diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index d3341d94b..fdc378044 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -37,6 +37,22 @@ RUN wget -O terraform.zip https://releases.hashicorp.com/terraform/0.13.4/terraf
     && unzip ./terraform.zip -d /usr/local/bin/ \
     && rm terraform.zip
 
+# Download Terraform providers (plugins)
+# Setting the TF_PLUGIN_CACHE_DIR environment variable instructs Terraform to search that folder for plugins first
+ENV TF_PLUGIN_CACHE_DIR=/usr/lib/tf-plugins
+ARG AZURERM_LOCAL_PATH="${TF_PLUGIN_CACHE_DIR}/registry.terraform.io/hashicorp/azurerm/2.50.0/linux_amd64"
+ARG RANDOM_LOCAL_PATH="${TF_PLUGIN_CACHE_DIR}/registry.terraform.io/hashicorp/random/3.1.0/linux_amd64"
+ARG AZURERM_PROVIDER=https://releases.hashicorp.com/terraform-provider-azurerm/2.50.0/terraform-provider-azurerm_2.50.0_linux_amd64.zip
+ARG RANDOM_PROVIDER=https://releases.hashicorp.com/terraform-provider-random/3.1.0/terraform-provider-random_3.1.0_linux_amd64.zip
+RUN wget -O azurerm.zip ${AZURERM_PROVIDER} \
+    && wget -O random.zip ${RANDOM_PROVIDER} \
+    && mkdir -p ${AZURERM_LOCAL_PATH} \
+    && mkdir -p ${RANDOM_LOCAL_PATH} \
+    && unzip azurerm.zip -d ${AZURERM_LOCAL_PATH} \
+    && unzip random.zip -d ${RANDOM_LOCAL_PATH} \
+    && rm azurerm.zip \
+    && rm random.zip
+
 # Install the Microsoft package key
 RUN wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb \
     && dpkg -i packages-microsoft-prod.deb \
diff --git a/README.md b/README.md
index 1cd413c3b..778caa1c7 100644
--- a/README.md
+++ b/README.md
@@ -10,24 +10,10 @@ Terraform resources to deploy Tier 0, 1, and 2, and the components of a [SACA hu
     az login
     ```
 
-1. [Prepare the Terraform provider cache](#Prepare-the-Terraform-provider-cache)
 1. [Configure the Terraform Backend](#Configure-the-Terraform-Backend)
 1. [Set Terraform Configuration Variables](#Set-Terraform-Configuration-Variables)
 1. [Deploy Terraform Configuration](#Deploy-Terraform-Configuration)
 
-### Prepare the Terraform provider cache
-
-We source the terraform provider locally from this repository and circumvent the need to fetch it from the internet.
-
-This below script will unzip the provider from the /src/provider_archive folder and place the provider in the /src/provider_cache folder and set execute permissions for the current user.
-
-Execute `unzipprovider.sh`
-
-```bash
-chmod u+x src/provider_archive/unzipprovider.sh
-src/provider_archive/unzipprovider.sh
-```
-
 ### Configure the Terraform Backend
 
 The MLZ deployment architecture uses a single Service Principal whose credentials are stored in a central "config" Key Vault. Terraform state storage is distributed into a separate storage account for each tier. When deploying the MLZ architecture, all tiers can be deployed into a single subscription or each tier can be deployed into its own subscription.
@@ -124,6 +110,12 @@ scripts/init_terraform.sh \
   src/core/tier-1
 ```
 
+### Terraform Providers
+
+The development container definition downloads the required Terraform plugin providers during the container build so that the container can be transported to an air-gapped network for use. The container also sets the `TF_PLUGIN_CACHE_DIR` environment variable, which Terraform uses as the search location for locally installed providers. If you are not using the container to deploy or if the `TF_PLUGIN_CACHE_DIR` environment variable is not set, Terraform will automatically attempt to download the provider from the internet when you execute the `terraform init` command.
