Update migration guide

Author: pedrosousa

src/content/docs/waf/reference/migration-guides/exposed-credentials-check-migration.mdx

@@ -9,14 +9,16 @@ import { Render } from "~/components";
 
 This guide describes the general steps to migrate your [Exposed Credentials Check](/waf/managed-rules/check-for-exposed-credentials/) configuration to the new [leaked credentials detection](/waf/detections/leaked-credentials/).
 
-Cloudflare recommends that customers still using the Exposed Credentials Check feature migrate to the new leaked credentials detection. This applies both to users that have deployed the [Cloudflare Exposed Credentials Check Ruleset](/waf/managed-rules/reference/exposed-credentials-check/) and users that have [created custom rules checking for exposed credentials](/waf/managed-rules/check-for-exposed-credentials/#exposed-credentials-checks-in-custom-rules).
+Cloudflare recommends that customers migrate to the new leaked credentials detection, which offers the following advantages:
 
-The leaked credentials detection offers the following advantages over Exposed Credentials Check:
-
-- The detection uses a comprehensive database of leaked credentials, containing over 15 billion passwords.
-- After enabling the feature, you can review the amount of incoming requests with leaked credentials in Security Analytics, even before creating any mitigation rules.
+- Uses a comprehensive database of leaked credentials, containing over 15 billion passwords.
+- After enabling the detection, you can review the amount of incoming requests containing leaked credentials in Security Analytics, even before creating any mitigation rules.
 - You can take action on the requests containing leaked credentials using WAF features like rate limiting rules or custom rules.
 
+:::note
+This migration guide applies to customers migrating from Exposed Credentials Check at the zone level.
+:::
+
 ## 1. Turn off Exposed Credentials Check
 
 If you had deployed the Cloudflare Exposed Credentials Check managed ruleset:
@@ -25,8 +27,6 @@ If you had deployed the Cloudflare Exposed Credentials Check managed ruleset:
 2. Go to **Security** > **WAF** > **Managed rules**.
 3. Under **Managed rules**, edit the rule that executes the Cloudflare Exposed Credentials Check Ruleset and take note of the current configuration (namely the performed action). Next, delete (or turn off) that rule.
 
-If you had created [custom rules that checked for exposed credentials](/waf/managed-rules/check-for-exposed-credentials/configure-api/#create-a-custom-rule-checking-for-exposed-credentials), you should delete these specific rules after taking note of their configuration for the next steps. Custom rules checking for exposed credentials were only available at the account level and could only be configured via API.
-
 :::note
 While Exposed Credentials Check and leaked credentials detection can work side by side, enabling both features will increase the latency on incoming requests related to authentication.
 :::
@@ -43,12 +43,6 @@ Based on your previous configuration, do one of the following:
 
 - If you were using a different action: Create a [custom rule](/waf/custom-rules/) with an action equivalent to the one you were using. The rule should match `User and password leaked is true` (if you are using the expression editor, enter `(cf.waf.credential_check.username_and_password_leaked)`).
 
-If you had configured custom rules at the account level checking for exposed credentials:
-
-1. (Optional) Configure [custom detection locations](/waf/detections/leaked-credentials/get-started/#4-optional-configure-a-custom-detection-location) for leaked credentials detection. This step may not be necessary if the authentication requests are from well-known web applications or follow common web authentication patterns.
-
-2. Create custom rules that perform an equivalent action to the rules you had previously configured. You can used leaked credentials fields in custom rules at the account or at the zone level.
-
 ---
 
 ## More resources