diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml
index f49e14e9..ce50555b 100644
--- a/roles/baseline/defaults/main.yml
+++ b/roles/baseline/defaults/main.yml
@@ -122,7 +122,6 @@ CSI_DRIVER_NFS_CHART_VERSION: 4.11.0
 CSI_DRIVER_NFS_CONFIG:
   driver:
     mountPermissions: "0777"
-    fsGroupPolicy: ReadWriteOnceWithFSType
   storageClass:
     create: true
     name: sas
diff --git a/roles/baseline/tasks/nfs-csi-provisioner.yaml b/roles/baseline/tasks/nfs-csi-provisioner.yaml
index ec501f82..5b322f5e 100644
--- a/roles/baseline/tasks/nfs-csi-provisioner.yaml
+++ b/roles/baseline/tasks/nfs-csi-provisioner.yaml
@@ -139,6 +139,21 @@
     - install
     - update
 
+# Patch the fsGroupPolicy in the CSIDriver after Helm install
+- name: Patch fsGroupPolicy in CSIDriver to ReadWriteOnceWithFSType
+  kubernetes.core.k8s:
+    api_version: storage.k8s.io/v1
+    kind: CSIDriver
+    name: nfs.csi.k8s.io
+    kubeconfig: "{{ KUBECONFIG }}"
+    merge_type: merge
+    definition:
+      spec:
+        fsGroupPolicy: ReadWriteOnceWithFSType
+  tags:
+    - install
+    - update
+
 # Create csi-driver-nfs-pg-storage StorageClass for non-AWS/Azure providers
 - name: Create csi-driver-nfs-pg-storage storageClass
   when: