diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f3cc279a58..1adb6a8a1a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -263,14 +263,14 @@ jobs:
 
       - name: Scan Docker image
         id: container-scan
-        uses: anchore/scan-action@3c9a191a0fbab285ca6b8530b5de5a642cba332f # v7.2.2
+        uses: anchore/scan-action@62b74fb7bb810d2c45b1865f47a77655621862a5 # v7.2.3
         with:
           image: ${{ steps.image-tags.outputs.primary_tag }}
           fail-build: false
           output-format: sarif
 
       - name: Upload Grype results to GitHub
-        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
         with:
           sarif_file: ${{ steps.container-scan.outputs.sarif }}
           sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
diff --git a/Directory.Build.props b/Directory.Build.props
index e7a8422605..c4c7f342fa 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
 
-    <Version>2026.1.0</Version>
+    <Version>2026.1.1</Version>
 
     <RootNamespace>Bit.$(MSBuildProjectName)</RootNamespace>
     <ImplicitUsings>enable</ImplicitUsings>
diff --git a/src/Billing/Services/Implementations/StripeEventService.cs b/src/Billing/Services/Implementations/StripeEventService.cs
index 03ca8eeb10..03865b48fe 100644
--- a/src/Billing/Services/Implementations/StripeEventService.cs
+++ b/src/Billing/Services/Implementations/StripeEventService.cs
@@ -9,6 +9,7 @@ namespace Bit.Billing.Services.Implementations;
 
 public class StripeEventService(
     GlobalSettings globalSettings,
+    ILogger<StripeEventService> logger,
     IOrganizationRepository organizationRepository,
     IProviderRepository providerRepository,
     ISetupIntentCache setupIntentCache,
@@ -148,26 +149,36 @@ public class StripeEventService(
         {
             var setupIntent = await GetSetupIntent(localStripeEvent);
 
+            logger.LogInformation("Extracted Setup Intent ({SetupIntentId}) from Stripe 'setup_intent.succeeded' event", setupIntent.Id);
+
             var subscriberId = await setupIntentCache.GetSubscriberIdForSetupIntent(setupIntent.Id);
+
+            logger.LogInformation("Retrieved subscriber ID ({SubscriberId}) from cache for Setup Intent ({SetupIntentId})", subscriberId, setupIntent.Id);
+
             if (subscriberId == null)
             {
+                logger.LogError("Cached subscriber ID for Setup Intent ({SetupIntentId}) is null", setupIntent.Id);
                 return null;
             }
 
             var organization = await organizationRepository.GetByIdAsync(subscriberId.Value);
+            logger.LogInformation("Retrieved organization ({OrganizationId}) via subscriber ID for Setup Intent ({SetupIntentId})", organization?.Id, setupIntent.Id);
             if (organization is { GatewayCustomerId: not null })
             {
                 var organizationCustomer = await stripeFacade.GetCustomer(organization.GatewayCustomerId);
+                logger.LogInformation("Retrieved customer ({CustomerId}) via organization ID for Setup Intent ({SetupIntentId})", organization.Id, setupIntent.Id);
                 return organizationCustomer.Metadata;
             }
 
             var provider = await providerRepository.GetByIdAsync(subscriberId.Value);
+            logger.LogInformation("Retrieved provider ({ProviderId}) via subscriber ID for Setup Intent ({SetupIntentId})", provider?.Id, setupIntent.Id);
             if (provider is not { GatewayCustomerId: not null })
             {
                 return null;
             }
 
             var providerCustomer = await stripeFacade.GetCustomer(provider.GatewayCustomerId);
+            logger.LogInformation("Retrieved customer ({CustomerId}) via provider ID for Setup Intent ({SetupIntentId})", provider.Id, setupIntent.Id);
             return providerCustomer.Metadata;
         }
     }
diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/AutomaticUserConfirmationPolicyRequirement.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/AutomaticUserConfirmationPolicyRequirement.cs
index 3430f33a77..9b6cf86257 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/AutomaticUserConfirmationPolicyRequirement.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/AutomaticUserConfirmationPolicyRequirement.cs
@@ -19,7 +19,7 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements
 /// <param name="policyDetails">Collection of policy details that apply to this user id</param>
 public class AutomaticUserConfirmationPolicyRequirement(IEnumerable<PolicyDetails> policyDetails) : IPolicyRequirement
 {
-    public bool CannotBeGrantedEmergencyAccess() => policyDetails.Any();
+    public bool CannotHaveEmergencyAccess() => policyDetails.Any();
 
     public bool CannotJoinProvider() => policyDetails.Any();
 
diff --git a/src/Core/Billing/Caches/Implementations/SetupIntentDistributedCache.cs b/src/Core/Billing/Caches/Implementations/SetupIntentDistributedCache.cs
index 8833c928fe..514898e53c 100644
--- a/src/Core/Billing/Caches/Implementations/SetupIntentDistributedCache.cs
+++ b/src/Core/Billing/Caches/Implementations/SetupIntentDistributedCache.cs
@@ -1,11 +1,13 @@
 using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
 
