Update src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx

Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com>

Author: securitypedant

src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx

@@ -454,7 +454,7 @@ And now let's define the policy.
 | Device Posture \- Serial Number List | Company Managed Device Serial Numbers |
 | External Evaluation                  | \[Time Evaluator URL\]                |
 
-Inside the policy, we’ve made this application available to our new access group for IT Admins. Under “Require,” we’re enforcing the use of Cloudflare WARP specifically (as opposed to only Cloudflare Gateway); the user must be on a company-managed device, with an active device client that’s authenticated to the company’s instance of Cloudflare, MFA must be used during login, and there is an additional option below for external evaluation.
+Inside the policy, we've made this application available to our new access group for IT Admins. Under "Require," we're enforcing the use of Cloudflare WARP specifically (as opposed to only Cloudflare Gateway); the user must be on a company-managed device, with an active device client that's authenticated to the company's instance of Cloudflare, MFA must be used during login, and there is an additional option below for external evaluation.
 
 [External evaluation](/cloudflare-one/policies/access/external-evaluation/) means we have an API endpoint containing some sort of [access logic](https://github.com/cloudflare/workers-access-external-auth-example) — in this case, time of day access. We’re making an API call to this endpoint, and defining the key that Cloudflare is using to verify that the response came from the API. This is useful for several reasons: