Merge pull request #53176 from ceperezb/CEPEREZB-sc100-design-resiliency

update images

Author: JamesJBarnett

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/includes/1-common-cyberthreats-attack-patterns.md

@@ -17,7 +17,7 @@ Collectively, these are referred to as the threat landscape. Notice that the thr
 
 An attack vector is an entry point or route for an attacker to gain access to a system.
 
-![Diagram showing eight of the most common attack vectors: Email, Social Media, Removable Devices, Browsers, Cloud Services, Insiders, Devices, and Wireless.](/training/wwl-sci/describe-basic-cybersecurity-threats-attacks-mitigations/media/attack-vectors.png)
+:::image type="content" source="../media/attack-vectors.png" alt-text="Diagram showing eight of the most common attack vectors: Email, Social Media, Removable Devices, Browsers, Cloud Services, Insiders, Devices, and Wireless." lightbox="../media/attack-vectors.png":::
 
 Here are some examples of common attack vectors:
 
@@ -41,7 +41,7 @@ Security breaches come in different forms, including the following:
 
 A data breach is when an attacker successfully gains access or control of data. Using the intruder example, this would be similar to that person getting access to, or stealing, vital documents and information inside the building:
 
-![Diagram that shows a thief running from an office building.](/training/wwl-sci/describe-basic-cybersecurity-threats-attacks-mitigations/media/data-breach-v3.png)
+:::image type="content" source="../media/data-breach-v3.png" alt-text="Diagram that shows a thief running from an office building." lightbox="../media/data-breach-v3.png":::
 
 When an attacker achieves a security breach, they'll often want to target data, because it represents vital information. Poor data security can lead to an attacker gaining access and control of data. This can lead to serious consequences for the victim, whether that is a person, organization, or even a government. This is because the victim's data could be abused in many ways. For example, it can be held as ransom or used to cause financial or reputational harm.
 
@@ -51,7 +51,7 @@ An attack chain describes the typical chain of events during an attack that lead
 
 The MCRA includes an attack chain diagram that depicts common techniques related to both external attacks and insider risks, as shown below.
 
-![Diagram of an attack chain M C R A depicting both external attacks and insider risks.](../media/microsoft-cybersecurity-reference-architecture-attack-chain.png)
+:::image type="content" source="../media/microsoft-cybersecurity-reference-architecture-attack-chain.png" alt-text="Diagram of an attack chain M C R A depicting both external attacks and insider risks." lightbox="../media/microsoft-cybersecurity-reference-architecture-attack-chain.png":::
 
 The top portion of this diagram represents common steps seen in many
 external attacks and the Microsoft capabilities that map to each step.

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/includes/2-support-business-resiliency.md

@@ -4,7 +4,7 @@ Focus your security efforts on increasing the resilience of business operations
 
 Resilience requires taking a pragmatic view that assumes a breach. It needs continuous investment across the full lifecycle of security risk.
 
-![Diagram that shows the security resilience Cycle.](/azure/cloud-adoption-framework/secure/media/security-resilience-cycle.png)
+:::image type="content" source="../media/security-resilience-cycle.png" alt-text="Diagram that shows the security resilience Cycle." lightbox="../media/security-resilience-cycle.png":::
 
 -   **Before an incident:** Continuously improve security posture and the organization's ability to respond to an incident. Continuously improving security posture helps limit the likelihood and potential impact of a security incident on your business operations and assets. There are many techniques covered throughout the security disciplines, but all of them are designed to raise the cost of attack. Make the attackers develop and try new techniques because you've made their old ones stop working. These techniques raise their costs and friction, slowing them down and limiting their success.
 -   **During an incident:** Business operations must continue during an incident, even if they're degraded, slower, or limited to only critical systems. During an attack, a hospital can't stop caring for patients, ships need to move cargo, and planes must continue to fly safely. The two main priorities during an incident are:

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/includes/3-ransomware-protection.md

@@ -13,7 +13,7 @@ This phase is designed to minimize the monetary incentive from ransomware attack
 - Easier for your organization to recover from an attack without paying the ransom.
 
 >[!Note]
->While restoring many or all enterprise systems is a difficult endeavor, the alternative of paying an attacker for a recovery key they may or may not deliver, and using tools written by the attackers to try to recover systems and data.
+>While restoring many or all enterprise systems is a difficult endeavor, the alternative is paying an attacker for a recovery key they may or may not deliver, and using tools written by the attackers to try to recover systems and data. Don't fall into that trap.
 >
 
 ## Phase 2. Limit the scope of damage

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/includes/5-security-updates.md

@@ -36,7 +36,7 @@ Update Manager has been redesigned and doesn't depend on Azure Automation or Azu
 
 The following diagram illustrates how Update Manager assesses and applies updates to all Azure machines and Azure Arc-enabled servers for both Windows and Linux.
 
-![Diagram that shows the Update Manager workflow.](../media/update-management-center-overview.png)
+:::image type="content" source="../media/update-management-center-overview.png" alt-text="Diagram that shows the Update Manager workflow." lightbox="../media/update-management-center-overview.png":::
 
 To support management of your Azure VM or non-Azure machine, Update Manager relies on a new [Azure extension](/azure/virtual-machines/extensions/overview) designed to provide the functionality required to interact with the operating system to manage the assessment and application of updates. This extension is automatically installed when you initiate any Update Manager operations, such as **Check for updates**, **Install one-time update**, and **Periodic Assessment** on your machine. The extension supports deployment to Azure VMs or Azure Arc-enabled servers by using the extension framework. The Update Manager extension is installed and managed by using: