diff --git a/src/connectedk8s/HISTORY.rst b/src/connectedk8s/HISTORY.rst
index 465bc004fa7..8516198d5d2 100644
--- a/src/connectedk8s/HISTORY.rst
+++ b/src/connectedk8s/HISTORY.rst
@@ -2,6 +2,13 @@
 
 Release History
 ===============
+1.11.0
++++++
+* [Breaking Change] Removed deprecated '--app-id' and '--app-secret' RBAC parameters from the extension.
+* Update cluster diagnostics image to comply with Pod Security Standards-Restricted level( Updated image version:1.31.2).
+* Add endpoint overrides for Azure Government cloud environments
+* Update Proxy Image to 1.3.032281
+
 1.10.11
 +++++++
 * Removed hardcoded public ARM endpoint URL for Government clouds.
diff --git a/src/connectedk8s/azext_connectedk8s/_breaking_change.py b/src/connectedk8s/azext_connectedk8s/_breaking_change.py
deleted file mode 100644
index 07672e334cf..00000000000
--- a/src/connectedk8s/azext_connectedk8s/_breaking_change.py
+++ /dev/null
@@ -1,8 +0,0 @@
-# --------------------------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for license information.
-# --------------------------------------------------------------------------------------------
-from azure.cli.core.breaking_change import register_argument_deprecate
-
-register_argument_deprecate("connectedk8s enable-features", "--app-id")
-register_argument_deprecate("connectedk8s enable-features", "--app-secret")
diff --git a/src/connectedk8s/azext_connectedk8s/_constants.py b/src/connectedk8s/azext_connectedk8s/_constants.py
index bb327ad3812..7c0292e601c 100644
--- a/src/connectedk8s/azext_connectedk8s/_constants.py
+++ b/src/connectedk8s/azext_connectedk8s/_constants.py
@@ -418,7 +418,7 @@
 
 # Connect Precheck Diagnoser constants
 Cluster_Diagnostic_Checks_Job_Registry_Path = (
-    "azurearck8s/helmchart/stable/clusterdiagnosticchecks:1.29.3"
+    "azurearck8s/helmchart/stable/clusterdiagnosticchecks:1.31.2"
 )
 Cluster_Diagnostic_Checks_Helm_Install_Failed_Fault_Type = (
     "Error while installing cluster diagnostic checks helm release"
@@ -476,7 +476,7 @@
 )
 DNS_Check_Result_String = "DNS Result:"
 AZ_CLI_ADAL_TO_MSAL_MIGRATE_VERSION = "2.30.0"
-CLIENT_PROXY_VERSION = "1.3.029301"
+CLIENT_PROXY_VERSION = "1.3.032281"
 CLIENT_PROXY_FOLDER = ".clientproxy"
 API_SERVER_PORT = 47011
 CLIENT_PROXY_PORT = 47010
diff --git a/src/connectedk8s/azext_connectedk8s/_params.py b/src/connectedk8s/azext_connectedk8s/_params.py
index 31dd29baa15..5bcd170fa46 100644
--- a/src/connectedk8s/azext_connectedk8s/_params.py
+++ b/src/connectedk8s/azext_connectedk8s/_params.py
@@ -440,20 +440,6 @@ def load_arguments(self: Connectedk8sCommandsLoader, _: CLICommand) -> None:
             options_list=["--features"],
             help="Space-separated list of features you want to enable.",
         )
-        c.argument(
-            "azrbac_client_id",
-            options_list=["--app-id"],
-            arg_group="Azure RBAC",
-            help="Application ID for enabling Azure RBAC.",
-            deprecate_info=c.deprecate(hide=True),
-        )
-        c.argument(
-            "azrbac_client_secret",
-            options_list=["--app-secret"],
-            arg_group="Azure RBAC",
-            help="Application secret for enabling Azure RBAC.",
-            deprecate_info=c.deprecate(hide=True),
-        )
         c.argument(
             "azrbac_skip_authz_check",
             options_list=["--skip-azure-rbac-list"],
diff --git a/src/connectedk8s/azext_connectedk8s/_utils.py b/src/connectedk8s/azext_connectedk8s/_utils.py
index e3268806f7b..c44c1144632 100644
--- a/src/connectedk8s/azext_connectedk8s/_utils.py
+++ b/src/connectedk8s/azext_connectedk8s/_utils.py
@@ -1315,6 +1315,7 @@ def helm_install_release(
     ]
 
     # Special configurations from 2022-09-01 ARM metadata.
+    # "dataplaneEndpoints" property does not appear in arm_metadata structure for public and AGC clouds.
     if "dataplaneEndpoints" in arm_metadata:
         if "arcConfigEndpoint" in arm_metadata["dataplaneEndpoints"]:
             notification_endpoint = arm_metadata["dataplaneEndpoints"][
@@ -1364,6 +1365,10 @@ def helm_install_release(
                 "'arcConfigEndpoint' doesn't exist under 'dataplaneEndpoints' in the ARM metadata."
             )
 
+    # Add overrides for AGC Scenario
+    if cloud_name.lower() == "ussec" or cloud_name.lower() == "usnat":
+        add_agc_endpoint_overrides(location, cloud_name, arm_metadata, cmd_helm_install)
+
     # Add helmValues content response from DP
     cmd_helm_install = parse_helm_values(helm_content_values, cmd_helm=cmd_helm_install)
 
