diff --git a/content/master/guides/disabling-unused-managed-resources.md b/content/master/guides/disabling-unused-managed-resources.md
index 5a720b0a..3beb04a2 100644
--- a/content/master/guides/disabling-unused-managed-resources.md
+++ b/content/master/guides/disabling-unused-managed-resources.md
@@ -124,7 +124,7 @@ kubectl get mrds -o jsonpath='{.items[*].spec.state}' \
 Notice that Crossplane didn't create any CRDs yet:
 
 ```shell
-kubectl get crds | grep ec2.aws.crossplane.io
+kubectl get crds | grep ec2.aws.m.crossplane.io
 # No output - CRDs don't exist until MRDs are activated
 ```
 
@@ -140,9 +140,9 @@ metadata:
   name: my-app-resources
 spec:
   activate:
-  - instances.ec2.aws.crossplane.io        # EC2 instances for compute
-  - securitygroups.ec2.aws.crossplane.io   # Security groups for networking
-  - vpcs.ec2.aws.crossplane.io             # VPCs for isolation
+  - instances.ec2.aws.m.crossplane.io        # EC2 instances for compute
+  - securitygroups.ec2.aws.m.crossplane.io   # Security groups for networking
+  - vpcs.ec2.aws.m.crossplane.io             # VPCs for isolation
 ```
 
 Save this as `activation-policy.yaml` and apply it:
@@ -162,18 +162,18 @@ Check that Crossplane activated only the specified resources:
 kubectl get mrds \
   -o jsonpath='{range .items[*]}{.metadata.name}: {.spec.state}{"\n"}{end}' \
   | grep Active
-# instances.ec2.aws.crossplane.io: Active
-# securitygroups.ec2.aws.crossplane.io: Active
-# vpcs.ec2.aws.crossplane.io: Active
+# instances.ec2.aws.m.crossplane.io: Active
+# securitygroups.ec2.aws.m.crossplane.io: Active
+# vpcs.ec2.aws.m.crossplane.io: Active
 
 # Verify Crossplane created corresponding CRDs
-kubectl get crds | grep ec2.aws.crossplane.io
-# instances.ec2.aws.crossplane.io
-# securitygroups.ec2.aws.crossplane.io
-# vpcs.ec2.aws.crossplane.io
+kubectl get crds | grep ec2.aws.m.crossplane.io
+# instances.ec2.aws.m.crossplane.io
+# securitygroups.ec2.aws.m.crossplane.io
+# vpcs.ec2.aws.m.crossplane.io
 
 # Count CRDs from EC2 provider - should match activated MRDs
-kubectl get crds | grep ec2.aws.crossplane.io | wc -l
+kubectl get crds | grep ec2.aws.m.crossplane.io | wc -l
 # 3 (only the activated resources)
 ```
 
diff --git a/content/master/guides/implementing-safe-start.md b/content/master/guides/implementing-safe-start.md
index d3f52c73..b8c36a21 100644
--- a/content/master/guides/implementing-safe-start.md
+++ b/content/master/guides/implementing-safe-start.md
@@ -181,7 +181,7 @@ kubectl get mrds
 # All should show STATE: Inactive
 
 # No CRDs should exist yet
-kubectl get crds | grep yourprovider.io
+kubectl get crds | grep yourprovider.m.crossplane.io
 # Should return no results
 
 # Create activation policy
@@ -192,15 +192,15 @@ metadata:
   name: test-activation
 spec:
   activate:
-  - "myresource.yourprovider.io"
+  - "myresource.yourprovider.m.crossplane.io"
 EOF
 
 # Verify activation worked
-kubectl get mrd myresource.yourprovider.io
+kubectl get mrd myresource.yourprovider.m.crossplane.io
 # Should show STATE: Active
 
 # CRD should now exist
-kubectl get crd myresource.yourprovider.io
+kubectl get crd myresource.yourprovider.m.crossplane.io
 ```
 
 ## Troubleshooting
diff --git a/content/master/managed-resources/managed-resource-activation-policies.md b/content/master/managed-resources/managed-resource-activation-policies.md
index 1bc2d246..0d15583b 100644
--- a/content/master/managed-resources/managed-resource-activation-policies.md
+++ b/content/master/managed-resources/managed-resource-activation-policies.md
@@ -54,9 +54,9 @@ metadata:
   name: aws-core-resources
 spec:
   activate:
-  - buckets.s3.aws.crossplane.io
-  - instances.rds.aws.crossplane.io
-  - "*.ec2.aws.crossplane.io"  # All EC2 resources
+  - buckets.s3.aws.m.crossplane.io      # Modern v2 style S3 buckets
+  - instances.rds.aws.m.crossplane.io   # Modern v2 style RDS instances
+  - "*.ec2.aws.m.crossplane.io"         # All modern v2 style EC2 resources
 ```
 
 When you apply this MRAP, Crossplane activates the specified S3 Bucket, RDS
@@ -80,9 +80,9 @@ Specify complete MRD names for precise control:
 ```yaml
 spec:
   activate:
-  - buckets.s3.aws.crossplane.io
-  - databases.rds.aws.crossplane.io
-  - clusters.eks.aws.crossplane.io
+  - buckets.s3.aws.m.crossplane.io
+  - databases.rds.aws.m.crossplane.io
+  - clusters.eks.aws.m.crossplane.io
 ```
 
 ### Wildcard patterns
@@ -92,15 +92,15 @@ Use `*` wildcards to match multiple resources:
 ```yaml
 spec:
   activate:
-  - "*.s3.aws.crossplane.io"      # All S3 resources
-  - "*.ec2.aws.crossplane.io"     # All EC2 resources  
-  - "*.rds.aws.crossplane.io"        # All RDS databases
+  - "*.s3.aws.m.crossplane.io"      # All S3 resources
+  - "*.ec2.aws.m.crossplane.io"     # All EC2 resources  
+  - "*.rds.aws.m.crossplane.io"     # All RDS databases
 ```
 
 {{<hint "important">}}
 MRAPs use prefix-only wildcards, not full regular expressions. Only `*` at
-the beginning of a pattern works (for example, `*.s3.aws.crossplane.io`).
-Patterns like `s3.*.aws.crossplane.io` or `*.s3.*` aren't valid.
+the beginning of a pattern works (for example, `*.s3.aws.m.crossplane.io`).
+Patterns like `s3.*.aws.m.crossplane.io` or `*.s3.*` aren't valid.
 {{</hint>}}
 
 {{<hint "tip">}}
@@ -108,12 +108,54 @@ You can mix exact names and wildcards for flexible activation:
 ```yaml
 spec:
   activate:
-  - buckets.s3.aws.crossplane.io        # Exact S3 buckets
-  - "*.ec2.aws.crossplane.io"           # All EC2 resources
-  - clusters.eks.aws.crossplane.io      # Exact EKS clusters
+  - buckets.s3.aws.m.crossplane.io        # Exact S3 buckets
+  - "*.ec2.aws.m.crossplane.io"           # All EC2 resources
+  - clusters.eks.aws.m.crossplane.io      # Exact EKS clusters
 ```
 {{</hint>}}
 
+## Legacy and modern resource versions
+
+Crossplane v2 supports two styles of managed resources:
+
+- **Modern v2 style** (recommended): Use `*.m.crossplane.io` domains for
+  namespaced managed resources with better isolation and security
+- **Legacy v1 style**: Use `*.crossplane.io` domains for cluster-scoped
+  managed resources (maintained for backward compatibility)
+
+### Activating modern resources
+
+Most examples in this guide use modern v2 style resources:
+
+```yaml
+spec:
+  activate:
+  - buckets.s3.aws.m.crossplane.io         # Modern v2 S3 bucket
+  - "*.ec2.aws.m.crossplane.io"            # All modern v2 EC2 resources
+```
+
+### Activating legacy resources
+
+To activate legacy v1 style resources, use patterns without `.m`:
+
+```yaml
+spec:
+  activate:
+  - buckets.s3.aws.crossplane.io           # Legacy v1 S3 bucket
+  - "*.ec2.aws.crossplane.io"              # All legacy v1 EC2 resources
+```
+
+### Mixed activation
+
+You can activate both modern and legacy resources in the same MRAP:
+
+```yaml
+spec:
+  activate:
+  - "*.aws.m.crossplane.io"                # All modern AWS resources
+  - "*.aws.crossplane.io"                  # All legacy AWS resources
+```
+
 ## Common activation strategies
 
 ### Activate everything (default behavior)
@@ -140,7 +182,7 @@ helm install crossplane crossplane-stable/crossplane \
 # Or provide custom default activations
 helm install crossplane crossplane-stable/crossplane \
   --set provider.defaultActivations={\
-    "*.s3.aws.crossplane.io","*.ec2.aws.crossplane.io"}
+    "*.s3.aws.m.crossplane.io","*.ec2.aws.m.crossplane.io"}
 ```
 
 ### Provider-specific activation
@@ -169,10 +211,10 @@ metadata:
   name: storage-and-compute
 spec:
   activate:
-  - "*.s3.aws.crossplane.io"           # AWS S3 resources
-  - "*.ec2.aws.crossplane.io"          # AWS EC2 resources
-  - "*.storage.gcp.crossplane.io"      # GCP Storage resources
-  - "*.compute.gcp.crossplane.io"      # GCP Compute resources
+  - "*.s3.aws.m.crossplane.io"         # AWS S3 resources
+  - "*.ec2.aws.m.crossplane.io"        # AWS EC2 resources
+  - "*.storage.gcp.m.crossplane.io"    # GCP Storage resources
+  - "*.compute.gcp.m.crossplane.io"    # GCP Compute resources
 ```
 
