Update src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx

Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com>

Author: securitypedant

src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx

@@ -113,7 +113,7 @@ Finally, SaaS applications are accessible over the Internet, allowing any device
 
 For SaaS applications that do not support SSO or organizations that are already implementing IP allow lists to secure access to SaaS applications, implementing dedicated egress IPs is the most straightforward approach to enhance access security to SaaS applications, without impacting the user experience.
 
-Organizations that would like to simplify their onboarding/offboarding of users to applications and standardize ZTNA policies, should consider implementing Cloudflare’s ZTNA solution for both self-hosted and SaaS applications. In such scenarios, it might still be relevant to consider dedicated egress IPs for a subset of critical SaaS applications. As egress policies operate at the network and transport layers, their enforcement is almost real-time. [For example](/cloudflare-one/tutorials/m365-dedicated-egress-ips/#protect-access-to-microsoft-365-with-dedicated-egress-ips), consider an egress policy for a specific SaaS application that accounts for posture status from an external endpoint management solution. If a device becomes compromised and its posture status becomes non-compliant, the egress policy will no longer match. This results in the user of that device losing access to the SaaS application, as traffic will no longer be sourced from the dedicated egress IP.
+Organizations that would like to simplify their onboarding/offboarding of users to applications and standardize ZTNA policies should consider implementing Cloudflare's ZTNA solution for both self-hosted and SaaS applications. In such scenarios, it might still be relevant to consider dedicated egress IPs for a subset of critical SaaS applications. As egress policies operate at the network and transport layers, their enforcement is almost real-time. [For example](/cloudflare-one/tutorials/m365-dedicated-egress-ips/#protect-access-to-microsoft-365-with-dedicated-egress-ips), consider an egress policy for a specific SaaS application that accounts for posture status from an external endpoint management solution. If a device becomes compromised and its posture status becomes non-compliant, the egress policy will no longer match. This results in the user of that device losing access to the SaaS application, as traffic will no longer be sourced from the dedicated egress IP.
 
 Finally, organizations that have already integrated all their SaaS applications with an IdP for SSO, can still consider adding IP allow lists with dedicated egress IPs for a subset of applications for the same reason as detailed before.