fixed pr-review alttext issue

Co-authored-by: Copilot <[email protected]>

Author: R-C-Stewart

learn-pr/wwl-sci/implement-defender-databases/includes/2-explore-defender-databases-capabilities.md

@@ -1,6 +1,6 @@
 Platform security controls and auditing logs are foundational, but they don't alert you when an attack is in progress or when an AI service begins querying sensitive data in unusual patterns. Microsoft Defender for Databases fills this gap by providing active threat detection, real-time alerts, and automated vulnerability scanning across your database workloads. At Contoso Financial Services, the security team needs to determine which plans to enable and how to configure detection policies.
 
-:::image type="content" source="../media/defender-databases-capabilities.png" alt-text="Diagram showing the Defender for Databases plans with their coverage, shared threat detection capabilities, and MITRE ATT&CK mapping." lightbox="../media/defender-databases-capabilities.png":::
+:::image type="content" source="../media/defender-databases-capabilities.png" alt-text="Diagram of Defender for Databases plans, coverage, shared threat detection capabilities, and MITRE ATT&CK mapping." lightbox="../media/defender-databases-capabilities.png":::
 
 | Plan | Coverage |
 |------|----------|

learn-pr/wwl-sci/implement-defender-databases/includes/4-enable-defender-open-source-databases.md

@@ -1,6 +1,6 @@
 Defender for Cloud extends threat detection beyond Azure SQL Database to include open-source relational database services. Contoso Financial Services runs Azure Database for PostgreSQL as a secondary customer portal database, which currently sits outside the SQL threat detection coverage you configured in the previous unit.
 
-:::image type="content" source="../media/open-source-database-coverage.png" alt-text="Coverage map showing which Azure and Amazon Rational Database Service (RDS) are protected by Defender for open-source relational databases and which aren't covered." lightbox="../media/open-source-database-coverage.png":::
+:::image type="content" source="../media/open-source-database-coverage.png" alt-text="Diagram of Azure and Amazon RDS database types covered by Defender for open-source relational databases." lightbox="../media/open-source-database-coverage.png":::
 
 | Coverage | Included | Not included |
 |----------|----------|--------------|

learn-pr/wwl-sci/implement-defender-databases/includes/5-configure-vulnerability-assessment.md

@@ -1,6 +1,6 @@
 When you enable Defender for Azure SQL Databases, vulnerability assessment automatically becomes available to scan your databases for security misconfigurations and known vulnerabilities. For Contoso Financial Services, the first scan reveals the current security posture of the banking database before the regulator review.
 
-:::image type="content" source="../media/vulnerability-assessment-workflow.png" alt-text="Workflow diagram showing the vulnerability assessment process from enabling Defender through express configuration, autoscan, severity-categorized findings, and remediation or baseline actions." lightbox="../media/vulnerability-assessment-workflow.png":::
+:::image type="content" source="../media/vulnerability-assessment-workflow.png" alt-text="Diagram of the vulnerability assessment workflow from Defender enablement through autoscan, findings, and remediation." lightbox="../media/vulnerability-assessment-workflow.png":::
 
 ## Choose express configuration
 

learn-pr/wwl-sci/implement-defender-databases/includes/6-configure-alert-routing-validate-coverage.md

@@ -1,6 +1,6 @@
 Defender for Databases generates security alerts in Microsoft Defender for Cloud, but those alerts don't automatically reach the people who need to respond to them. At Contoso Financial Services, the security team enabled Defender for Azure SQL Databases and Defender for open-source relational databases across production subscriptions. Now you configure where alerts go, create suppression rules for expected behavior patterns, and validate that the detection pipeline works end-to-end.
 
-:::image type="content" source="../media/alert-routing-pipeline.png" alt-text="Diagram showing how Defender for Databases detections flow through alert generation, suppression rules, and routing to email notifications and Microsoft Sentinel." lightbox="../media/alert-routing-pipeline.png":::
+:::image type="content" source="../media/alert-routing-pipeline.png" alt-text="Diagram of Defender for Databases detections flowing through alert generation, suppression rules, and routing to email and Microsoft Sentinel." lightbox="../media/alert-routing-pipeline.png":::
 
 | Destination | Configuration method | Purpose |
 |-------------|---------------------|---------|
@@ -63,11 +63,11 @@ This validation confirms that when a real incident occurs, the right people rece
 
 Before handing off the implementation:
 
-- [ ] Defender for Azure SQL Databases is enabled on all production subscriptions
-- [ ] Defender for open-source relational databases is enabled on all subscriptions with PostgreSQL or MySQL
-- [ ] Email notifications route to the SOC team distribution list
-- [ ] Microsoft Sentinel data connector is active and Defender for Databases incidents appear in Microsoft Sentinel
-- [ ] Suppression rules are scoped correctly and have expiration dates set
-- [ ] Sample alerts are generated and validated end-to-end
+- Defender for Azure SQL Databases is enabled on all production subscriptions
+- Defender for open-source relational databases is enabled on all subscriptions with PostgreSQL or MySQL
+- Email notifications route to the SOC team distribution list
+- Microsoft Sentinel data connector is active and Defender for Databases incidents appear in Microsoft Sentinel
+- Suppression rules are scoped correctly and have expiration dates set
+- Sample alerts are generated and validated end-to-end
 
 With alert routing configured and validated, the security operations team receives Defender for Databases detections in the systems they use for incident management. Your implementation connects detection to response. This foundation enables database security operations at Contoso.