@@ -1839,3 +1844,51 @@ def helm_update_agent(
     logger.info(str.format(consts.Update_Agent_Success, cluster_name))
     with contextlib.suppress(OSError):
         os.remove(user_values_location)
+
+
+def add_agc_endpoint_overrides(
+    location: str,
+    cloud_name: str,
+    arm_metadata: dict[str, Any],
+    cmd_helm_install: list[str],
+) -> None:
+    logger.debug("Adding AGC scenario overrides.")
+
+    arm_metadata_endpoint_array = (
+        arm_metadata["authentication"]["loginEndpoint"].strip("/").split(".")
+    )
+    if len(arm_metadata_endpoint_array) < 4:
+        raise CLIInternalError("Unexpected loginEndpoint format for AGC")
+
+    cloud_suffix = arm_metadata_endpoint_array[3]
+    endpoint_suffix = (
+        arm_metadata_endpoint_array[2] + "." + arm_metadata_endpoint_array[3]
+    )
+    if cloud_name.lower() == "usnat":
+        cloud_suffix = (
+            arm_metadata_endpoint_array[2]
+            + "."
+            + arm_metadata_endpoint_array[3]
+            + "."
+            + arm_metadata_endpoint_array[4]
+        )
+        endpoint_suffix = cloud_suffix
+
+    cmd_helm_install.extend(
+        [
+            "--set",
+            f"global.microsoftArtifactRepository=mcr.microsoft.{cloud_suffix}",
+            "--set",
+            f"systemDefaultValues.activeDirectoryEndpoint=https://login.microsoftonline.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.azureArcAgents.config_dp_endpoint_override=https://{location}.dp.kubernetesconfiguration.azure.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.clusterconnect-agent.notification_dp_endpoint_override=https://guestnotificationservice.azure.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.clusterconnect-agent.relay_endpoint_suffix_override=.servicebus.cloudapi.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.clusteridentityoperator.his_endpoint_override=https://gbl.his.arc.azure.{endpoint_suffix}/discovery?location={location}&api-version=1.1-preview",
+            "--set",
+            f"systemDefaultValues.image.repository=mcr.microsoft.{cloud_suffix}",
+        ]
+    )
diff --git a/src/connectedk8s/azext_connectedk8s/custom.py b/src/connectedk8s/azext_connectedk8s/custom.py
index d90c0c760c0..d0e399bcbb2 100644
--- a/src/connectedk8s/azext_connectedk8s/custom.py
+++ b/src/connectedk8s/azext_connectedk8s/custom.py
@@ -2975,8 +2975,6 @@ def enable_features(
     features: list[str],
     kube_config: str | None = None,
     kube_context: str | None = None,
-    azrbac_client_id: str | None = None,
-    azrbac_client_secret: str | None = None,
     azrbac_skip_authz_check: str | None = None,
     skip_ssl_verification: bool = False,
     cl_oid: str | None = None,
diff --git a/src/connectedk8s/setup.py b/src/connectedk8s/setup.py
index 2738252ec48..85b0f20e007 100644
--- a/src/connectedk8s/setup.py
+++ b/src/connectedk8s/setup.py
@@ -13,7 +13,7 @@
 # TODO: Confirm this is the right version number you want and it matches your
 # HISTORY.rst entry.
 
-VERSION = "1.10.11"
+VERSION = "1.11.0"
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers
diff --git a/src/k8s-extension/azext_k8s_extension/custom.py b/src/k8s-extension/azext_k8s_extension/custom.py
index f7626d06e58..6122ea61224 100644
--- a/src/k8s-extension/azext_k8s_extension/custom.py
+++ b/src/k8s-extension/azext_k8s_extension/custom.py
@@ -763,7 +763,7 @@ def install_helm_client(cmd: CLICommand) -> str:
             "Downloading helm client for first time. This can take few minutes..."
         )
 
-        mcr_url = utils.get_mcr_path(cmd)
+        mcr_url = utils.get_mcr_path(cmd.cli_ctx.cloud.endpoints.active_directory)
 
         client = oras.client.OrasClient(hostname=mcr_url)
         retry_count = 3
diff --git a/src/k8s-extension/azext_k8s_extension/utils.py b/src/k8s-extension/azext_k8s_extension/utils.py
index 767550ccef8..345d92f9016 100644
--- a/src/k8s-extension/azext_k8s_extension/utils.py
+++ b/src/k8s-extension/azext_k8s_extension/utils.py
@@ -361,11 +361,15 @@ def create_folder_diagnosticlogs(folder_name: str, base_folder_name: str) -> tup
         )
         return "", False
 
-def get_mcr_path(cmd: CLICommand) -> str:
-    active_directory_array = cmd.cli_ctx.cloud.endpoints.active_directory.split(".")
+def get_mcr_path(active_directory_endpoint: str) -> str:
+    active_directory_array = active_directory_endpoint.split(".")
 
-    # default for public, mc, ff clouds
-    mcr_postfix = active_directory_array[2]
+    # For US Government and China clouds, use public mcr
+    if active_directory_endpoint.endswith((".us", ".cn")):
+        return "mcr.microsoft.com"
+
+    # Default MCR postfix
+    mcr_postfix = "com"
     # special cases for USSec, exclude part of suffix
     if len(active_directory_array) == 4 and active_directory_array[2] == "microsoft":
         mcr_postfix = active_directory_array[3]