNET for connecting apps to keyvaults
+  - Azure.VNET.UseNSGs