diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 50893eb73..bb4398880 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -34,8 +34,8 @@ post:
   - func: "upload-mo-artifacts"
   - func: "cleanup"
 
-# Cause a timeout if a task does not complete within 90 minutes. TODO RUST-1721: reduce this.
-exec_timeout_secs: 5400
+# Cause a timeout if a task does not complete within 150 minutes. TODO RUST-1721: reduce this.
+exec_timeout_secs: 9000
 # What to do if the timeout is hit. Post-task functions will still run.
 timeout:
   - command: shell.exec
@@ -324,12 +324,14 @@ buildvariants:
       - test-plain-auth
 
   - name: serverless
-    # TODO RUST-1745: Enable this build variant when the serverless issues are fixed.
-    disable: true
     patchable: false
     display_name: "Serverless"
     run_on:
-      - rhel87-small
+      - rhel80-small
+    expansions:
+      LIBMONGOCRYPT_OS: rhel-80-64-bit
+      AUTH: auth
+      SSL: ssl
     tasks:
       - serverless-task-group
 
@@ -381,16 +383,6 @@ buildvariants:
     tasks:
       - test-in-use-encryption-openssl
 
-  - name: in-use-encryption-serverless
-    # TODO RUST-1745: Enable this build variant when the serverless issues are fixed.
-    disable: true
-    patchable: false
-    display_name: In-Use Encryption (Serverless)
-    run_on:
-      - rhel87-small
-    tasks:
-      - test-in-use-encryption-serverless
-
   - name: load-balancer
     display_name: "Load Balancer"
     run_on:
@@ -414,6 +406,7 @@ task_groups:
       - func: "init test-results"
       - func: "make files executable"
       - func: "install rust"
+      - func: "install junit dependencies"
       - command: shell.exec
         params:
           shell: "bash"
@@ -445,6 +438,7 @@ task_groups:
 
     tasks:
       - "test-serverless"
+      - "test-in-use-encryption-serverless"
 
   - name: azure-kms-task-group
     setup_group_can_fail_task: true
@@ -1652,9 +1646,9 @@ functions:
       params:
         working_dir: src
         shell: bash
+        add_expansions_to_env: true
         script: |
           ${PREPARE_SHELL}
-          ${PREPARE_CSFLE}
 
           # Exported without xtrace to avoid leaking credentials
           set +o xtrace
diff --git a/src/db.rs b/src/db.rs
index 9fb870584..2fbbcf2ff 100644
--- a/src/db.rs
+++ b/src/db.rs
@@ -394,6 +394,7 @@ impl Database {
         };
         const SERVER_7_0_0_WIRE_VERSION: i32 = 21;
         match max_wire {
+            None => (),
             Some(v) if v >= SERVER_7_0_0_WIRE_VERSION => (),
             _ => {
                 return Err(ErrorKind::IncompatibleServer {
diff --git a/src/test/csfle.rs b/src/test/csfle.rs
index c1d7b6a37..2176248b4 100644
--- a/src/test/csfle.rs
+++ b/src/test/csfle.rs
@@ -67,7 +67,6 @@ use super::{
     FailPointMode,
     TestClient,
     CLIENT_OPTIONS,
-    SERVERLESS,
 };
 
 type Result<T> = anyhow::Result<T>;
@@ -2039,10 +2038,6 @@ async fn kms_tls_options() -> Result<()> {
 }
 
 async fn fle2v2_ok(name: &str) -> bool {
-    if *SERVERLESS {
-        log_uncaptured(format!("Skipping {}: not supported on serverless", name));
-        return false;
-    }
     let setup_client = Client::test_builder().build().await;
     if setup_client.server_version_lt(7, 0) {
         log_uncaptured(format!("Skipping {}: not supported on server < 7.0", name));
@@ -3548,10 +3543,6 @@ async fn fle2_example() -> Result<()> {
         log_uncaptured("skipping fle2 example: cannot run on standalone");
         return Ok(());
     }
-    if *SERVERLESS {
-        log_uncaptured("skipping fle2 example: cannot run on serverless");
-        return Ok(());
-    }
 
     // Drop data from prior test runs.
     test_client
diff --git a/src/test/spec/json/client-side-encryption/README.rst b/src/test/spec/json/client-side-encryption/README.rst
index ea98dc57c..746630c53 100644
--- a/src/test/spec/json/client-side-encryption/README.rst
+++ b/src/test/spec/json/client-side-encryption/README.rst
@@ -24,6 +24,18 @@ specification.
 Additional prose tests, that are not represented in the spec tests, are described
 and MUST be implemented by all drivers.
 
+Running spec and prose tests require that the driver and server both support
+Client-Side Field Level Encryption. CSFLE is supported when all of the following
+are true:
+
+- Server version is 4.2.0 or higher. Legacy spec test runners can rely on
+  ``runOn.minServerVersion`` for this check.
+- Driver has libmongocrypt enabled
+- At least one of crypt_shared_ and/or mongocryptd_ is available.
+
+.. _crypt_shared: ../client-side-encryption.rst#crypt_shared
+.. _mongocryptd: ../client-side-encryption.rst#mongocryptd
+
 Spec Test Format
 ================
 
@@ -155,12 +167,10 @@ Do the following before running spec tests:
 - If available for the platform under test, obtain a crypt_shared_ binary and place it
   in a location accessible to the tests. Refer to: `Using crypt_shared`_
 - Start the mongocryptd process.
-- Start a mongod process with **server version 4.1.9 or later**.
+- Start a mongod process with **server version 4.2.0 or later**.
 - Place credentials to an AWS IAM user (access key ID + secret access key) somewhere in the environment outside of tracked code. (If testing on evergreen, project variables are a good place).
 - Start a KMIP test server on port 5698 by running `drivers-evergreen-tools/.evergreen/csfle/kms_kmip_server.py <https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/kms_kmip_server.py>`_.
 
-.. _crypt_shared: ../client-side-encryption.rst#crypt_shared
-
 Load each YAML (or JSON) file using a Canonical Extended JSON parser.
 
 If the test file name matches the regular expression ``fle2\-Range\-.*\-Correctness``, drivers MAY skip the test on macOS. The ``fle2-Range`` tests are very slow on macOS and do not provide significant additional test coverage.
@@ -313,7 +323,7 @@ Then for each element in ``tests``:
 
 #. If the test includes a list of command-started events in ``expectations``,
    compare them to the actual command-started events using the
-   same logic as the Command Monitoring Spec Tests runner.
+   same logic as the `Command Monitoring spec legacy test runner <https://github.com/mongodb/specifications/blob/09ee1ebc481f1502e3246971a9419e484d736207/source/command-monitoring/tests/README.rst>`__.
 
 #. For each element in ``outcome``:
 
@@ -979,6 +989,14 @@ Test cases
 8. Bypass Spawning mongocryptd
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
+.. note::
+
+   CONSIDER: To reduce the chances of tests interfering with each other,
+   drivers MAY use a different port for each test in this group,
+   and include it in ``--pidfilepath``. The interference
+   may come from the fact that once spawned by a test,
+   ``mongocryptd`` stays up and running for some time.
+
 Via loading shared library
 ``````````````````````````
 
@@ -1006,7 +1024,7 @@ The following tests that loading crypt_shared_ bypasses spawning mongocryptd.
    .. code:: javascript
 
       {
-        "mongocryptdURI": "mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000",
+        "mongocryptdURI": "mongodb://localhost:27021/?serverSelectionTimeoutMS=1000",
         "mongocryptdSpawnArgs": [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021"],
         "cryptSharedLibPath": "<path to shared library>",
         "cryptSharedLibRequired": true
@@ -1021,12 +1039,16 @@ The following tests that loading crypt_shared_ bypasses spawning mongocryptd.
 .. note::
 
    IMPORTANT: If crypt_shared_ is visible to the operating system's library
-   search mechanism, the expected server error generated by these
-   ``mongocryptdBypassSpawn`` tests will not appear because libmongocrypt will
+   search mechanism, the expected server error generated by the
+   ``Via mongocryptdBypassSpawn``, ``Via bypassAutoEncryption``, ``Via bypassQueryAnalysis``
+   tests will not appear because libmongocrypt will
    load the ``crypt_shared`` library instead of consulting mongocryptd. For
    the following tests, it is required that libmongocrypt *not* load ``crypt_shared``.
    Refer to the client-side-encryption document for more information on
-   "disabling" ``crypt_shared``.
+   "disabling" ``crypt_shared``. Take into account that once loaded,
+   for example, by another test,
+   ``crypt_shared`` cannot be unloaded and may be used by ``MongoClient``,
+   thus making the tests misbehave in unexpected ways.
 
 
 Via mongocryptdBypassSpawn
@@ -1034,6 +1056,10 @@ Via mongocryptdBypassSpawn
 
 The following tests that setting ``mongocryptdBypassSpawn=true`` really does bypass spawning mongocryptd.
 
+#. Insert the document `external/external-key.json <../external/external-key.json>`_ into ``keyvault.datakeys`` with majority write concern.
+   This step is not required to run this test, and drivers MAY skip it. But if the driver misbehaves,
+   then not having the encryption fully set up may complicate the process of figuring out what is wrong.
+
 #. Create a MongoClient configured with auto encryption (referred to as ``client_encrypted``)
 
    Configure the required options. Use the ``local`` KMS provider as follows:
@@ -1052,7 +1078,7 @@ The following tests that setting ``mongocryptdBypassSpawn=true`` really does byp
 
       {
         "mongocryptdBypassSpawn": true
-        "mongocryptdURI": "mongodb://localhost:27021/db?serverSelectionTimeoutMS=1000",
+        "mongocryptdURI": "mongodb://localhost:27021/?serverSelectionTimeoutMS=1000",
         "mongocryptdSpawnArgs": [ "--pidfilepath=bypass-spawning-mongocryptd.pid", "--port=27021"]
       }
 
@@ -1298,7 +1324,7 @@ Setup
 
 For both tests, do the following:
 
-#. Start a ``mongod`` process with **server version 4.1.9 or later**.
+#. Start a ``mongod`` process with **server version 4.2.0 or later**.
 
 #. Create a ``MongoClient`` for key vault operations.
 
@@ -1350,7 +1376,7 @@ Invalid Hostname in KMS Certificate
 Setup
 `````
 
-Start a ``mongod`` process with **server version 4.1.9 or later**.
+Start a ``mongod`` process with **server version 4.2.0 or later**.
 
 Four mock KMS server processes must be running:
 
@@ -1685,9 +1711,6 @@ The Explicit Encryption tests require MongoDB server 7.0+. The tests must not ru
    MongoDB Server 7.0 introduced a backwards breaking change to the Queryable Encryption (QE) protocol: QEv2.
 	libmongocrypt 1.8.0 is configured to use the QEv2 protocol.
 
-.. note::
-   Skip this test on Serverless until MongoDB Serverless enables the QEv2 protocol. Refer: `DRIVERS-2589 <https://jira.mongodb.org/browse/DRIVERS-2589>`_
-
 Before running each of the following test cases, perform the following Test Setup.
 
 Test Setup
@@ -1711,20 +1734,20 @@ Create a ClientEncryption object named ``clientEncryption`` with these options:
 
 .. code:: typescript
 
-   ClientEncryptionOpts {
-      keyVaultClient: <keyVaultClient>;
-      keyVaultNamespace: "keyvault.datakeys";
-      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } }
+   class ClientEncryptionOpts {
+      keyVaultClient: <keyVaultClient>,
+      keyVaultNamespace: "keyvault.datakeys",
+      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } },
    }
 
 Create a MongoClient named ``encryptedClient`` with these ``AutoEncryptionOpts``:
 
 .. code:: typescript
 
-   AutoEncryptionOpts {
-      keyVaultNamespace: "keyvault.datakeys";
-      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } }
-      bypassQueryAnalysis: true
+   class AutoEncryptionOpts {
+      keyVaultNamespace: "keyvault.datakeys",
+      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } },
+      bypassQueryAnalysis: true,
    }
 
 
@@ -1736,9 +1759,9 @@ Use ``clientEncryption`` to encrypt the value "encrypted indexed value" with the
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "Indexed",
-      contentionFactor: 0
+      contentionFactor: 0,
    }
 
 Store the result in ``insertPayload``.
@@ -1750,10 +1773,10 @@ Use ``clientEncryption`` to encrypt the value "encrypted indexed value" with the
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "Indexed",
       queryType: "equality",
-      contentionFactor: 0
+      contentionFactor: 0,
    }
 
 Store the result in ``findPayload``.
@@ -1770,9 +1793,9 @@ Use ``clientEncryption`` to encrypt the value "encrypted indexed value" with the
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "Indexed",
-      contentionFactor: 10
+      contentionFactor: 10,
    }
 
 Store the result in ``insertPayload``.
@@ -1786,10 +1809,10 @@ Use ``clientEncryption`` to encrypt the value "encrypted indexed value" with the
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "Indexed",
       queryType: "equality",
-      contentionFactor: 0
+      contentionFactor: 0,
    }
 
 Store the result in ``findPayload``.
@@ -1803,10 +1826,10 @@ Use ``clientEncryption`` to encrypt the value "encrypted indexed value" with the
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "Indexed",
       queryType: "equality",
-      contentionFactor: 10
+      contentionFactor: 10,
    }
 
 Store the result in ``findPayload2``.
@@ -1823,8 +1846,8 @@ Use ``clientEncryption`` to encrypt the value "encrypted unindexed value" with t
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
-      algorithm: "Unindexed"
+      keyId : <key1ID>,
+      algorithm: "Unindexed",
    }
 
 Store the result in ``insertPayload``.
@@ -1843,9 +1866,9 @@ Use ``clientEncryption`` to encrypt the value "encrypted indexed value" with the
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "Indexed",
-      contentionFactor: 0
+      contentionFactor: 0,
    }
 
 Store the result in ``payload``.
@@ -1860,7 +1883,7 @@ Use ``clientEncryption`` to encrypt the value "encrypted unindexed value" with t
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "Unindexed",
    }
 
@@ -1943,10 +1966,10 @@ Create a ClientEncryption object named ``clientEncryption`` with these options:
 
 .. code:: typescript
 
-   ClientEncryptionOpts {
+   class ClientEncryptionOpts {
       keyVaultClient: <setupClient>,
       keyVaultNamespace: "keyvault.datakeys",
-      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } }
+      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } },
    }
 
 Create a data key with the "local" KMS provider. Storing the result in a variable named ``keyID``.
@@ -1955,9 +1978,9 @@ Use ``clientEncryption`` to encrypt the string "hello" with the following ``Encr
 
 .. code:: typescript
 
-   EncryptOpts {
+   class EncryptOpts {
       keyId: <keyID>,
-      algorithm: "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
+      algorithm: "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
    }
 
 Store the result in a variable named ``ciphertext``.
@@ -1969,9 +1992,9 @@ Create a MongoClient named ``encryptedClient`` with these ``AutoEncryptionOpts``
 
 .. code:: typescript
 
-   AutoEncryptionOpts {
-      keyVaultNamespace: "keyvault.datakeys";
-      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } }
+   class AutoEncryptionOpts {
+      keyVaultNamespace: "keyvault.datakeys",
+      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } },
    }
 
 Configure ``encryptedClient`` with "retryReads=false".
@@ -2059,7 +2082,7 @@ options:
 
 .. code-block:: typescript
 
-   ClientEncryptionOpts {
+   class ClientEncryptionOpts {
       keyVaultClient: <setupClient>,
       keyVaultNamespace: "keyvault.datakeys",
       kmsProviders: { "aws": {} },
@@ -2144,10 +2167,10 @@ Include pairs where ``srcProvider`` equals ``dstProvider``.
 
    .. code:: typescript
 
-      ClientEncryptionOpts {
-         keyVaultClient: <new MongoClient>;
-         keyVaultNamespace: "keyvault.datakeys";
-         kmsProviders: <all KMS providers>
+      class ClientEncryptionOpts {
+         keyVaultClient: <new MongoClient>,
+         keyVaultNamespace: "keyvault.datakeys",
+         kmsProviders: <all KMS providers>,
       }
 
 3. Call ``clientEncryption1.createDataKey`` with ``srcProvider`` and these options:
@@ -2155,7 +2178,7 @@ Include pairs where ``srcProvider`` equals ``dstProvider``.
    .. code:: typescript
 
       class DataKeyOpts {
-         masterKey: <depends on srcProvider>
+         masterKey: <depends on srcProvider>,
       }
 
    Store the return value in ``keyID``.
@@ -2166,7 +2189,7 @@ Include pairs where ``srcProvider`` equals ``dstProvider``.
 
       class EncryptOpts {
          keyId : keyID,
-         algorithm: "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
+         algorithm: "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
       }
 
    Store the return value in ``ciphertext``.
@@ -2175,10 +2198,10 @@ Include pairs where ``srcProvider`` equals ``dstProvider``.
 
