diff --git a/.github/workflows/assign-to-project.yml b/.github/workflows/assign-to-project.yml
index 6742c26..295a84b 100644
--- a/.github/workflows/assign-to-project.yml
+++ b/.github/workflows/assign-to-project.yml
@@ -22,7 +22,9 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
 
     - name: Assign Issues to Bugs
       uses: srggrs/assign-one-project-github-action@4d59cc619499b55ca689fb13cfcc72324a8b8435
diff --git a/.github/workflows/auto-assign-pr.yml b/.github/workflows/auto-assign-pr.yml
index 3231eef..d07ff17 100644
--- a/.github/workflows/auto-assign-pr.yml
+++ b/.github/workflows/auto-assign-pr.yml
@@ -15,7 +15,9 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
 
     - name: Auto Assign PR
       uses: samspills/assign-pr-to-author@b313feb250ff414d3aff26525b986f080ee7bd7a
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index 87139e1..a37a0ee 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -9,6 +9,11 @@ on:
 permissions:
   contents: read
 
+env:
+  DOTNET_NOLOGO: true                     # Disable the .NET logo in the console output
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true # Disable the .NET first time experience to skip caching NuGet packages and speed up the build
+  DOTNET_CLI_TELEMETRY_OPTOUT: true       # Disable sending .NET CLI telemetry to Microsoft
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -18,7 +23,13 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.nuget.org:443
+          dotnetbuilds.azureedge.net:443
+          dotnetcli.azureedge.net:443
+          dotnetcli.blob.core.windows.net:443
+          github.com:443
 
     - name: Checkout
       uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf
diff --git a/.github/workflows/codeql-scan.yml b/.github/workflows/codeql-scan.yml
index b419084..a0f4a05 100644
--- a/.github/workflows/codeql-scan.yml
+++ b/.github/workflows/codeql-scan.yml
@@ -15,6 +15,11 @@ on:
 permissions:  # added using https://github.com/step-security/secure-workflows
   contents: read
 
+env:
+  DOTNET_NOLOGO: true                     # Disable the .NET logo in the console output
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true # Disable the .NET first time experience to skip caching NuGet packages and speed up the build
+  DOTNET_CLI_TELEMETRY_OPTOUT: true       # Disable sending .NET CLI telemetry to Microsoft
+
 jobs:
   analyze:
     name: Analyze
@@ -34,7 +39,15 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
+          api.nuget.org:443
+          dotnetbuilds.azureedge.net:443
+          dotnetcli.azureedge.net:443
+          dotnetcli.blob.core.windows.net:443
+          github.com:443
+          uploads.github.com:443
 
     - name: Checkout repository
       uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28
diff --git a/.github/workflows/mark-stale.yml b/.github/workflows/mark-stale.yml
index ea840c8..8f6864b 100644
--- a/.github/workflows/mark-stale.yml
+++ b/.github/workflows/mark-stale.yml
@@ -19,7 +19,9 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
 
     - name: Mark Stale
       uses: actions/stale@9c1b1c6e115ca2af09755448e0dbba24e5061cc8
diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index 1d21c53..f6494fa 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -21,7 +21,9 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
 
     - uses: actions/labeler@472c5d3aaacde439785e94966eb2e545627f4935
       with:
diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml
index 766f88e..793985d 100644
--- a/.github/workflows/release-build.yml
+++ b/.github/workflows/release-build.yml
@@ -4,13 +4,16 @@ on:
   release:
     types: [published]
 
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
-
 permissions:
   contents: read
 
+env:
+  DOTNET_NOLOGO: true                     # Disable the .NET logo in the console output
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true # Disable the .NET first time experience to skip caching NuGet packages and speed up the build
+  DOTNET_CLI_TELEMETRY_OPTOUT: true       # Disable sending .NET CLI telemetry to Microsoft
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
 jobs:
   build:
     name: Test Build
@@ -20,7 +23,13 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.nuget.org:443
+          dotnetbuilds.azureedge.net:443
+          dotnetcli.azureedge.net:443
+          dotnetcli.blob.core.windows.net:443
+          github.com:443
 
     - name: Checkout
       uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf
@@ -55,7 +64,19 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            api.nuget.org:443
+            auth.docker.io:443
+            fulcio.sigstore.dev:443
+            ghcr.io:443
+            github.com:443
+            mcr.microsoft.com:443
+            pipelines.actions.githubusercontent.com:443
+            pkg-containers.githubusercontent.com:443
+            registry-1.docker.io:443
+            storage.googleapis.com:443
 
       - name: Checkout
         uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf