docs: update cloud networking on proxy service

docs/pages/reference/networking.mdx

@@ -36,21 +36,21 @@ following use cases:
 </TabItem>
 <TabItem scope={["cloud", "team"]} label="Cloud-Hosted">
 
-All Teleport services (e.g., the Application Service and Database Service) have
-an optional `public_addr` property that you can modify in each service's
-configuration file. The public address can take an IP or a DNS name. It can also
-be a list of values:
+On Teleport Enterprise (Cloud), you can choose the sub-domain of
+the domain `teleport.sh` for your account. That fully qualified domain name
+(e.g., `example.teleport.sh`) is managed by Teleport for your account 
+along with any sub-domains assigned to Teleport-protected applications (e.g., `grafana.example.teleport.sh`).
+
+The public address (`public_addr`) for the Teleport Application Service is configurable. In the case of web applications, the public address must be a subdomain of the Teleport account URL
+since the domain and TLS certificates are maintained by Teleport.
 
 ```yaml
-public_addr: ["service-one.example.com", "service-two.example.com"]
+public_addr: "myapp.example.teleport.sh"
 ```
 
-Specifying a public address for a Teleport agent may be useful in the
-following use cases:
+For TCP applications you can specify a fully qualified domain name outside of `teleport.sh` in combination
+with [VNet](../enroll-resources/application-access/guides/vnet.mdx) since that domain is served via your machine's local network.
 
-- You have multiple identical services behind a load balancer.
-- You want Teleport to issue an SSH certificate for the service with additional
-  principals, e.g., host names.
 </TabItem>
 </Tabs>