    .. code:: typescript
 
-      ClientEncryptionOpts {
-         keyVaultClient: <new MongoClient>;
-         keyVaultNamespace: "keyvault.datakeys";
-         kmsProviders: <all KMS providers>
+      class ClientEncryptionOpts {
+         keyVaultClient: <new MongoClient>,
+         keyVaultNamespace: "keyvault.datakeys",
+         kmsProviders: <all KMS providers>,
       }
 
 6. Call ``clientEncryption2.rewrapManyDataKey`` with an empty ``filter`` and these options:
@@ -2186,8 +2209,8 @@ Include pairs where ``srcProvider`` equals ``dstProvider``.
    .. code:: typescript
 
       class RewrapManyDataKeyOpts {
-         provider: dstProvider
-         masterKey: <depends on dstProvider>
+         provider: dstProvider,
+         masterKey: <depends on dstProvider>,
       }
 
    Assert that the returned ``RewrapManyDataKeyResult.bulkWriteResult.modifiedCount`` is 1.
@@ -2196,6 +2219,30 @@ Include pairs where ``srcProvider`` equals ``dstProvider``.
 
 8. Call ``clientEncryption2.decrypt`` with the ``ciphertext``. Assert the return value is "test".
 
+Case 2: RewrapManyDataKeyOpts.provider is not optional
+`````````````````````````````````````````````````````````````````````````
+
+Drivers MAY chose not to implement this prose test if their implementation of ``RewrapManyDataKeyOpts`` makes it impossible by design to omit ``RewrapManyDataKeyOpts.provider`` when ``RewrapManyDataKeyOpts.masterKey`` is set.
+
+1. Create a ``ClientEncryption`` object named ``clientEncryption`` with these options:
+
+   .. code:: typescript
+
+      class ClientEncryptionOpts {
+         keyVaultClient: <new MongoClient>,
+         keyVaultNamespace: "keyvault.datakeys",
+         kmsProviders: <all KMS providers>,
+      }
+
+2. Call ``clientEncryption.rewrapManyDataKey`` with an empty ``filter`` and these options:
+
+   .. code:: typescript
+
+      class RewrapManyDataKeyOpts {
+         masterKey: {}
+      }
+
+   Assert that `clientEncryption.rewrapManyDataKey` raises a client error indicating that the required ``RewrapManyDataKeyOpts.provider`` field is missing.
 
 17.  On-demand GCP Credentials
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -2207,7 +2254,7 @@ options:
 
 .. code-block:: typescript
 
-   ClientEncryptionOpts {
+   class ClientEncryptionOpts {
       keyVaultClient: <setupClient>,
       keyVaultNamespace: "keyvault.datakeys",
       kmsProviders: { "gcp": {} },
@@ -2230,7 +2277,7 @@ following ``DataKeyOpts``:
          "projectId": "devprod-drivers",
          "location": "global",
          "keyRing": "key-ring-csfle",
-         "keyName": "key-name-csfle"
+         "keyName": "key-name-csfle",
       }
    }
 
@@ -2255,7 +2302,7 @@ following ``DataKeyOpts``:
          "projectId": "devprod-drivers",
          "location": "global",
          "keyRing": "key-ring-csfle",
-         "keyName": "key-name-csfle"
+         "keyName": "key-name-csfle",
       }
    }
 
@@ -2405,7 +2452,7 @@ options:
 
 .. code-block:: typescript
 
-   ClientEncryptionOpts {
+   class ClientEncryptionOpts {
       keyVaultClient: <setupClient>,
       keyVaultNamespace: "keyvault.datakeys",
       kmsProviders: { "azure": {} },
@@ -2425,7 +2472,7 @@ following ``DataKeyOpts``:
    class DataKeyOpts {
       masterKey: {
          "keyVaultEndpoint": "https://keyvault-drivers-2411.vault.azure.net/keys/",
-         "keyName": "KEY-NAME"
+         "keyName": "KEY-NAME",
       }
    }
 
@@ -2448,7 +2495,7 @@ following ``DataKeyOpts``:
    class DataKeyOpts {
       masterKey: {
          "keyVaultEndpoint": "https://keyvault-drivers-2411.vault.azure.net/keys/",
-         "keyName": "KEY-NAME"
+         "keyName": "KEY-NAME",
       }
    }
 
@@ -2490,7 +2537,7 @@ The following tests that a mongocryptd client is not created when shared library
    .. code:: javascript
 
       {
-        "mongocryptdURI": "mongodb://localhost:27021"
+        "mongocryptdURI": "mongodb://localhost:27021/?serverSelectionTimeoutMS=1000"
       }
 
 #. Use ``client_encrypted`` to insert the document ``{"unencrypted": "test"}`` into ``db.coll``.
@@ -2508,9 +2555,6 @@ The Automatic Data Encryption Keys tests require MongoDB server 7.0+. The tests
    MongoDB Server 7.0 introduced a backwards breaking change to the Queryable Encryption (QE) protocol: QEv2.
 	libmongocrypt 1.8.0 is configured to use the QEv2 protocol.
 
-.. note::
-   Skip this test on Serverless until MongoDB Serverless enables the QEv2 protocol. Refer: `DRIVERS-2589 <https://jira.mongodb.org/browse/DRIVERS-2589>`_
-
 For each of the following test cases, assume `DB` is a valid open database
 handle, and assume a ClientEncryption_ object `CE` created using the following
 options::
@@ -2629,7 +2673,7 @@ when attempting to create a collection with such invalid settings.
 Case 4: Insert encrypted value
 ``````````````````````````````
 
-This test is continuation of the case 1 and provides a way to complete inserting 
+This test is continuation of the case 1 and provides a way to complete inserting
 with encrypted value.
 
 1. Create a new create-collection options `Opts` including the following::
@@ -2657,16 +2701,14 @@ with encrypted value.
    Expect success.
 
 22. Range Explicit Encryption
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 The Range Explicit Encryption tests require MongoDB server 7.0+. The tests must not run against a standalone.
 
 .. note::
    MongoDB Server 7.0 introduced a backwards breaking change to the Queryable Encryption (QE) protocol: QEv2.
 	libmongocrypt 1.8.0 is configured to use the QEv2 protocol.
 
-.. note::
-   Skip this test on Serverless until MongoDB Serverless enables the QEv2 protocol. Refer: `DRIVERS-2589 <https://jira.mongodb.org/browse/DRIVERS-2589>`_
-
 Each of the following test cases must pass for each of the supported types (``DecimalNoPrecision``, ``DecimalPrecision``, ``DoublePrecision``, ``DoubleNoPrecision``, ``Date``, ``Int``, and ``Long``), unless it is stated the type should be skipped.
 
 Tests for ``DecimalNoPrecision`` must only run against a replica set. ``DecimalNoPrecision`` queries are expected to take a long time and may exceed the default mongos timeout.
@@ -2693,194 +2735,214 @@ Create a ClientEncryption object named ``clientEncryption`` with these options:
 
 .. code:: typescript
 
-   ClientEncryptionOpts {
-      keyVaultClient: <keyVaultClient>;
-      keyVaultNamespace: "keyvault.datakeys";
-      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } }
+   class ClientEncryptionOpts {
+      keyVaultClient: <keyVaultClient>,
+      keyVaultNamespace: "keyvault.datakeys",
+      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } },
    }
 
 Create a MongoClient named ``encryptedClient`` with these ``AutoEncryptionOpts``:
 
 .. code:: typescript
 
-   AutoEncryptionOpts {
-      keyVaultNamespace: "keyvault.datakeys";
-      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } }
-      bypassQueryAnalysis: true
+   class AutoEncryptionOpts {
+      keyVaultNamespace: "keyvault.datakeys",
+      kmsProviders: { "local": { "key": <base64 decoding of LOCAL_MASTERKEY> } },
+      bypassQueryAnalysis: true,
    }
 
 The remaining tasks require setting ``RangeOpts``. `Test Setup: RangeOpts`_ lists the values to use for ``RangeOpts`` for each of the supported data types.
 
-Use ``clientEncryption`` to encrypt these values: 0, 6, 30, and 200. Ensure the type matches with the type of the encrypted field. For example, if the encrypted field is ``encryptedDoubleNoPrecision`` encrypt the value 6.0.
+Use ``clientEncryption`` to encrypt these values: 0, 6, 30, and 200. Ensure the type matches that of the encrypted field. For example, if the encrypted field is ``encryptedDoubleNoPrecision`` encrypt the value 6.0.
 
-Encrypt these values with the matching ``RangeOpts`` listed in `Test Setup: RangeOpts`_ and these ``EncryptOpts``:
+Encrypt using the following ``EncryptOpts``:
 
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "RangePreview",
-      contentionFactor: 0
+      contentionFactor: 0,
+      rangeOpts: <RangeOpts for Type>,
    }
 
-Use ``encryptedClient`` to insert these documents into ``db.explicit_encryption``:
+Use ``encryptedClient`` to insert the following documents into ``db.explicit_encryption``:
+
+.. code:: javascript
 
-- ``{ "encrypted<Type>": <encrypted 0>, _id: 0 }``
-- ``{ "encrypted<Type>": <encrypted 6>, _id: 1 }``
-- ``{ "encrypted<Type>": <encrypted 30>, _id: 2 }``
-- ``{ "encrypted<Type>": <encrypted 200>, _id: 3 }``
+   { "_id": 0, "encrypted<Type>": <encrypted 0> }
+   { "_id": 1, "encrypted<Type>": <encrypted 6> }
+   { "_id": 2, "encrypted<Type>": <encrypted 30> }
+   { "_id": 3, "encrypted<Type>": <encrypted 200> }
 
 
 Test Setup: RangeOpts
 `````````````````````
-This section lists the values to use for ``RangeOpts`` for each of the supported data types, since each data type requires a different ``RangeOpts``. 
+This section lists the values to use for ``RangeOpts`` for each of the supported data types, since each data type requires a different ``RangeOpts``.
 
