Added lightbox to hard to read graphic

R-C-Stewart · R-C-Stewart · commit 24f30e2df2c4 · 2026-04-09T20:33:04.000-07:00
diff --git a/learn-pr/wwl-sci/evaluate-regulatory-compliance/includes/2-understand-compliance-standards-controls.md b/learn-pr/wwl-sci/evaluate-regulatory-compliance/includes/2-understand-compliance-standards-controls.md
@@ -25,7 +25,7 @@ Other default benchmarks apply for non-Azure clouds. When you connect AWS accoun
 
 A compliance standard consists of multiple compliance controls—logical groups of related security recommendations. Each control represents a specific security requirement from the standard. Defender for Cloud continuously assesses in-scope resources against controls that support automated evaluation.
 
-:::image type="content" source="../media/compliance-hierarchy.png" alt-text="Diagram showing the hierarchy of a compliance standard: standard at the top, decomposed into control domains, each containing individual controls, each with a Pass, Fail, or Not Available assessment state.":::
+:::image type="content" source="../media/compliance-hierarchy.png" alt-text="Diagram showing the hierarchy of a compliance standard: standard at the top, decomposed into control domains, each containing individual controls, each with a Pass, Fail, or Not Available assessment state." lightbox="../media/compliance-hierarchy.png":::
 
 Three assessment states indicate compliance status for each control:
 
@@ -37,7 +37,7 @@ Three assessment states indicate compliance status for each control:
 
 The following diagram shows how these states appear when you drill into a single control. ISO 27001 control A.9.1 breaks into two subcontrols, each with its own assessment state and the specific Defender for Cloud assessments that drive it.
 
-:::image type="content" source="../media/compliance-subcontrol-drilldown.png" alt-text="Diagram showing ISO 27001 control A.9.1 broken into subcontrols A.9.1.1 and A.9.1.2, each with a Pass or Fail status and the specific Defender for Cloud assessments that determine that status.":::
+:::image type="content" source="../media/compliance-subcontrol-drilldown.png" alt-text="Diagram showing ISO 27001 control A.9.1 broken into subcontrols A.9.1.1 and A.9.1.2, each with a Pass or Fail status and the specific Defender for Cloud assessments that determine that status." lightbox="../media/compliance-subcontrol-drilldown.png":::
 
 The third state—greyed out controls—often causes confusion during initial compliance reviews. These controls represent requirements Defender for Cloud can't automate, not missing security coverage. Grayed-out controls typically fall into three categories: procedural or process controls (like security awareness training requirements), platform responsibilities under the shared responsibility model (physical datacenter security), or controls with no implemented automated assessment yet. For Contoso Healthcare, ISO 27001 includes many process-oriented controls that require manual attestation rather than automated validation.
 