 ### Minimal activation
@@ -186,9 +228,9 @@ metadata:
   name: minimal-footprint
 spec:
   activate:
-  - buckets.s3.aws.crossplane.io       # Just S3 buckets
-  - instances.ec2.aws.crossplane.io    # Just EC2 instances
-  - databases.rds.aws.crossplane.io    # Just RDS databases
+  - buckets.s3.aws.m.crossplane.io       # Just S3 buckets
+  - instances.ec2.aws.m.crossplane.io    # Just EC2 instances
+  - databases.rds.aws.m.crossplane.io    # Just RDS databases
 ```
 
 <!-- vale Google.Headings = NO -->
@@ -212,8 +254,8 @@ metadata:
   name: storage-team
 spec:
   activate:
-  - "*.s3.aws.crossplane.io"
-  - "*.storage.gcp.crossplane.io"
+  - "*.s3.aws.m.crossplane.io"
+  - "*.storage.gcp.m.crossplane.io"
 ---
 # Database team MRAP  
 apiVersion: apiextensions.crossplane.io/v1alpha1
@@ -222,8 +264,8 @@ metadata:
   name: database-team
 spec:
   activate:
-  - "*.rds.aws.crossplane.io"
-  - "*.sql.gcp.crossplane.io"
+  - "*.rds.aws.m.crossplane.io"
+  - "*.sql.gcp.m.crossplane.io"
 ```
 
 ### Configuration package activation
@@ -238,10 +280,10 @@ metadata:
   name: web-platform-dependencies
 spec:
   activate:
-  - buckets.s3.aws.crossplane.io       # For static assets
-  - instances.ec2.aws.crossplane.io    # For web servers
-  - databases.rds.aws.crossplane.io    # For application data
-  - certificates.acm.aws.crossplane.io # For HTTPS
+  - buckets.s3.aws.m.crossplane.io       # For static assets
+  - instances.ec2.aws.m.crossplane.io    # For web servers
+  - databases.rds.aws.m.crossplane.io    # For application data
+  - certificates.acm.aws.m.crossplane.io # For HTTPS
 ```
 
 <!-- vale Google.Headings = NO -->
@@ -291,12 +333,12 @@ status:
     status: "True"
     reason: Running
   activated:
-  - buckets.s3.aws.crossplane.io
-  - instances.ec2.aws.crossplane.io  
-  - instances.rds.aws.crossplane.io
-  - securitygroups.ec2.aws.crossplane.io
-  - subnets.ec2.aws.crossplane.io
-  - vpcs.ec2.aws.crossplane.io
+  - buckets.s3.aws.m.crossplane.io
+  - instances.ec2.aws.m.crossplane.io  
+  - instances.rds.aws.m.crossplane.io
+  - securitygroups.ec2.aws.m.crossplane.io
+  - subnets.ec2.aws.m.crossplane.io
+  - vpcs.ec2.aws.m.crossplane.io
 ```
 
 <!-- vale Google.Headings = NO -->
@@ -407,7 +449,7 @@ package dependencies.
    add wildcards only when beneficial for maintainability
 2. **Plan for provider evolution** - Design wildcard patterns that
    accommodate new resources as providers add them (for example,
-   `*.s3.aws.crossplane.io` works for future S3 resources)
+   `*.s3.aws.m.crossplane.io` works for future S3 resources)
 3. **Group related resources logically** - Create MRAPs that activate
    resources teams actually use together
 4. **Include activation dependencies in Configuration packages** -
diff --git a/content/master/managed-resources/managed-resource-definitions.md b/content/master/managed-resources/managed-resource-definitions.md
index 7f868fa3..248a9b52 100644
--- a/content/master/managed-resources/managed-resource-definitions.md
+++ b/content/master/managed-resources/managed-resource-definitions.md
@@ -63,9 +63,9 @@ managing instances of that resource.
 apiVersion: apiextensions.crossplane.io/v1alpha1
 kind: ManagedResourceDefinition
 metadata:
-  name: buckets.s3.aws.crossplane.io
+  name: buckets.s3.aws.m.crossplane.io
 spec:
-  group: s3.aws.crossplane.io
+  group: s3.aws.m.crossplane.io
   names:
     kind: Bucket
     plural: buckets
@@ -197,7 +197,7 @@ kubectl get managedresourcedefinitions
 View MRD details:
 
 ```shell
-kubectl describe mrd buckets.s3.aws.crossplane.io
+kubectl describe mrd buckets.s3.aws.m.crossplane.io
 ```
 
 <!-- vale Google.Headings = NO -->
@@ -238,7 +238,7 @@ status:
 You can manually activate an MRD by changing its state:
 
 ```shell
-kubectl patch mrd buckets.s3.aws.crossplane.io --type='merge' \
+kubectl patch mrd buckets.s3.aws.m.crossplane.io --type='merge' \
   -p='{"spec":{"state":"Active"}}'
 ```