-Each test listed in the cases below must pass for all supported data types unless it is stated the type should be skipped. 
+Each test listed in the cases below must pass for all supported data types unless it is stated the type should be skipped.
 
 #. DecimalNoPrecision
 
    .. code:: typescript
-   
+
       class RangeOpts {
-         sparsity: 1
+         sparsity: 1,
       }
 
 #. DecimalPrecision
 
    .. code:: typescript
-   
+
       class RangeOpts {
          min: { "$numberDecimal": "0" },
          max: { "$numberDecimal": "200" },
          sparsity: 1,
-         precision: 2
+         precision: 2,
       }
 
 #. DoubleNoPrecision
 
    .. code:: typescript
-   
+
       class RangeOpts {
-         sparsity: 1
+         sparsity: 1,
       }
 
 #. DoublePrecision
 
    .. code:: typescript
-   
+
       class RangeOpts {
          min: { "$numberDouble": "0" },
          max: { "$numberDouble": "200" },
          sparsity: 1,
-         precision: 2
+         precision: 2,
       }
 
 #. Date
 
    .. code:: typescript
-   
+
       class RangeOpts {
          min: {"$date": { "$numberLong": "0" } } ,
          max: {"$date": { "$numberLong": "200" } },
-         sparsity: 1
+         sparsity: 1,
       }
 
 #. Int
 
    .. code:: typescript
-   
+
       class RangeOpts {
          min: {"$numberInt": "0" } ,
          max: {"$numberInt": "200" },
-         sparsity: 1
+         sparsity: 1,
       }
 
 #. Long
 
    .. code:: typescript
-   
+
       class RangeOpts {
          min: {"$numberLong": "0" } ,
          max: {"$numberLong": "200" },
-         sparsity: 1
+         sparsity: 1,
       }
 
 Case 1: can decrypt a payload
 `````````````````````````````
-Use ``clientEncryption.encrypt()`` to encrypt the value 6. Ensure the encoded BSON type matches the type of the encrypted field. For example, if the encrypted field is ``encryptedLong`` encrypt the 64-bit BSON long value 6, not the 32-bit BSON int value 6.
-
-Store the result in ``insertPayload``.
+Use ``clientEncryption.encrypt()`` to encrypt the value 6. Ensure the type matches that of the encrypted field. For example, if the encrypted field is ``encryptedLong`` encrypt a BSON int64 type, not a BSON int32 type.
 
-Encrypt with the matching ``RangeOpts`` listed in `Test Setup: RangeOpts`_ and these ``EncryptOpts``:
+Encrypt using the following ``EncryptOpts``:
 
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "RangePreview",
-      contentionFactor: 0
+      contentionFactor: 0,
+      rangeOpts: <RangeOpts for Type>,
    }
 
-Use ``clientEncryption`` to decrypt ``insertPayload``. Assert the returned value equals 6.
+Store the result in ``insertPayload``.
+
+Use ``clientEncryption`` to decrypt ``insertPayload``. Assert the returned value equals 6 and has the expected type.
 
 .. note::
 
    The type returned by ``clientEncryption.decrypt()`` may differ from the input type to ``clientEncryption.encrypt()`` depending on how the driver unmarshals BSON numerics to language native types.
-   Example: a driver may unmarshal a BSON long to a numeric type that does not distinguish between int64 and int32.
+   Example: a driver may unmarshal a BSON int64 to a numeric type that does not distinguish between int64 and int32.
 
-Case 2: can find encrypted range and return the maximum 
+
+Case 2: can find encrypted range and return the maximum
 ```````````````````````````````````````````````````````
 Use ``clientEncryption.encryptExpression()`` to encrypt this query:
 
 .. code:: javascript
 
-   //convert 6 and 200 to match the type of the encrypted field.
-   {"$and": [{"encrypted<Type>": {"$gte": 6}}, {"encrypted<Type>": {"$lte": 200}}]}
+   // Convert 6 and 200 to the encrypted field type
+   { "$and": [ { "encrypted<Type>": { "$gte": 6 } }, { "encrypted<Type>": { "$lte": 200 } } ] }
 
-Use the matching ``RangeOpts`` listed in `Test Setup: RangeOpts`_ and these ``EncryptOpts`` to encrypt the query:
+Encrypt using the following ``EncryptOpts``:
 
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "RangePreview",
       queryType: "rangePreview",
-      contentionFactor: 0
+      contentionFactor: 0,
+      rangeOpts: <RangeOpts for Type>,
    }
 
 Store the result in ``findPayload``.
 
 Use ``encryptedClient`` to run a "find" operation on the ``db.explicit_encryption`` collection with the filter ``findPayload`` and sort the results by ``_id``.
 
-Assert these three documents ``{ "encrypted<Type>": 6 }, { "encrypted<Type>": 30 }, { "encrypted<Type>": 200}`` are returned.
+Assert the following three documents are returned:
 
+.. code:: javascript
 
-Case 3: can find encrypted range and return the minimum 
-```````````````````````````````````````````````````````
-Use ``clientEncryption.encryptExpression()`` to encrypt this query: 
+   // Convert 6, 30, and 200 to the encrypted field type
+   { "_id": 1, "encrypted<Type>": 6 }
+   { "_id": 2, "encrypted<Type>": 30 }
+   { "_id": 3, "encrypted<Type>": 200 }
 
 
+Case 3: can find encrypted range and return the minimum
+```````````````````````````````````````````````````````
+Use ``clientEncryption.encryptExpression()`` to encrypt this query:
+
 .. code:: javascript
-   
-   //convert 0 and 6 to match the type of the encrypted field.
-   {"$and": [{"encrypted<Type>": {"$gte": 0}}, {"encrypted<Type>": {"$lte": 6}}]}
 
-Use the matching ``RangeOpts`` listed in `Test Setup: RangeOpts`_ and these ``EncryptOpts`` to encrypt the query:
+   // Convert 0 and 6 to the encrypted field type
+   { "$and": [ { "encrypted<Type>": { "$gte": 0 } }, { "encrypted<Type>": { "$lte": 6 } } ] }
+
+Encrypt using the following ``EncryptOpts``:
 
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "RangePreview",
       queryType: "rangePreview",
-      contentionFactor: 0
+      contentionFactor: 0,
+      rangeOpts: <RangeOpts for Type>,
    }
 
 Store the result in ``findPayload``.
 
 Use ``encryptedClient`` to run a "find" operation on the ``db.explicit_encryption`` collection with the filter ``findPayload`` and sort the results by ``_id``.
 
-Assert these two documents ``{ "encrypted<Type>": 0 }, { "encrypted<Type>": 6 }`` are returned.
+Assert the following two documents are returned:
+
+.. code:: javascript
+
+   // Convert 0 and 6 to the encrypted field type
+   { "_id": 0, "encrypted<Type>": 0 }
+   { "_id": 1, "encrypted<Type>": 6 }
+
 
 Case 4: can find encrypted range with an open range query
 `````````````````````````````````````````````````````````
@@ -2888,107 +2950,128 @@ Use ``clientEncryption.encryptExpression()`` to encrypt this query:
 
 .. code:: javascript
 
-   //convert 30 to match the type of the encrypted field.
-   {"$and": [{"encrypted<Type>": {"$gt": 30}}]}
+   // Convert 30 to the encrypted field type
+   { "$and": [ { "encrypted<Type>": { "$gt": 30 } } ] }
 
-Use the matching ``RangeOpts`` listed in `Test Setup: RangeOpts`_ and these ``EncryptOpts`` to encrypt the query:
+Encrypt using the following ``EncryptOpts``:
 
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "RangePreview",
       queryType: "rangePreview",
-      contentionFactor: 0
+      contentionFactor: 0,
+      rangeOpts: <RangeOpts for Type>,
    }
 
 Store the result in ``findPayload``.
 
 Use ``encryptedClient`` to run a "find" operation on the ``db.explicit_encryption`` collection with the filter ``findPayload`` and sort the results by ``_id``.
 
-Assert that only this document ``{ "encrypted<Type>": 200 }`` is returned. 
+Assert the following document is returned:
+
+.. code:: javascript
+
+   // Convert 200 to the encrypted field type
+   { "_id": 3, "encrypted<Type>": 200 }
 
-Case 5: can run an aggregation expression inside $expr 
+
+Case 5: can run an aggregation expression inside $expr
 ``````````````````````````````````````````````````````
-Use ``clientEncryption.encryptExpression()`` to encrypt this query: 
+Use ``clientEncryption.encryptExpression()`` to encrypt this query:
 
 .. code:: javascript
 
-   {'$and': [ { '$lt': [ '$encrypted<Type>', 30 ] } ] } }
+   // Convert 30 to the encrypted field type
+   { "$and": [ { "$lt": [ "$encrypted<Type>", 30 ] } ] } }
 
-Use the matching ``RangeOpts`` listed in `Test Setup: RangeOpts`_ and these ``EncryptOpts`` to encrypt the query:
+Encrypt using the following ``EncryptOpts``:
 
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "RangePreview",
       queryType: "rangePreview",
-      contentionFactor: 0
+      contentionFactor: 0,
+      rangeOpts: <RangeOpts for Type>,
    }
 
 Store the result in ``findPayload``.
 
-Use ``encryptedClient`` to run a "find" operation on the ``db.explicit_encryption`` collection with the filter ``{'$expr' :  <findPayload> }`` and sort the results by ``_id``.
+Use ``encryptedClient`` to run a "find" operation on the ``db.explicit_encryption`` collection with the filter ``{ "$expr": <findPayload> }`` and sort the results by ``_id``.
+
+Assert the following two documents are returned:
+
+.. code:: javascript
+
+   // Convert 0 and 6 to the encrypted field type
+   { "_id": 0, "encrypted<Type>": 0 }
+   { "_id": 1, "encrypted<Type>": 6 }
 
-Assert that these two documents ``{ "encrypted<Type>": 0 }, { "encrypted<Type>": 6 }`` are returned.
 
 Case 6: encrypting a document greater than the maximum errors
 `````````````````````````````````````````````````````````````
 This test case should be skipped if the encrypted field is ``encryptedDoubleNoPrecision`` or ``encryptedDecimalNoPrecision``.
 
-Use ``clientEncryption.encrypt()`` to try to encrypt the value 201 with the matching ``RangeOpts`` listed in `Test Setup: RangeOpts`_ and these ``EncryptOpts``:
+Use ``clientEncryption.encrypt()`` to encrypt the value 201. Ensure the type matches that of the encrypted field.
+
+Encrypt using the following ``EncryptOpts``:
 
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "RangePreview",
-      contentionFactor: 0
+      contentionFactor: 0,
+      rangeOpts: <RangeOpts for Type>,
    }
 
-Ensure 201 matches the type of the encrypted field. The error should be raised because 201 is greater than the maximum value in ``RangeOpts``.
+Assert that an error was raised because 201 is greater than the maximum value in ``RangeOpts``.
 
-Assert that an error was raised.
 
-Case 7: encrypting a document of a different type errors 
-````````````````````````````````````````````````````````
+Case 7: encrypting a value of a different type errors
+`````````````````````````````````````````````````````
 This test case should be skipped if the encrypted field is ``encryptedDoubleNoPrecision`` or ``encryptedDecimalNoPrecision``.
 
-For all the tests below use these ``EncryptOpts``:
+Use ``clientEncryption.encrypt()`` to encrypt the value 6 with a type that does not match that of the encrypted field.
+
+If the encrypted field is ``encryptedInt`` use a BSON double type. Otherwise, use a BSON int32 type.
+
+Encrypt using the following ``EncryptOpts``:
 
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "RangePreview",
-      contentionFactor: 0
+      contentionFactor: 0,
+      rangeOpts: <RangeOpts for Type>,
    }
 
-If the encrypted field is ``encryptedInt`` encrypt ``{ "encryptedInt": { "$numberDouble": "6" } }``.
-Otherwise, encrypt ``{ "encrypted<Type>": { "$numberInt": "6" }``.
-Assert an error was raised.
+Ensure that ``RangeOpts`` corresponds to the type of the encrypted field (i.e. expected type) and not that of the value being passed to ``clientEncryption.encrypt()``.
 
+Assert that an error was raised.
 
-Case 8: setting precision errors if the type is not a double
-````````````````````````````````````````````````````````````
-This test case should be skipped if the encrypted field is ``encryptedDoublePrecision`` or ``encryptedDoubleNoPrecision`` or ``encryptedDecimalPrecision`` or ``encryptedDecimalNoPrecision``.
 
-Use ``clientEncryption.encrypt()`` to try to encrypt the value 6 with these ``EncryptOpts`` and these ``RangeOpts``:
+Case 8: setting precision errors if the type is not double or Decimal128
+````````````````````````````````````````````````````````````````````
+This test case should be skipped if the encrypted field is ``encryptedDoublePrecision``, ``encryptedDoubleNoPrecision``, ``encryptedDecimalPrecision``, or ``encryptedDecimalNoPrecision``.
+
+Use ``clientEncryption.encrypt()`` to encrypt the value 6. Ensure the type matches that of the encrypted field.
+
+Add ``{ precision: 2 }`` to the encrypted field's ``RangeOpts`` (see: `Test Setup: RangeOpts`_).
+
+Encrypt using the following ``EncryptOpts``:
 
 .. code:: typescript
 
    class EncryptOpts {
-      keyId : <key1ID>
+      keyId : <key1ID>,
       algorithm: "RangePreview",
-      contentionFactor: 0
-   }
-   
-   class RangeOpts {
-      min: 0,
-      max: 200,
-      sparsity: 1,
-      precision: 2,
+      contentionFactor: 0,
+      rangeOpts: <RangeOpts for Type with precision added>,
    }
 
-Assert an error was raised.
+Assert that an error was raised.
diff --git a/src/test/spec/json/client-side-encryption/benchmarks.rst b/src/test/spec/json/client-side-encryption/benchmarks.rst
new file mode 100644
index 000000000..bba8db4a0
--- /dev/null
+++ b/src/test/spec/json/client-side-encryption/benchmarks.rst
@@ -0,0 +1,46 @@
+=============================
+In-Use Encryption: Benchmarks
+=============================
+
+.. contents::
+
+----
+
+Benchmarking Bindings
+=====================
+
+Drivers are encouraged to benchmark the bindings to libmongocrypt. Benchmarking may help to identify performance issues due to the cost of calling between the native language and the C library.
+
+A handle to libmongocrypt (``mongocrypt_t``) is needed for the benchmark. In the public driver API, ``mongocrypt_t`` is an implementation detail contained in a ``MongoClient``. The bindings API may more directly interface ``mongocrypt_t``. Example: the Java bindings API contains a `MongoCrypt class <https://github.com/mongodb/libmongocrypt/blob/master/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypt.java>`_ closely wrapping the ``mongocrypt_t``.
+
+If possible, drivers are encouraged to use the bindings API and mock responses from the MongoDB server. This may help to narrow the scope of the benchmarked code. See `BenchmarkRunner.java <https://github.com/mongodb/libmongocrypt/blob/b81e66e0208d13e07c2e5e60b3170f0cfc61e1e2/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java>`_ for an example using the Java bindings API. If that is not possible, the benchmark can be implemented using the ``MongoClient`` API, and the benchmark will include the time spent communicating with the MongoDB server.
+
+Benchmarking Bulk Decryption
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Set up the benchmark data:
+
+- Create a data key with the "local" KMS provider.
+- Encrypt 1500 string values of the form ``value 0001``, ``value 0002``, ``value 0003``, ... with the algorithm ``AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic``.
+- Create a document of the form: ``{ "key0001": <encrypted "value 0001">, "key0002": <encrypted "value 0002">, "key0003": <encrypted "value 0003"> }``.
+- Create a handle to ``mongocrypt_t``. This may be through the bindings API (preferred) or through a ``MongoClient`` configured with ``AutoEncryptionOpts``.
+
+Warm up the benchmark:
+
+- Use the handle to decrypt the document repeatedly for one second.
+
+Run the benchmark. Repeat benchmark for thread counts: (1, 2, 8, 64):
+
+- Start threads. Use the same handle between all threads (``mongocrypt_t`` is thread-safe).
+- In each thread: decrypt the document repeatedly for one second.
+- Count the number of decrypt operations performed (ops/sec).
+- Repeat 10 times.
+
+Produce results:
+
+- Report the median result of the ops/sec for each thread count.
+
+**Note:**
+The ``mongocrypt_t`` handle caches the decrypted Data Encryption Key (DEK) for a fixed time period of one minute.
+If the benchmark exceeds one minute, the DEK will be requested again from the key vault collection.
+Reporting the median of trials is expected to prevent this impacting results.
diff --git a/src/test/spec/json/client-side-encryption/legacy/explain.json b/src/test/spec/json/client-side-encryption/legacy/explain.json
index 0e451e481..8ca3b48d3 100644
--- a/src/test/spec/json/client-side-encryption/legacy/explain.json
+++ b/src/test/spec/json/client-side-encryption/legacy/explain.json
@@ -1,7 +1,7 @@
 {
   "runOn": [
     {
-      "minServerVersion": "4.1.10"
+      "minServerVersion": "7.0.0"
     }
   ],
   "database_name": "default",
diff --git a/src/test/spec/json/client-side-encryption/legacy/explain.yml b/src/test/spec/json/client-side-encryption/legacy/explain.yml
index c0dd9c57c..325928a72 100644
--- a/src/test/spec/json/client-side-encryption/legacy/explain.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/explain.yml
@@ -1,5 +1,5 @@
 runOn:
-  - minServerVersion: "4.1.10"
+  - minServerVersion: "7.0.0"
 database_name: &database_name "default"
 collection_name: &collection_name "default"
 
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-BypassQueryAnalysis.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-BypassQueryAnalysis.json
index dcc3983ae..9b28df2f9 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-BypassQueryAnalysis.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-BypassQueryAnalysis.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-BypassQueryAnalysis.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-BypassQueryAnalysis.yml
index 1ef8197c2..51e7a5675 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-BypassQueryAnalysis.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-BypassQueryAnalysis.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Compact.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Compact.json
index e47c689bf..27310cb59 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Compact.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Compact.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Compact.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Compact.yml
index 8e88cc520..2398a5cd4 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Compact.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Compact.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection-OldServer.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection-OldServer.json
index d5b04b3ea..c266aa6b8 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection-OldServer.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection-OldServer.json
@@ -55,6 +55,38 @@
           "result": {
             "errorContains": "Driver support of Queryable Encryption is incompatible with server. Upgrade server to use Queryable Encryption."
           }
+        },
+        {
+          "name": "assertCollectionNotExists",
+          "object": "testRunner",
+          "arguments": {
+            "database": "default",
+            "collection": "enxcol_.encryptedCollection.esc"
+          }
+        },
+        {
+          "name": "assertCollectionNotExists",
+          "object": "testRunner",
+          "arguments": {
+            "database": "default",
+            "collection": "enxcol_.encryptedCollection.ecc"
+          }
+        },
+        {
+          "name": "assertCollectionNotExists",
+          "object": "testRunner",
+          "arguments": {
+            "database": "default",
+            "collection": "enxcol_.encryptedCollection.ecoc"
+          }
+        },
+        {
+          "name": "assertCollectionNotExists",
+          "object": "testRunner",
+          "arguments": {
+            "database": "default",
+            "collection": "encryptedCollection"
+          }
         }
       ]
     }
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection-OldServer.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection-OldServer.yml
index f55001a42..5cc6ead0f 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection-OldServer.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection-OldServer.yml
@@ -37,3 +37,25 @@ tests:
           collection: "encryptedCollection"
         result:
           errorContains: "Driver support of Queryable Encryption is incompatible with server. Upgrade server to use Queryable Encryption."
+      # Assert no collections were created.
+      - name: assertCollectionNotExists
+        object: testRunner
+        arguments:
+          database: *database_name
+          collection: &esc_collection_name "enxcol_.encryptedCollection.esc"
+      # ecc collection is no longer created for QEv2
+      - name: assertCollectionNotExists
+        object: testRunner
+        arguments:
+          database: *database_name
+          collection: &ecc_collection_name "enxcol_.encryptedCollection.ecc"
+      - name: assertCollectionNotExists
+        object: testRunner
+        arguments:
+          database: *database_name
+          collection: &ecoc_collection_name "enxcol_.encryptedCollection.ecoc"
+      - name: assertCollectionNotExists
+        object: testRunner
+        arguments:
+          database: *database_name
+          collection: encryptedCollection
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection.json
index 819d2eec3..c324be8ab 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
@@ -158,9 +157,6 @@
             "command": {
               "create": "encryptedCollection",
               "encryptedFields": {
-                "escCollection": null,
-                "ecocCollection": null,
-                "eccCollection": null,
                 "fields": [
                   {
                     "path": "firstName",
@@ -343,9 +339,6 @@
             "command": {
               "create": "encryptedCollection",
               "encryptedFields": {
-                "escCollection": null,
-                "ecocCollection": null,
-                "eccCollection": null,
                 "fields": [
                   {
                     "path": "firstName",
@@ -851,9 +844,6 @@
             "command": {
               "create": "encryptedCollection",
               "encryptedFields": {
-                "escCollection": null,
-                "ecocCollection": null,
-                "eccCollection": null,
                 "fields": [
                   {
                     "path": "firstName",
@@ -1048,9 +1038,6 @@
             "command": {
               "create": "encryptedCollection",
               "encryptedFields": {
-                "escCollection": null,
-                "ecocCollection": null,
-                "eccCollection": null,
                 "fields": [
                   {
                     "path": "firstName",
@@ -1367,9 +1354,6 @@
             "command": {
               "create": "encryptedCollection",
               "encryptedFields": {
-                "escCollection": null,
-                "ecocCollection": null,
-                "eccCollection": null,
                 "fields": [
                   {
                     "path": "firstName",
@@ -1635,9 +1619,6 @@
             "command": {
               "create": "encryptedCollection",
               "encryptedFields": {
-                "escCollection": null,
-                "ecocCollection": null,
-                "eccCollection": null,
                 "fields": [
                   {
                     "path": "firstName",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection.yml
index ea33865a2..43dbccfc3 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-CreateCollection.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
@@ -101,10 +100,6 @@ tests:
             command:
               create: *encrypted_collection_name
               encryptedFields: &encrypted_fields_expectation {
-                # Expect state collections are not included in the encryptedFields sent to the server.
-                "escCollection": null,
-                "ecocCollection": null,
-                "eccCollection": null,
                 "fields": [
                     {
                         "path": "firstName",
@@ -939,4 +934,4 @@ tests:
           collection: *encrypted_collection_name
         result:
           # Expect error due to server constraints added in SERVER-74069
-          errorContains: "Encrypted State Collection name should follow"
\ No newline at end of file
+          errorContains: "Encrypted State Collection name should follow"
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-DecryptExistingData.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-DecryptExistingData.json
index 905d3c945..1fb4c1d1b 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-DecryptExistingData.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-DecryptExistingData.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-DecryptExistingData.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-DecryptExistingData.yml
index 8ed6e1d89..952551ba3 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-DecryptExistingData.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-DecryptExistingData.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Delete.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Delete.json
index e4150eab8..ddfe57b00 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Delete.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Delete.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Delete.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Delete.yml
index c9a8aced5..4e1a59c93 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Delete.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Delete.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.json
index b579979e9..bdc5c99bc 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml
index 13d1129c8..8767132e6 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-EncryptedFieldsMap.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-jsonSchema.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-jsonSchema.json
index 0a84d7365..8e0c6dafa 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-jsonSchema.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-jsonSchema.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-jsonSchema.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-jsonSchema.yml
index 3d6e5ce95..119da443f 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-jsonSchema.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFields-vs-jsonSchema.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFieldsMap-defaults.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFieldsMap-defaults.json
index 3e0905ead..1c0a057ca 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFieldsMap-defaults.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFieldsMap-defaults.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFieldsMap-defaults.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFieldsMap-defaults.yml
index 4d85e304d..ec91ebf1c 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFieldsMap-defaults.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-EncryptedFieldsMap-defaults.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-FindOneAndUpdate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-FindOneAndUpdate.json
index 4606fbb93..c5e689a3d 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-FindOneAndUpdate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-FindOneAndUpdate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-FindOneAndUpdate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-FindOneAndUpdate.yml
index 1a2211130..7849b6032 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-FindOneAndUpdate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-FindOneAndUpdate.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Indexed.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Indexed.json
index c7149d1f5..6e156ffc6 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Indexed.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Indexed.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Indexed.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Indexed.yml
index 27520226b..2acd97585 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Indexed.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Indexed.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Unindexed.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Unindexed.json
index 008b0c959..48280f5bd 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Unindexed.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Unindexed.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Unindexed.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Unindexed.yml
index aeff4a88f..ddba6c743 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Unindexed.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-InsertFind-Unindexed.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-MissingKey.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-MissingKey.json
index 0b7e86bca..8812a1f0a 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-MissingKey.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-MissingKey.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-MissingKey.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-MissingKey.yml
index 0ff40dbe8..2d9eb6e58 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-MissingKey.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-MissingKey.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-NoEncryption.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-NoEncryption.json
index 185691d61..a6843c473 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-NoEncryption.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-NoEncryption.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-NoEncryption.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-NoEncryption.yml
index 66fb5e262..afb79d526 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-NoEncryption.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-NoEncryption.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Aggregate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Aggregate.json
index dea821bd1..ba53b007b 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Aggregate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Aggregate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Aggregate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Aggregate.yml
index b03e4d9a2..93ad19951 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Aggregate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Aggregate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Correctness.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Correctness.json
index 9e4f52587..e9620efbe 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Correctness.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Correctness.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Correctness.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Correctness.yml
index 6e5f80265..d60b7b620 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Correctness.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Correctness.yml
@@ -4,7 +4,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Delete.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Delete.json
index 7f4094f50..daaa09389 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Delete.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Delete.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Delete.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Delete.yml
index e15d19d84..0b969fd48 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Delete.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Delete.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-FindOneAndUpdate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-FindOneAndUpdate.json
index 5ec060160..8500fa829 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-FindOneAndUpdate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-FindOneAndUpdate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-FindOneAndUpdate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-FindOneAndUpdate.yml
index 5f25f9756..76bfe7ea2 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-FindOneAndUpdate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-FindOneAndUpdate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-InsertFind.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-InsertFind.json
index efce1511c..7de45ba00 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-InsertFind.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-InsertFind.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-InsertFind.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-InsertFind.yml
index d9f9a10d5..e978b9de5 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-InsertFind.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-InsertFind.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Update.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Update.json
index 7f9fadcda..d5b62be06 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Update.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Update.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Update.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Update.yml
index 097d54c18..fe7d050f1 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Update.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Date-Update.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Aggregate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Aggregate.json
index fb129392b..081bc577f 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Aggregate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Aggregate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset"
       ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Aggregate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Aggregate.yml
index 506dc086b..0926988d2 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Aggregate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Aggregate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     # Tests for Decimal (without precision) must only run against a replica set. Decimal (without precision) queries are expected to take a long time and may exceed the default mongos timeout.
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Correctness.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Correctness.json
index 5120aecb7..12fe7c8bc 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Correctness.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Correctness.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset"
       ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Correctness.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Correctness.yml
index 7015e64f1..1961ed3e5 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Correctness.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Correctness.yml
@@ -4,7 +4,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     # Tests for Decimal (without precision) must only run against a replica set. Decimal (without precision) queries are expected to take a long time and may exceed the default mongos timeout.
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Delete.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Delete.json
index de81159b4..ac49d16a2 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Delete.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Delete.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset"
       ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Delete.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Delete.yml
index 4e80cd0c3..bdb10e2d8 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Delete.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Delete.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     # Tests for Decimal (without precision) must only run against a replica set. Decimal (without precision) queries are expected to take a long time and may exceed the default mongos timeout.
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-FindOneAndUpdate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-FindOneAndUpdate.json
index 36cf91c88..88a235078 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-FindOneAndUpdate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-FindOneAndUpdate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset"
       ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-FindOneAndUpdate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-FindOneAndUpdate.yml
index e0f0b2b1c..defccea0a 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-FindOneAndUpdate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-FindOneAndUpdate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     # Tests for Decimal (without precision) must only run against a replica set. Decimal (without precision) queries are expected to take a long time and may exceed the default mongos timeout.
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-InsertFind.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-InsertFind.json
index 6b5a642aa..54e43e4a2 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-InsertFind.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-InsertFind.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset"
       ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-InsertFind.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-InsertFind.yml
index 9647dfe85..51abaa642 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-InsertFind.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-InsertFind.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     # Tests for Decimal (without precision) must only run against a replica set. Decimal (without precision) queries are expected to take a long time and may exceed the default mongos timeout.
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Update.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Update.json
index 8cfb7b525..b2b8136a9 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Update.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Update.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset"
       ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Update.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Update.yml
index 86626403f..e79fd082e 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Update.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Decimal-Update.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     # Tests for Decimal (without precision) must only run against a replica set. Decimal (without precision) queries are expected to take a long time and may exceed the default mongos timeout.
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Aggregate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Aggregate.json
index 801beefe1..b078d1817 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Aggregate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Aggregate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Aggregate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Aggregate.yml
index 98defcd9e..08f4a380c 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Aggregate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Aggregate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Correctness.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Correctness.json
index b8a695361..0859e702a 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Correctness.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Correctness.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Correctness.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Correctness.yml
index aa7ef7525..18252b4bb 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Correctness.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Correctness.yml
@@ -4,7 +4,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Delete.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Delete.json
index 1abb59bfd..6e1ad90cd 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Delete.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Delete.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Delete.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Delete.yml
index 446745fdc..ade385d20 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Delete.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Delete.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-FindOneAndUpdate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-FindOneAndUpdate.json
index 8d763431f..1cfd19a1e 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-FindOneAndUpdate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-FindOneAndUpdate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-FindOneAndUpdate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-FindOneAndUpdate.yml
index f90616a88..7100d5888 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-FindOneAndUpdate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-FindOneAndUpdate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-InsertFind.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-InsertFind.json
index 5407fba18..da7660972 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-InsertFind.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-InsertFind.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-InsertFind.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-InsertFind.yml
index e8e76cc95..32785d658 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-InsertFind.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-InsertFind.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Update.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Update.json
index e5d1a4e05..2d201948c 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Update.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Update.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Update.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Update.yml
index 87dfe7077..eedd07608 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Update.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DecimalPrecision-Update.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Aggregate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Aggregate.json
index d8c9cacdc..c188f1f5a 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Aggregate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Aggregate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Aggregate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Aggregate.yml
index e9711a81f..4fb95343b 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Aggregate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Aggregate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Correctness.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Correctness.json
index 65594bcb1..3e298127d 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Correctness.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Correctness.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Correctness.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Correctness.yml
index 38e6caf44..7289bb24d 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Correctness.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Correctness.yml
@@ -4,7 +4,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Delete.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Delete.json
index 392e722f1..dc0ba435f 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Delete.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Delete.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Delete.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Delete.yml
index 7992fcdd9..2f42c1da1 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Delete.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Delete.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-FindOneAndUpdate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-FindOneAndUpdate.json
index bbcfb321f..4b96575e1 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-FindOneAndUpdate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-FindOneAndUpdate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-FindOneAndUpdate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-FindOneAndUpdate.yml
index 9fbdfdbb1..d6573ff86 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-FindOneAndUpdate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-FindOneAndUpdate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-InsertFind.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-InsertFind.json
index 9f2c7c991..4827b6838 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-InsertFind.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-InsertFind.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-InsertFind.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-InsertFind.yml
index 306cb7261..0122ba243 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-InsertFind.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-InsertFind.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Update.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Update.json
index ce03576f8..c3284ad0f 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Update.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Update.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Update.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Update.yml
index 19912facf..176db3971 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Update.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Double-Update.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Aggregate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Aggregate.json
index b121c72f1..a2c1f3b75 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Aggregate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Aggregate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Aggregate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Aggregate.yml
index 2700de4ad..134003bf9 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Aggregate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Aggregate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Correctness.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Correctness.json
index 6b42ecfe8..d0c0601ce 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Correctness.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Correctness.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Correctness.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Correctness.yml
index 6508db7d1..a8fc4ec2a 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Correctness.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Correctness.yml
@@ -4,7 +4,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Delete.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Delete.json
index a5c397d0b..a617442ee 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Delete.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Delete.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Delete.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Delete.yml
index e5a35c8ee..a6f83da78 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Delete.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Delete.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-FindOneAndUpdate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-FindOneAndUpdate.json
index b6df9463e..5565fb179 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-FindOneAndUpdate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-FindOneAndUpdate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-FindOneAndUpdate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-FindOneAndUpdate.yml
index e74b6ecb7..5def8d287 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-FindOneAndUpdate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-FindOneAndUpdate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-InsertFind.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-InsertFind.json
index 1cea25545..a1d8c1785 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-InsertFind.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-InsertFind.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-InsertFind.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-InsertFind.yml
index bc15c9b88..8900f79a8 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-InsertFind.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-InsertFind.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Update.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Update.json
index 7703c9057..6ea99242b 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Update.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Update.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Update.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Update.yml
index 3211b5047..3e31f4018 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Update.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-DoublePrecision-Update.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Aggregate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Aggregate.json
index 9c2536264..b3b2826fa 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Aggregate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Aggregate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Aggregate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Aggregate.yml
index cb7765faa..13c350ea5 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Aggregate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Aggregate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Correctness.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Correctness.json
index 58ccf3efc..4932223ba 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Correctness.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Correctness.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Correctness.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Correctness.yml
index 77206aed6..1e7d5d47f 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Correctness.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Correctness.yml
@@ -4,7 +4,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Delete.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Delete.json
index b20b2750b..03f816e4b 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Delete.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Delete.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Delete.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Delete.yml
index 59f58650e..ab1e9d2e5 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Delete.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Delete.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-FindOneAndUpdate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-FindOneAndUpdate.json
index f9c189ace..d573f7b6a 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-FindOneAndUpdate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-FindOneAndUpdate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-FindOneAndUpdate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-FindOneAndUpdate.yml
index f49f319e2..a33a5120a 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-FindOneAndUpdate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-FindOneAndUpdate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-InsertFind.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-InsertFind.json
index 874d4760c..04953663f 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-InsertFind.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-InsertFind.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-InsertFind.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-InsertFind.yml
index d848bbdf7..4ef8c8e52 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-InsertFind.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-InsertFind.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Update.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Update.json
index c2b62b4d1..4c7a3c278 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Update.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Update.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Update.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Update.yml
index a18878f55..cf5716dab 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Update.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Int-Update.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Aggregate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Aggregate.json
index afc0f97be..a7e77fd5c 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Aggregate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Aggregate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Aggregate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Aggregate.yml
index 9837cf6e4..cb5e42c15 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Aggregate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Aggregate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Correctness.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Correctness.json
index cda941de8..365822c79 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Correctness.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Correctness.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Correctness.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Correctness.yml
index 4df64cb67..a7a33e274 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Correctness.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Correctness.yml
@@ -4,7 +4,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Delete.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Delete.json
index ad344e21b..17a01fe07 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Delete.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Delete.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Delete.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Delete.yml
index 1df1150c7..8dd1603f3 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Delete.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Delete.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-FindOneAndUpdate.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-FindOneAndUpdate.json
index d44720046..918d0dfee 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-FindOneAndUpdate.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-FindOneAndUpdate.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-FindOneAndUpdate.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-FindOneAndUpdate.yml
index 24f5d45c9..0641988b9 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-FindOneAndUpdate.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-FindOneAndUpdate.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-InsertFind.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-InsertFind.json
index 4eb837f28..9fafd10d4 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-InsertFind.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-InsertFind.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-InsertFind.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-InsertFind.yml
index 8e2f826f7..076670d49 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-InsertFind.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-InsertFind.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Update.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Update.json
index 3ba7f17c1..20ac25bfa 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Update.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Update.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Update.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Update.yml
index c293a6409..0aad7c441 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Update.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-Long-Update.yml
@@ -2,7 +2,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-WrongType.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-WrongType.json
index e5e9ddc82..5a6e650ab 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-WrongType.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-WrongType.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-WrongType.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-WrongType.yml
index ada65209e..b44e8c505 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-WrongType.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Range-WrongType.yml
@@ -4,7 +4,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
@@ -41,4 +40,4 @@ tests:
           sort: { _id: 1 }
         result:
           # expect an error from libmongocrypt.
-          errorContains: "field type is not supported"
\ No newline at end of file
+          errorContains: "field type is not supported"
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Update.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Update.json
index 14104e2cd..cb260edc0 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Update.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Update.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Update.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Update.yml
index ce5a4ed67..3bed02718 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-Update.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-Update.yml
@@ -1,7 +1,6 @@
 # Requires libmongocrypt 1.8.0.
 runOn:
   - minServerVersion: "7.0.0"
-    serverless: "forbid"
     # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
     # FLE 2 Encrypted collections are not supported on standalone.
     topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-validatorAndPartialFieldExpression.json b/src/test/spec/json/client-side-encryption/legacy/fle2v2-validatorAndPartialFieldExpression.json
index 4adf6fc07..901c4dd84 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-validatorAndPartialFieldExpression.json
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-validatorAndPartialFieldExpression.json
@@ -2,7 +2,6 @@
   "runOn": [
     {
       "minServerVersion": "7.0.0",
-      "serverless": "forbid",
       "topology": [
         "replicaset",
         "sharded",
diff --git a/src/test/spec/json/client-side-encryption/legacy/fle2v2-validatorAndPartialFieldExpression.yml b/src/test/spec/json/client-side-encryption/legacy/fle2v2-validatorAndPartialFieldExpression.yml
index fdeb49010..3eb90ea93 100644
--- a/src/test/spec/json/client-side-encryption/legacy/fle2v2-validatorAndPartialFieldExpression.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/fle2v2-validatorAndPartialFieldExpression.yml
@@ -2,7 +2,6 @@
 runOn:
     # Require server version 6.0.0 to get behavior added in SERVER-64911.
     - minServerVersion: "7.0.0"
-      serverless: "forbid"
       # Skip QEv2 (also referred to as FLE2v2) tests on Serverless. Unskip once Serverless enables the QEv2 protocol.
       # FLE 2 Encrypted collections are not supported on standalone.
       topology: [ "replicaset", "sharded", "load-balanced" ]
diff --git a/src/test/spec/json/client-side-encryption/legacy/getMore.json b/src/test/spec/json/client-side-encryption/legacy/getMore.json
index ee99bf753..94e788ef6 100644
--- a/src/test/spec/json/client-side-encryption/legacy/getMore.json
+++ b/src/test/spec/json/client-side-encryption/legacy/getMore.json
@@ -216,7 +216,10 @@
           "command_started_event": {
             "command": {
               "getMore": {
-                "$$type": "long"
+                "$$type": [
+                  "int",
+                  "long"
+                ]
               },
               "collection": "default",
               "batchSize": 2
diff --git a/src/test/spec/json/client-side-encryption/legacy/getMore.yml b/src/test/spec/json/client-side-encryption/legacy/getMore.yml
index 4359ee891..dd246e9fa 100644
--- a/src/test/spec/json/client-side-encryption/legacy/getMore.yml
+++ b/src/test/spec/json/client-side-encryption/legacy/getMore.yml
@@ -48,7 +48,7 @@ tests:
           command_name: find
       - command_started_event:
           command:
-            getMore: { $$type: "long" }
+            getMore: { $$type: [ int, long ] }
             collection: *collection_name
             batchSize: 2
           command_name: getMore