diff --git a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md b/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md
index 64f864d6b9..9946d1fe40 100644
--- a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md
+++ b/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md
@@ -32,6 +32,11 @@ This guide explains how to configure AWS to trust {% data variables.product.prod
   <!-- This note is indented to align with the above reusable. -->
   {% note %}
 
+  **Note:** You can restrict access to the OIDC endpoints by allowing only [AWS IP address ranges](https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html).
+
+  {% endnote %}
+  {% note %}
+
   **Note:** {% data variables.product.prodname_dotcom %} does not natively support AWS session tags.
 
   {% endnote %}
diff --git a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md b/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md
index f6d406b7b0..8f02dc0c9e 100644
--- a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md
+++ b/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md
@@ -10,7 +10,7 @@ type: tutorial
 topics:
   - Security
 ---
- 
+
 {% data reusables.actions.enterprise-github-hosted-runners %}
 
 ## Overview
diff --git a/data/reusables/actions/oidc-endpoints.md b/data/reusables/actions/oidc-endpoints.md
index f29480e765..005015a1fe 100644
--- a/data/reusables/actions/oidc-endpoints.md
+++ b/data/reusables/actions/oidc-endpoints.md
@@ -1,3 +1,3 @@
-- You must enable the following publicly accessible endpoints:
+- You must ensure the following OIDC endpoints are accessible by your cloud provider:
   - `https://HOSTNAME/_services/token/.well-known/openid-configuration`
   - `https://HOSTNAME/_services/token/.well-known/jwks`