diff --git a/docs/CustomizingAzdParameters.md b/docs/CustomizingAzdParameters.md
index 195d4430..d8161832 100644
--- a/docs/CustomizingAzdParameters.md
+++ b/docs/CustomizingAzdParameters.md
@@ -17,7 +17,7 @@ By default this template will use the environment name as the prefix to prevent
 | `AZURE_ENV_MODEL_CAPACITY`             | integer | `200`            | Set the Model Capacity (choose a number based on available GPT model capacity in your subscription). |
 | `AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID` | string  | `<Existing Workspace Id>`     | Set this if you want to reuse an existing Log Analytics Workspace instead of creating a new one.     |
 | `AZURE_ENV_IMAGETAG`                   | string  | `latest`         | Set the Image tag Like (allowed values: latest, dev, hotfix)    |
-
+| `AZURE_ENV_JUMPBOX_SIZE`                   | string  | `Standard_DS2_v2`         | Specifies the size of the Jumpbox Virtual Machine. Set a custom value if `enablePrivateNetworking` is `true`.    |
 ---
 
 ## How to Set a Parameter
diff --git a/infra/main.bicep b/infra/main.bicep
index 548d49be..c851c552 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -61,6 +61,9 @@ param secondaryLocation string?
 @description('Optional. Enable private networking for the resources. Set to true to enable private networking. Defaults to false.')
 param enablePrivateNetworking bool = useWafAlignedArchitecture? true : false
 
+@description('Optional. Size of the Jumpbox Virtual Machine when created. Set to custom value if enablePrivateNetworking is true.')
+param vmSize string? 
+
 @description('Optional. Admin username for the Jumpbox Virtual Machine. Set to custom value if enablePrivateNetworking is true.')
 @secure()
 //param vmAdminUsername string = take(newGuid(), 20)
@@ -200,6 +203,7 @@ module applicationInsights 'br/public:avm/res/insights/component:0.6.0' = if (en
   }
 }
 
+
 module network 'modules/network.bicep' = if (enablePrivateNetworking) {
   name: take('network-${resourcesName}-deployment', 64)
   params: {
@@ -207,6 +211,7 @@ module network 'modules/network.bicep' = if (enablePrivateNetworking) {
     logAnalyticsWorkSpaceResourceId: logAnalyticsWorkspaceResourceId
     vmAdminUsername: vmAdminUsername ?? 'JumpboxAdminUser'
     vmAdminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'
+    vmSize: vmSize ??  'Standard_DS2_v2' // Default VM size 
     location: location
     tags: allTags
     enableTelemetry: enableTelemetry
diff --git a/infra/main.parameters.json b/infra/main.parameters.json
index e1a4d73d..5cbe4410 100644
--- a/infra/main.parameters.json
+++ b/infra/main.parameters.json
@@ -29,6 +29,9 @@
     "secondaryLocation": {
       "value": "${AZURE_ENV_COSMOS_SECONDARY_LOCATION}"
     },
+    "vmSize": {
+      "value": "${AZURE_ENV_JUMPBOX_SIZE}"
+    },
     "vmAdminUsername": {
       "value": "${AZURE_ENV_JUMPBOX_ADMIN_USERNAME}"
     },
diff --git a/infra/modules/ai-foundry/ai-services.bicep b/infra/modules/ai-foundry/ai-services.bicep
index bb601e0b..f1aeef6b 100644
--- a/infra/modules/ai-foundry/ai-services.bicep
+++ b/infra/modules/ai-foundry/ai-services.bicep
@@ -296,7 +296,7 @@ resource cognitiveService 'Microsoft.CognitiveServices/accounts@2025-04-01-previ
         ]
       : null
     // true is not supported today
-    encryption: null // Customer managed key encryption is used, but the property is required.
+    encryption: null // Customer managed key encryption is not used, but the property is required.
     migrationToken: migrationToken
     restore: restore
     restrictOutboundNetworkAccess: restrictOutboundNetworkAccess
diff --git a/infra/modules/network.bicep b/infra/modules/network.bicep
index b4e252f8..f2fb473c 100644
--- a/infra/modules/network.bicep
+++ b/infra/modules/network.bicep
@@ -22,6 +22,18 @@ param vmAdminUsername string
 @secure()
 param vmAdminPassword string
 
+@description('Required. VM size for the Jumpbox VM.')
+param vmSize string
+
+
+// VM Size Notes:
+// 1 B-series VMs (like Standard_B2ms) do not support accelerated networking.
+// 2 Pick a VM size that does support accelerated networking (the usual jump-box candidates):
+//     Standard_DS2_v2 (2 vCPU, 7 GiB RAM, Premium SSD) // The most broadly available (it’s a legacy SKU supported in virtually every region).
+//     Standard_D2s_v3 (2 vCPU, 8 GiB RAM, Premium SSD) //  next most common
+//     Standard_D2s_v4 (2 vCPU, 8 GiB RAM, Premium SSD)  // Newest, so fewer regions availabl
+
+
 // Subnet Classless Inter-Doman Routing (CIDR)  Sizing Reference Table (Best Practices)
 // | CIDR      | # of Addresses | # of /24s | Notes                                 |
 // |-----------|---------------|-----------|----------------------------------------|
@@ -124,7 +136,7 @@ module network 'network/main.bicep' = {
     }
     jumpboxConfiguration: {
       name: 'vm-jumpbox-${resourcesName}'
-      size: 'Standard_D2s_v3'
+      size: vmSize
       username: vmAdminUsername
       password: vmAdminPassword
       subnet: {