+
+See the development container [README](.devcontainer/README.md) for more details on building and running the container.
+
 ## Helpful Links
 
 For more endpoint mappings between AzureCloud and AzureUsGovernment: <https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure#guidance-for-developers/>
diff --git a/scripts/apply_terraform.sh b/scripts/apply_terraform.sh
index 943e9df39..077990c96 100755
--- a/scripts/apply_terraform.sh
+++ b/scripts/apply_terraform.sh
@@ -31,8 +31,6 @@ tfvars="${tf_dir}/${tf_name}.tfvars"
 
 auto_approve=${3:-n}
 
-plugin_dir="$(dirname "$(dirname "$(realpath "$0")")")/src/provider_cache"
-
 # check for dependencies
 . "${BASH_SOURCE%/*}/util/checkforazcli.sh"
 . "${BASH_SOURCE%/*}/util/checkforterraform.sh"
@@ -65,7 +63,6 @@ key="${mlz_env_name}${tf_name}"
 # initialize terraform in the configuration directory
 cd "${tf_dir}" || exit
 terraform init \
-   -plugin-dir="${plugin_dir}" \
    -backend-config "key=${key}" \
    -backend-config "resource_group_name=${tf_be_rg_name}" \
    -backend-config "storage_account_name=${tf_be_sa_name}" \
diff --git a/scripts/destroy_terraform.sh b/scripts/destroy_terraform.sh
index 15a4e6b94..3289987b5 100755
--- a/scripts/destroy_terraform.sh
+++ b/scripts/destroy_terraform.sh
@@ -31,8 +31,6 @@ tfvars="${tf_dir}/${tf_name}.tfvars"
 
 auto_approve=${3:-n}
 
-plugin_dir="$(dirname "$(dirname "$(realpath "$0")")")/src/provider_cache"
-
 # check for dependencies
 . "${BASH_SOURCE%/*}/util/checkforazcli.sh"
 . "${BASH_SOURCE%/*}/util/checkforterraform.sh"
@@ -65,7 +63,6 @@ key="${mlz_env_name}${tf_name}"
 # initialize terraform in the configuration directory
 cd "${tf_dir}" || exit
 terraform init \
-   -plugin-dir="${plugin_dir}" \
    -backend-config "key=${key}" \
    -backend-config "resource_group_name=${tf_be_rg_name}" \
    -backend-config "storage_account_name=${tf_be_sa_name}" \
diff --git a/scripts/init_terraform.sh b/scripts/init_terraform.sh
index 93106ce4b..2abbba346 100755
--- a/scripts/init_terraform.sh
+++ b/scripts/init_terraform.sh
@@ -24,8 +24,6 @@ tf_name=$(basename "${tf_dir}")
 
 config_vars="${tf_dir}/config.vars"
 
-plugin_dir="$(dirname "$(dirname "$(realpath "$0")")")/src/provider_cache"
-
 # check for dependencies
 . "${BASH_SOURCE%/*}/util/checkforazcli.sh"
 . "${BASH_SOURCE%/*}/util/checkforterraform.sh"
@@ -50,7 +48,6 @@ key="${mlz_env_name}${tf_name}"
 # Initialize terraform in the configuration directory
 cd "${tf_dir}" || exit
 terraform init \
-   -plugin-dir="${plugin_dir}" \
    -backend-config "key=${key}" \
    -backend-config "resource_group_name=${tf_be_rg_name}" \
    -backend-config "storage_account_name=${tf_be_sa_name}" \
diff --git a/src/core/saca-hub/main.tf b/src/core/saca-hub/main.tf
index 2e98c0890..030013f69 100644
--- a/src/core/saca-hub/main.tf
+++ b/src/core/saca-hub/main.tf
@@ -2,19 +2,10 @@
 # Licensed under the MIT License.
 terraform {
   backend "azurerm" {}
-  required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "2.45.1"
-    }
-    random = {
-      source  = "hashicorp/random"
-      version = "3.1.0"
-    }
-  }
 }
 
 provider "azurerm" {
+  version         = "~> 2.50.0"
   environment     = var.tf_environment
   metadata_host   = var.mlz_metadatahost
   tenant_id       = var.mlz_tenantid
@@ -22,7 +13,15 @@ provider "azurerm" {
   client_id       = var.mlz_clientid
   client_secret   = var.mlz_clientsecret
 
-  features {}
+  features {
+    log_analytics_workspace {
+      permanently_delete_on_destroy = true
+    }
+  }
+}
+
+provider "random" {
+  version = "3.1.0"
 }
 
 resource "azurerm_resource_group" "hub" {
diff --git a/src/core/tier-0/main.tf b/src/core/tier-0/main.tf
index f3f5af14b..201c7e2a2 100644
--- a/src/core/tier-0/main.tf
+++ b/src/core/tier-0/main.tf
@@ -2,19 +2,10 @@
 # Licensed under the MIT License.
 terraform {
   backend "azurerm" {}
-  required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "2.45.1"
-    }
-    random = {
-      source  = "hashicorp/random"
-      version = "3.1.0"
-    }
-  }
 }
 
 provider "azurerm" {
+  version         = "~> 2.50.0"
   environment     = var.tf_environment
   metadata_host   = var.mlz_metadatahost
   tenant_id       = var.mlz_tenantid
@@ -26,6 +17,7 @@ provider "azurerm" {
 }
 
 provider "azurerm" {
+  version         = "~> 2.50.0"
   alias           = "hub"
   environment     = var.tf_environment
   metadata_host   = var.mlz_metadatahost
@@ -37,6 +29,10 @@ provider "azurerm" {
   features {}
 }
 
+provider "random" {
+  version = "3.1.0"
+}
+
 data "azurerm_resource_group" "hub" {
   provider = azurerm.hub
   name     = var.saca_rgname
diff --git a/src/core/tier-1/main.tf b/src/core/tier-1/main.tf
index 1736ca873..08b34dd8e 100644
--- a/src/core/tier-1/main.tf
+++ b/src/core/tier-1/main.tf
@@ -2,19 +2,10 @@
 # Licensed under the MIT License.
 terraform {
   backend "azurerm" {}
-  required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "2.45.1"
-    }
-    random = {
-      source  = "hashicorp/random"
-      version = "3.1.0"
-    }
-  }
 }
 
 provider "azurerm" {
+  version         = "~> 2.50.0"
   environment     = var.tf_environment
   metadata_host   = var.mlz_metadatahost
   tenant_id       = var.mlz_tenantid
@@ -26,6 +17,7 @@ provider "azurerm" {
 }
 
 provider "azurerm" {
+  version         = "~> 2.50.0"
   alias           = "hub"
   environment     = var.tf_environment
   metadata_host   = var.mlz_metadatahost
@@ -37,6 +29,10 @@ provider "azurerm" {
   features {}
 }
 
+provider "random" {
+  version = "3.1.0"
+}
+
 data "azurerm_resource_group" "hub" {
   provider = azurerm.hub
   name     = var.saca_rgname
diff --git a/src/core/tier-2/main.tf b/src/core/tier-2/main.tf
index fbb05cb00..be08aa997 100644
--- a/src/core/tier-2/main.tf
+++ b/src/core/tier-2/main.tf
@@ -2,15 +2,10 @@
 # Licensed under the MIT License.
 terraform {
   backend "azurerm" {}
-  required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "2.45.1"
-    }
-  }
 }
 
 provider "azurerm" {
+  version         = "~> 2.50.0"
   environment     = var.tf_environment
   metadata_host   = var.mlz_metadatahost
   tenant_id       = var.mlz_tenantid
@@ -22,6 +17,7 @@ provider "azurerm" {
 }
 
 provider "azurerm" {
+  version         = "~> 2.50.0"
   alias           = "hub"
   environment     = var.tf_environment
   metadata_host   = var.mlz_metadatahost
@@ -33,6 +29,10 @@ provider "azurerm" {
   features {}
 }
 
+provider "random" {
+  version = "3.1.0"
+}
+
 data "azurerm_resource_group" "hub" {
   provider = azurerm.hub
   name     = var.saca_rgname
diff --git a/src/provider_archive/terraform-provider-azurerm_2.45.1_linux_amd64.zip b/src/provider_archive/terraform-provider-azurerm_2.45.1_linux_amd64.zip
deleted file mode 100644
index 5d4e12083..000000000
Binary files a/src/provider_archive/terraform-provider-azurerm_2.45.1_linux_amd64.zip and /dev/null differ
diff --git a/src/provider_archive/terraform-provider-random_3.1.0_linux_amd64.zip b/src/provider_archive/terraform-provider-random_3.1.0_linux_amd64.zip
deleted file mode 100644
index b655d6609..000000000
Binary files a/src/provider_archive/terraform-provider-random_3.1.0_linux_amd64.zip and /dev/null differ
diff --git a/src/provider_archive/unzipprovider.sh b/src/provider_archive/unzipprovider.sh
deleted file mode 100755
index 92234b852..000000000
--- a/src/provider_archive/unzipprovider.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# Copyright (c) Microsoft Corporation.
-# Licensed under the MIT License.
-#
-# Unzips the terraform providers into the provider_cache directory
-# then sets it to executable
-
-parentdir="$(dirname "$(realpath "${BASH_SOURCE%/*}")")"
-
-src_azurerm="${BASH_SOURCE%/*}/terraform-provider-azurerm_2.45.1_linux_amd64.zip"
-azurerm_filename=$(unzip -Z -1 "${src_azurerm}")
-dest_azurerm="${parentdir}/provider_cache/registry.terraform.io/hashicorp/azurerm/2.45.1/linux_amd64/"
-unzip -o -d "$dest_azurerm" "$src_azurerm"
-chmod u+x "${dest_azurerm}/${azurerm_filename}"
-
-src_random="${BASH_SOURCE%/*}/terraform-provider-random_3.1.0_linux_amd64.zip"
-random_filename=$(unzip -Z -1 "${src_random}")
-dest_random="${parentdir}/provider_cache/registry.terraform.io/hashicorp/random/3.1.0/linux_amd64/"
-unzip -o -d "$dest_random" "$src_random"
-chmod u+x "${dest_random}/${random_filename}"
diff --git a/src/provider_cache/registry.terraform.io/hashicorp/azurerm/2.45.1/linux_amd64/terraform-provider.md b/src/provider_cache/registry.terraform.io/hashicorp/azurerm/2.45.1/linux_amd64/terraform-provider.md
deleted file mode 100644
index da5089128..000000000
--- a/src/provider_cache/registry.terraform.io/hashicorp/azurerm/2.45.1/linux_amd64/terraform-provider.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Provider prep instructions
-
-1. Unzip the provider from the /src/provider_archive folder and place unzipped file in this folder
-
-2. and run the command below:
-
-    chmod +x <name_of_provider_file>
diff --git a/src/provider_cache/registry.terraform.io/hashicorp/random/3.1.0/linux_amd64/terraform-provider.md b/src/provider_cache/registry.terraform.io/hashicorp/random/3.1.0/linux_amd64/terraform-provider.md
deleted file mode 100644
index da5089128..000000000
--- a/src/provider_cache/registry.terraform.io/hashicorp/random/3.1.0/linux_amd64/terraform-provider.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Provider prep instructions
-
-1. Unzip the provider from the /src/provider_archive folder and place unzipped file in this folder
-
-2. and run the command below:
-
-    chmod +x <name_of_provider_file>