Update deployment-safeguards-in-azure-kubernetes-service.md

przlplx · web-flow · commit 2c8f03050eb7 · 2025-07-15T14:41:16.000-07:00
diff --git a/support/azure/azure-kubernetes/extensions/deployment-safeguards-in-azure-kubernetes-service.md b/support/azure/azure-kubernetes/extensions/deployment-safeguards-in-azure-kubernetes-service.md
@@ -48,16 +48,16 @@ To disable deployment safeguards entirely, run the following command:
 
 ### Why can I turn on Deployment Safeguards without Azure Policy permissions?
 
-Deployment Safeguards uses Azure Policy as an implementation detail. To turn on Deployment Safeguards on an AKS cluster, you do not have to have the
+Deployment Safeguards uses Azure Policy as an implementation detail. To turn on Deployment Safeguards on an AKS cluster, you don't have to have the
 correct permissions to assign or delete Azure Policies.
 
 ## 4. Why does my deployment resource get admitted even though it doesn\'t follow best practices?
 
-Deployment safeguards enforce best practice standards through Azure Policy controls. It has policies that validate against Kubernetes resources. To evaluate and enforce cluster components, Azure Policy extends [Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/). Gatekeeper enforcement also currently operates in a [fail-open model](https://open-policy-agent.github.io/gatekeeper/website/docs/failing-closed/#considerations). Because there are no guarantee that Gatekeeper will respond to our networking call, we make sure that, in this case, the validation is skipped so that the denial doesn't block your deployments.
+Deployment safeguards enforce best practice standards through Azure Policy controls. It has policies that validate against Kubernetes resources. To evaluate and enforce cluster components, Azure Policy extends [Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/). Gatekeeper enforcement also currently operates in a [fail-open model](https://open-policy-agent.github.io/gatekeeper/website/docs/failing-closed/#considerations). There are no guarantees that Gatekeeper will respond to our networking call. Therefore, we make sure that the validation doesn't run in such cases so that the denial doesn't block your deployments.
 
 ## Additional tips
 
-- All safeguard policies are bundled. They cannot be individually toggled.
+- All safeguard policies are bundled. They can't be individually toggled.
 
 - Use the [AKS GitHub repo](https://github.com/Azure/AKS/issues) to request new safeguard features.
 
