diff --git a/.github/renovate.json5 b/.github/renovate.json5
index 074b4dde2b..2ca17c5b5f 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -10,42 +10,7 @@
     "nuget",
   ],
   packageRules: [
-    {
-      groupName: "cargo minor",
-      matchManagers: ["cargo"],
-      matchUpdateTypes: ["minor"],
-    },
-    {
-      groupName: "dockerfile minor",
-      matchManagers: ["dockerfile"],
-      matchUpdateTypes: ["minor"],
-    },
-    {
-      groupName: "docker-compose minor",
-      matchManagers: ["docker-compose"],
-      matchUpdateTypes: ["minor"],
-    },
-    {
-      groupName: "github-action minor",
-      matchManagers: ["github-actions"],
-      matchUpdateTypes: ["minor"],
-      addLabels: ["hold"],
-    },
-    {
-      // For any Microsoft.Extensions.* and Microsoft.AspNetCore.* packages, we want to create PRs for patch updates.
-      // This overrides the default that ignores patch updates for nuget dependencies.
-      matchPackageNames: [
-          "/^Microsoft\\.Extensions\\./",
-          "/^Microsoft\\.AspNetCore\\./",
-      ],
-      matchUpdateTypes: ["patch"],
-      dependencyDashboardApproval: false,
-    },
-    {
-      matchPackageNames: ["https://github.com/bitwarden/sdk-internal.git"],
-      groupName: "sdk-internal",
-      dependencyDashboardApproval: true
-    },
+    // ==================== Team Ownership Rules ====================
     {
       matchManagers: ["dockerfile", "docker-compose"],
       commitMessagePrefix: "[deps] BRE:",
@@ -101,11 +66,6 @@
       commitMessagePrefix: "[deps] Billing:",
       reviewers: ["team:team-billing-dev"],
     },
-    {
-      matchPackageNames: ["/^Microsoft\\.EntityFrameworkCore\\./", "/^dotnet-ef/"],
-      groupName: "EntityFrameworkCore",
-      description: "Group EntityFrameworkCore to exclude them from the dotnet monorepo preset",
-    },
     {
       matchPackageNames: [
         "Dapper",
@@ -162,6 +122,12 @@
       commitMessagePrefix: "[deps] Platform:",
       reviewers: ["team:team-platform-dev"],
     },
+    {
+      matchUpdateTypes: ["lockFileMaintenance"],
+      description: "Platform owns lock file maintenance",
+      commitMessagePrefix: "[deps] Platform:",
+      reviewers: ["team:team-platform-dev"],
+    },
     {
       matchPackageNames: [
         "AutoMapper.Extensions.Microsoft.DependencyInjection",
@@ -191,6 +157,73 @@
       commitMessagePrefix: "[deps] Vault:",
       reviewers: ["team:team-vault-dev"],
     },
+
+    // ==================== Grouping Rules ====================
+    // These come after any specific team assignment rules to ensure
+    // that grouping is not overridden by subsequent rule definitions.
+    {
+      groupName: "cargo minor",
+      matchManagers: ["cargo"],
+      matchUpdateTypes: ["minor"],
+    },
+    {
+      groupName: "dockerfile minor",
+      matchManagers: ["dockerfile"],
+      matchUpdateTypes: ["minor"],
+    },
+    {
+      groupName: "docker-compose minor",
+      matchManagers: ["docker-compose"],
+      matchUpdateTypes: ["minor"],
+    },
+    {
+      groupName: "github-action minor",
+      matchManagers: ["github-actions"],
+      matchUpdateTypes: ["minor"],
+      addLabels: ["hold"],
+    },
+    {
+      matchPackageNames: ["/^Microsoft\\.EntityFrameworkCore\\./", "/^dotnet-ef/"],
+      groupName: "EntityFrameworkCore",
+      description: "Group EntityFrameworkCore to exclude them from the dotnet monorepo preset",
+    },
+    {
+      matchPackageNames: ["https://github.com/bitwarden/sdk-internal.git"],
+      groupName: "sdk-internal",
+      dependencyDashboardApproval: true
+    },
+
+    // ==================== Dashboard Rules ====================
+    {
+      // For any Microsoft.Extensions.* and Microsoft.AspNetCore.* packages, we want to create PRs for patch updates.
+      // This overrides the default that ignores patch updates for nuget dependencies.
+      matchPackageNames: [
+          "/^Microsoft\\.Extensions\\./",
+          "/^Microsoft\\.AspNetCore\\./",
+      ],
+      matchUpdateTypes: ["patch"],
+      dependencyDashboardApproval: false,
+    },
+    {
+      // For the Platform-owned dependencies below, we have decided we will only be creating PRs
+      // for major updates, and sending minor (as well as patch, inherited from base config) to the dashboard.
+      // This rule comes AFTER grouping rules so that groups are respected while still
+      // sending minor/patch updates to the dependency dashboard for approval.
+      matchPackageNames: [
+        "AspNetCoreRateLimit",
+        "AspNetCoreRateLimit.Redis",
+        "Azure.Data.Tables",
+        "Azure.Extensions.AspNetCore.DataProtection.Blobs",
+        "Azure.Messaging.EventGrid",
+        "Azure.Messaging.ServiceBus",
+        "Azure.Storage.Blobs",
+        "Azure.Storage.Queues",
+        "LaunchDarkly.ServerSdk",
+        "Quartz",
+      ],
+      matchUpdateTypes: ["minor"],
+      dependencyDashboardApproval: true,
+    },
   ],
   ignoreDeps: ["dotnet-sdk"],
 }