diff --git a/infra/deploy_ai_foundry.bicep b/infra/deploy_ai_foundry.bicep
index 328a37ea1..217c4bba7 100644
--- a/infra/deploy_ai_foundry.bicep
+++ b/infra/deploy_ai_foundry.bicep
@@ -6,7 +6,7 @@ param gptModelName string
 param gptModelVersion string
 param managedIdentityObjectId string
 param aiServicesEndpoint string
-param aiServices object
+param aiServicesKey string
 param aiServicesId string
 
 var storageName = '${solutionName}hubstorage'
@@ -133,11 +133,8 @@ resource aiHub 'Microsoft.MachineLearningServices/workspaces@2023-08-01-preview'
     properties: {
       category: 'AIServices'
       target: aiServicesEndpoint
-      authType: 'ApiKey'
+      authType: 'AAD'
       isSharedToAll: true
-      credentials: {
-        key: aiServices.Key.key1
-      }
       metadata: {
         ApiType: 'Azure'
         ResourceId: aiServicesId
@@ -159,6 +156,19 @@ resource aiHubProject 'Microsoft.MachineLearningServices/workspaces@2024-01-01-p
   }
 }
 
+resource aiDeveloper 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
+  name: '64702f94-c441-49e6-a78b-ef80e0188fee'
+}
+
+resource aiDevelopertoAIProject 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(aiHubProject.id, aiDeveloper.id)
+  scope: resourceGroup()
+  properties: {
+    roleDefinitionId: aiDeveloper.id
+    principalId: aiHubProject.identity.principalId
+  }
+}
+
 resource tenantIdEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
   parent: keyVault
   name: 'TENANT-ID'
@@ -187,7 +197,7 @@ resource azureOpenAIApiKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-pr
   parent: keyVault
   name: 'AZURE-OPENAI-KEY'
   properties: {
-    value: aiServices.Key.key1 //aiServices_m.listKeys().key1
+    value: aiServicesKey //aiServices_m.listKeys().key1
   }
 }
 
@@ -251,7 +261,7 @@ resource cogServiceKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-previe
   parent: keyVault
   name: 'COG-SERVICES-KEY'
   properties: {
-    value: aiServices.Key.key1
+    value: aiServicesKey
   }
 }
 
diff --git a/infra/main.bicep b/infra/main.bicep
index cdaf6ddda..fb912167e 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -168,7 +168,7 @@ module aifoundry 'deploy_ai_foundry.bicep' = {
     gptModelVersion: gptModelVersion
     managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId
     aiServicesEndpoint: aiServices.properties.endpoint
-    aiServices: aiServices
+    aiServicesKey: aiServices.listKeys().key1
     aiServicesId: aiServices.id
   }
   scope: resourceGroup(resourceGroup().name)
diff --git a/infra/main.json b/infra/main.json
index ccecd8751..bca17cfa1 100644
--- a/infra/main.json
+++ b/infra/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.35.1.17967",
-      "templateHash": "18228555099764132241"
+      "templateHash": "4778084734742710121"
     }
   },
   "parameters": {
@@ -712,7 +712,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.35.1.17967",
-              "templateHash": "9490638595753234802"
+              "templateHash": "14561153070486462167"
             }
           },
           "parameters": {
@@ -767,11 +767,8 @@
               "properties": {
                 "category": "AIServices",
                 "target": "[parameters('aiServicesEndpoint')]",
-                "authType": "ApiKey",
+                "authType": "AAD",
                 "isSharedToAll": true,
-                "credentials": {
-                  "key": "[parameters('aiServicesKey')]"
-                },
                 "metadata": {
                   "ApiType": "Azure",
                   "ResourceId": "[parameters('aiServicesId')]"
@@ -897,6 +894,18 @@
                 "[resourceId('Microsoft.MachineLearningServices/workspaces', variables('aiHubName'))]"
               ]
             },
+            {
+              "type": "Microsoft.Authorization/roleAssignments",
+              "apiVersion": "2022-04-01",
+              "name": "[guid(resourceId('Microsoft.MachineLearningServices/workspaces', variables('aiProjectName')), resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee'))]",
+              "properties": {
+                "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee')]",
+                "principalId": "[reference(resourceId('Microsoft.MachineLearningServices/workspaces', variables('aiProjectName')), '2024-01-01-preview', 'full').identity.principalId]"
+              },
+              "dependsOn": [
+                "[resourceId('Microsoft.MachineLearningServices/workspaces', variables('aiProjectName'))]"
+              ]
+            },
             {
               "type": "Microsoft.KeyVault/vaults/secrets",
               "apiVersion": "2021-11-01-preview",