Update notes

Author: maxvp

src/content/docs/cloudflare-one/policies/gateway/managed-service-providers.mdx

@@ -15,7 +15,7 @@ The Tenant platform only supports Gateway DNS policies.
 
 ## Get started
 
-{/* <!-- How much of the policy creation flow do we need to surface here? --> */}
+{/* Don't need to surface much of the policy creation flow here */}
 
 To set up the Tenant API, refer to [Get started](/tenant/get-started/).
 
@@ -27,14 +27,14 @@ The Gateway Tenant platform supports tiered and siloed accounts.
 
 ### Tiered accounts
 
-{/* <!-- TODO: convert first diagram from blog post to mermaid flowchart --> */}
+{/* TODO: convert first diagram from blog post to mermaid flowchart */}
 
 In a tiered account configuration, a top-level parent account enforces global security policies that apply to all of its child accounts. Child accounts can override or add policies as needed while still managed by the parent account.
 
 Gateway evaluates parent account policies before a child account policies. To allow a child account to override a parent account's policy, you can use the [Update a Zero Trust Gateway rule](/api/resources/zero_trust/subresources/gateway/subresources/rules/methods/update/) endpoint to set the policy's `allow_child_bypass` rule setting to `true`.
 
 ### Siloed accounts
 
-{/* <!-- TODO: convert second diagram from blog post to mermaid flowchart --> */}
+{/* TODO: convert second diagram from blog post to mermaid flowchart */}
 
 Each account operates independently within the same tenant. Each account manages its own security policies, resources, and configurations separately.