Update validate-jwt-policy.md

Author: dlepow

articles/api-management/validate-jwt-policy.md

@@ -121,7 +121,7 @@ The `validate-jwt` policy enforces existence and validity of a supported JSON we
     	* If used in the policy, the key must be provided inline within the policy in the Base64-encoded form.
     * **Asymmetric** - The following encryption algorithms are supported: PS256, RS256, RS512, ES256. 
     	* If used in the policy, the key may be provided either via an OpenID configuration endpoint, or by providing the ID of an uploaded certificate (in PFX format) that contains the public key, or the modulus-exponent pair of the public key.
-* For an API Management instance that's injected or integrated in a virtual network, any OpenID configuration endpoints configured in the policy must be reachable and resolvable by the gateway at runtime.
+* If the API Management instance is injected or integrated in a virtual network, any OpenID configuration endpoint URLs configured in the policy must be reachable by the gateway.
 * To configure the policy with one or more OpenID configuration endpoints for use with a self-hosted gateway, the OpenID configuration endpoints URLs must also be reachable by the cloud gateway.
 * You can use access restriction policies in different scopes for different purposes. For example, you can secure the whole API with Microsoft Entra authentication by applying the `validate-jwt` policy on the API level, or you can apply it on the API operation level and use `claims` for more granular control.
 * When using a custom header (`header-name`), the configured required scheme (`require-scheme`) will be ignored. To use a required scheme, JWTs must be provided in the `Authorization` header.