 namespace Bit.Core.Billing.Caches.Implementations;
 
 public class SetupIntentDistributedCache(
     [FromKeyedServices("persistent")]
-    IDistributedCache distributedCache) : ISetupIntentCache
+    IDistributedCache distributedCache,
+    ILogger<SetupIntentDistributedCache> logger) : ISetupIntentCache
 {
     public async Task<string?> GetSetupIntentIdForSubscriber(Guid subscriberId)
     {
@@ -17,11 +19,12 @@ public class SetupIntentDistributedCache(
     {
         var cacheKey = GetCacheKeyBySetupIntentId(setupIntentId);
         var value = await distributedCache.GetStringAsync(cacheKey);
-        if (string.IsNullOrEmpty(value) || !Guid.TryParse(value, out var subscriberId))
+        if (!string.IsNullOrEmpty(value) && Guid.TryParse(value, out var subscriberId))
         {
-            return null;
+            return subscriberId;
         }
-        return subscriberId;
+        logger.LogError("Subscriber ID value ({Value}) cached for Setup Intent ({SetupIntentId}) is null or not a valid Guid", value, setupIntentId);
+        return null;
     }
 
     public async Task RemoveSetupIntentForSubscriber(Guid subscriberId)
diff --git a/src/Core/Billing/Payment/Commands/UpdatePaymentMethodCommand.cs b/src/Core/Billing/Payment/Commands/UpdatePaymentMethodCommand.cs
index a5a9e3e9c9..2166c4318c 100644
--- a/src/Core/Billing/Payment/Commands/UpdatePaymentMethodCommand.cs
+++ b/src/Core/Billing/Payment/Commands/UpdatePaymentMethodCommand.cs
@@ -94,6 +94,8 @@ public class UpdatePaymentMethodCommand(
 
         await setupIntentCache.Set(subscriber.Id, setupIntent.Id);
 
+        _logger.LogInformation("{Command}: Successfully cached Setup Intent ({SetupIntentId}) for subscriber ({SubscriberID})", CommandName, setupIntent.Id, subscriber.Id);
+
         await UnlinkBraintreeCustomerAsync(customer);
 
         return MaskedPaymentMethod.From(setupIntent);
diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs
index 356bbc58b9..56c26ba8c7 100644
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -149,6 +149,7 @@ public static class FeatureFlagKeys
     public const string DesktopMigrationMilestone1 = "desktop-ui-migration-milestone-1";
     public const string DesktopMigrationMilestone2 = "desktop-ui-migration-milestone-2";
     public const string DesktopMigrationMilestone3 = "desktop-ui-migration-milestone-3";
+    public const string DesktopMigrationMilestone4 = "desktop-ui-migration-milestone-4";
 
     /* Auth Team */
     public const string TwoFactorExtensionDataPersistence = "pm-9115-two-factor-extension-data-persistence";
diff --git a/src/Icons/Icons.csproj b/src/Icons/Icons.csproj
index 97e9562183..9dc39eab1e 100644
--- a/src/Icons/Icons.csproj
+++ b/src/Icons/Icons.csproj
@@ -9,7 +9,7 @@
 
   <PropertyGroup Condition=" '$(RunConfiguration)' == 'Icons' " />
   <ItemGroup>
-    <PackageReference Include="AngleSharp" Version="1.2.0" />
+    <PackageReference Include="AngleSharp" Version="1.4.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/test/Billing.Test/Services/StripeEventServiceTests.cs b/test/Billing.Test/Services/StripeEventServiceTests.cs
index 68aeab2f44..c438ef663c 100644
--- a/test/Billing.Test/Services/StripeEventServiceTests.cs
+++ b/test/Billing.Test/Services/StripeEventServiceTests.cs
@@ -4,6 +4,7 @@ using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Billing.Caches;
 using Bit.Core.Repositories;
 using Bit.Core.Settings;
+using Microsoft.Extensions.Logging;
 using NSubstitute;
 using Stripe;
 using Xunit;
@@ -28,7 +29,13 @@ public class StripeEventServiceTests
         _providerRepository = Substitute.For<IProviderRepository>();
         _setupIntentCache = Substitute.For<ISetupIntentCache>();
         _stripeFacade = Substitute.For<IStripeFacade>();
-        _stripeEventService = new StripeEventService(globalSettings, _organizationRepository, _providerRepository, _setupIntentCache, _stripeFacade);
+        _stripeEventService = new StripeEventService(
+            globalSettings,
+            Substitute.For<ILogger<StripeEventService>>(),
+            _organizationRepository,
+            _providerRepository,
+            _setupIntentCache,
+            _stripeFacade);
     }
 
     #region GetCharge