Merge pull request #131518 from jdmartinez36/validationworkingbranch

Message fixes: Duplicate alt text validation US1760863

Author: v-dihans

articles/active-directory/privileged-identity-management/azure-ad-custom-roles-configure.md

@@ -43,7 +43,7 @@ Follow these steps to open the settings for an Azure AD role.
 1. Select **Setting** to open the **Settings** page. Select the role for the settings you want to configure.
 1. Select **Edit** to open the **Role settings** page.
 
-    ![Open the Azure AD custom role to edit settings](./media/azure-ad-custom-roles-configure/edit-settings.png)
+    ![Screenshot that shows the "Role setting details" page with the "Edit" action selected.](./media/azure-ad-custom-roles-configure/edit-settings.png)
 
 ## Role settings
 

articles/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow.md

@@ -54,7 +54,7 @@ As a delegated approver, you'll receive an email notification when an Azure AD r
 
 1. Find and select the request that you want to approve. An approve or deny page appears.
 
-    ![Approve requests - approve or deny pane with details and Justification box](./media/azure-ad-pim-approval-workflow/resources-approve-pane.png)
+    ![Screenshot that shows the "Approve requests - Azure AD roles" page.](./media/azure-ad-pim-approval-workflow/resources-approve-pane.png)
 
 1. In the **Justification** box, enter the business justification.
 

articles/active-directory/privileged-identity-management/groups-approval-workflow.md

@@ -41,7 +41,7 @@ As a delegated approver, you'll receive an email notification when an Azure reso
 
 1. Find and select the request that you want to approve and select **Approve**.
 
-    ![Approve requests - approve or deny pane with details and Justification box](./media/groups-approval-workflow/groups-confirm-approval.png)
+    ![Screenshot that shows the "Approve requests" page with the "Approve" and "Confirm" buttons highlighted.](./media/groups-approval-workflow/groups-confirm-approval.png)
 
 1. In the **Justification** box, enter the business justification.
 

articles/active-directory/privileged-identity-management/groups-assign-member-owner.md

@@ -43,7 +43,7 @@ Follow these steps to make a user eligible to be a member or owner of a privileg
 
 1. Select the members or owners you want to make eligible for the privileged access group.
 
-    ![Select a member or group pane](./media/groups-assign-member-owner/add-assignments.png)
+    ![Screenshot that shows the "Add assignments" page with the "Select a member or group" pane open and the "Select" button highlighted.](./media/groups-assign-member-owner/add-assignments.png)
 
 1. Select **Next** to set the membership or ownership duration.
 

articles/active-directory/privileged-identity-management/pim-apis.md

@@ -45,7 +45,7 @@ If you are using the Graph Explorer to test your calls, you can specify the perm
 
 1. Click **modify permissions**.
 
-    ![Graph Explorer - modify permissions](./media/pim-apis/graph-explorer.png)
+    ![Screenshot that shows the "Graph Explorer" page with the "modify permissions" action selected.](./media/pim-apis/graph-explorer.png)
 
 1. Select the checkboxes next to the permissions you want to include. `PrivilegedAccess.ReadWrite.AzureAD` is not yet available in Graph Explorer.
 

articles/active-directory/privileged-identity-management/pim-how-to-add-role-to-user.md

@@ -46,7 +46,7 @@ Follow these steps to make a user eligible for an Azure AD admin role.
 
 1. Select **Roles** to see the list of roles for Azure AD permissions.
 
-    ![Azure AD roles](./media/pim-how-to-add-role-to-user/roles-list.png)
+    ![Screenshot of the "Roles" page with the "Add assignments" action selected.](./media/pim-how-to-add-role-to-user/roles-list.png)
 
 1. Select **Add assignments** to open the **Add assignments** page.
 

articles/active-directory/privileged-identity-management/pim-how-to-change-default-settings.md

@@ -191,7 +191,7 @@ If you want to delegate the required approval to activate a role, follow these s
 
 1. Set the **Require approval** switch to **Enabled**. The pane expands with options to select approvers.
 
-    ![Azure AD roles - Settings - Require approval](./media/pim-how-to-change-default-settings/pim-directory-roles-settings-require-approval.png)
+    ![Screenshot that shows the "Require approval" switch with "Enable" selected.](./media/pim-how-to-change-default-settings/pim-directory-roles-settings-require-approval.png)
 
     If you don't specify any approvers, the Privileged role administrator becomes the default approver and is then required to approve all activation requests for this role.
 

articles/active-directory/privileged-identity-management/pim-how-to-configure-security-alerts.md

@@ -33,7 +33,7 @@ Follow the steps in this article to investigate security alerts for Azure AD rol
 
 # [New version](#tab/new)
 
-![Azure AD roles - Alert pane listing alerts and the severity](./media/pim-how-to-configure-security-alerts/view-alerts.png)
+![Screenshot that shows the "Alerts" page with a list of alerts and their severity.](./media/pim-how-to-configure-security-alerts/view-alerts.png)
 
 ## Security alerts
 

articles/active-directory/privileged-identity-management/pim-how-to-use-audit-log.md

@@ -28,7 +28,7 @@ Beginning in November 2019, the Azure AD roles portion of Privileged Identity Ma
 1. Sign in to the [Azure portal](https://portal.azure.com/) with a user who is in the [Privileged role administrator](../users-groups-roles/directory-assign-admin-roles.md#privileged-role-administrator) role.
 1. Open **Azure AD Privileged Identity Management**. If you have a banner on the top of the overview page, follow the instructions in the **New version** tab of this article. Otherwise, follow the instructions in the **Previous version** tab.
 
-    [![Azure AD roles new version](media/pim-how-to-use-audit-log/directory-roles-audit-history.png "Select the tab for your version")](media/pim-how-to-use-audit-log/directory-roles-audit-history.png)
+    [![Screenshot that shows the "Azure AD roles - Directory roles audit history" page.](media/pim-how-to-use-audit-log/directory-roles-audit-history.png "Select the tab for your version")](media/pim-how-to-use-audit-log/directory-roles-audit-history.png)
 
 # [New version](#tab/new)
 
@@ -119,11 +119,11 @@ Follow these steps to view the audit history for Azure AD roles.
     - See the reason for an audit event in the **Status reason** column.
     - See the approver in the **Initiated by (actor)** column for the "add member to role request approved" event.
 
-    [![Azure AD roles new version](media/pim-how-to-use-audit-log/filter-audit-logs.png "Filter the audit log for the PIM service")](media/pim-how-to-use-audit-log/filter-audit-logs.png)
+    [![Screenshot that shows the "audit logs" page with the "Initiated by (actor) menu open and "PIM" selected.](media/pim-how-to-use-audit-log/filter-audit-logs.png "Filter the audit log for the PIM service")](media/pim-how-to-use-audit-log/filter-audit-logs.png)
 
 1. Select an audit log event to see the ticket number on the **Activity** tab of the **Details** pane.
 
-    [![Azure AD roles new version](media/pim-how-to-use-audit-log/audit-event-ticket-number.png "Check the ticket number for the audit event")](media/pim-how-to-use-audit-log/audit-event-ticket-number.png)
+    [![Screenshot that shows the "Audit logs" page with the ticket number highlighted in the "Details" pane.](media/pim-how-to-use-audit-log/audit-event-ticket-number.png "Check the ticket number for the audit event")](media/pim-how-to-use-audit-log/audit-event-ticket-number.png)
 
 1. You can view the requester (person activating the role) on the **Targets** tab of the **Details** pane for an audit event. There are two target types for Azure AD roles:
 

articles/active-directory/privileged-identity-management/pim-security-wizard.md

@@ -41,7 +41,7 @@ Also, keep role assignments permanent if a user has a Microsoft account (in othe
 
 1. Select **Reduce global administrators**.
 
-    ![Reduce global administrators - Role pane showing all members](./media/pim-security-wizard/new-preview-page.png)
+    ![Screenshot that shows the "Discovery and insights (Preview)" with the "Reduce global administrators" action selected.](./media/pim-security-wizard/new-preview-page.png)
 
 1. Review the list of Global Administrator role assignments.
 

articles/active-directory/saas-apps/workday-inbound-tutorial.md

@@ -123,7 +123,7 @@ In this step, you will create an unconstrained or constrained integration system
 1. Enter create security group in the search box, and then click **Create Security Group**.
 
    > [!div class="mx-imgBorder"]
-   > ![CreateSecurity Group](./media/workday-inbound-tutorial/wd_isu_03.png "CreateSecurity Group")
+   > ![Screenshot that shows "create security group" entered in the search box, and "Create Security Group - Task" displayed in the search results.](./media/workday-inbound-tutorial/wd_isu_03.png)
 2. Complete the **Create Security Group** task. 
 
    * There are two types of security groups in Workday:
@@ -148,7 +148,7 @@ In this step, you'll grant "domain security" policy permissions for the worker d
 
 1. Enter **Domain Security Configuration** in the search box, and then click on the link **Domain Security Configuration Report**.  
    >[!div class="mx-imgBorder"]
-   >![Domain Security Policies](./media/workday-inbound-tutorial/wd_isu_06.png "Domain Security Policies")  
+   >![Screenshot that shows "domain security configuration" in the search box, with "Domain Security Configuration - Report" displayed in the results.](./media/workday-inbound-tutorial/wd_isu_06.png "Domain Security Policies")  
 2. In the **Domain** text box, search for the following domains and add them to the filter one by one.  
    * *External Account Provisioning*
    * *Worker Data: Workers*
@@ -160,10 +160,10 @@ In this step, you'll grant "domain security" policy permissions for the worker d
    * *Workday Accounts*
 
      >[!div class="mx-imgBorder"]
-     >![Domain Security Policies](./media/workday-inbound-tutorial/wd_isu_07.png "Domain Security Policies")  
+     >![Screenshot that shows the Domain Security Configuration report with the "External Account" in the "Domain" text box.](./media/workday-inbound-tutorial/wd_isu_07.png "Domain Security Policies")  
 
      >[!div class="mx-imgBorder"]
-     >![Domain Security Policies](./media/workday-inbound-tutorial/wd_isu_08.png "Domain Security Policies") 
+     >![Screenshot that shows the Domain Security Configuration report with a list of domains selected.](./media/workday-inbound-tutorial/wd_isu_08.png "Domain Security Policies") 
 
      Click **OK**.
 
@@ -173,7 +173,7 @@ In this step, you'll grant "domain security" policy permissions for the worker d
 
 4. On the **Edit Domain Security Policy Permissions** page, scroll down to the section **Integration Permissions**. Click on the "+" sign to add the integration system group to the list of security groups with **Get** and **Put** integration permissions.
    >[!div class="mx-imgBorder"]
-   >![Edit Permission](./media/workday-inbound-tutorial/wd_isu_10.png "Edit Permission")  
+   >![Screenshot that shows the "Integration Permissons" section highlighted.](./media/workday-inbound-tutorial/wd_isu_10.png "Edit Permission")  
 
 5. Click on the "+" sign to add the integration system group to the list of security groups with **Get** and **Put** integration permissions.
 
@@ -204,12 +204,12 @@ In this step, you'll grant "business process security" policy permissions for th
 1. Enter **Business Process Policy** in the search box, and then click on the link **Edit Business Process Security Policy** task.  
 
    >[!div class="mx-imgBorder"]
-   >![Business Process Security Policies](./media/workday-inbound-tutorial/wd_isu_12.png "Business Process Security Policies")  
+   >![Screenshot that shows "Business Process Policy" in the search box and "Edit Business Process Security Policy - Task" selected.](./media/workday-inbound-tutorial/wd_isu_12.png "Business Process Security Policies")  
 
 2. In the **Business Process Type** textbox, search for *Contact* and select **Work Contact Change** business process and click **OK**.
 
    >[!div class="mx-imgBorder"]
-   >![Business Process Security Policies](./media/workday-inbound-tutorial/wd_isu_13.png "Business Process Security Policies")  
+   >![Screenshot that shows the "Edit Business Process Security Policy" page and "Work Contact Change" selected in the "Business Process Type" menu.](./media/workday-inbound-tutorial/wd_isu_13.png "Business Process Security Policies")  
 
 3. On the **Edit Business Process Security Policy** page, scroll to the **Change Work Contact Information (Web Service)** section.
 
@@ -409,7 +409,7 @@ In this step, we establish connectivity with Workday and Active Directory in the
    * Click the **Test Connection** button. If the connection test succeeds, click the **Save** button at  the top. If it fails, double-check that the Workday credentials and the AD credentials configured on the agent setup are valid.
 
      >[!div class="mx-imgBorder"]
-     >![Azure portal](./media/workday-inbound-tutorial/wd_1.png)
+     >![Screenshot that shows  the "Provisioning" page with credentials entered.](./media/workday-inbound-tutorial/wd_1.png)
 
    * Once the credentials are saved successfully, the **Mappings** section will display the default mapping **Synchronize Workday Workers to On Premises Active Directory**
 
@@ -478,7 +478,7 @@ In this section, you will configure how user data flows from Workday to Active D
 
 1. To save your mappings, click **Save** at the top of the  Attribute-Mapping section.
    >[!div class="mx-imgBorder"]
-   >![Azure portal](./media/workday-inbound-tutorial/wd_2.png)
+   >![Screenshot that shows the "Attribute Mapping" page with the "Save" action selected.](./media/workday-inbound-tutorial/wd_2.png)
 
 #### Below are some example attribute mappings between Workday and Active Directory, with some common expressions
 
@@ -943,11 +943,11 @@ When you click on any of the audit log records, the **Activity Details** page op
 
   Look for a HTTP POST record corresponding to the timestamp of the export operation with *Event ID = 2*. This record will contain the attribute values sent by the provisioning service to the provisioning agent.
 
-  [![SCIM Add](media/workday-inbound-tutorial/wd_event_viewer_05.png)](media/workday-inbound-tutorial/wd_event_viewer_05.png#lightbox)
+  :::image type="content" source="media/workday-inbound-tutorial/wd_event_viewer_05.png" alt-text="Screenshot that shows the 'HTTP POST' record in the 'Provisioning Agent' log." lightbox="media/workday-inbound-tutorial/wd_event_viewer_05.png":::
 
   Immediately following the above event, there should be another event that captures the response of the create AD account operation. This event returns the new objectGuid created in AD and it is set as the TargetAnchor attribute in the provisioning service.
 
-  [![SCIM Add](media/workday-inbound-tutorial/wd_event_viewer_06.png)](media/workday-inbound-tutorial/wd_event_viewer_06.png#lightbox)
+  :::image type="content" source="media/workday-inbound-tutorial/wd_event_viewer_06.png" alt-text="Screenshot that shows the 'Provisioning Agent' log with the objectGuid created in AD highlighted." lightbox="media/workday-inbound-tutorial/wd_event_viewer_06.png":::
 
 ### Understanding logs for manager update operations
 
@@ -1041,14 +1041,14 @@ To do this change, you must use [Workday Studio](https://community.workday.com/s
 
 5. Select **External**, and select the Human_Resources WSDL file you downloaded in step 2.
 
-    ![Workday Studio](./media/workday-inbound-tutorial/wdstudio1.png)
+    ![Screenshot that shows the "Human_Resources" file open in Workday Studio.](./media/workday-inbound-tutorial/wdstudio1.png)
 
 6. Set the **Location** field to `https://IMPL-CC.workday.com/ccx/service/TENANT/Human_Resources`, but replacing "IMPL-CC" with your actual instance type, and "TENANT" with your real tenant name.
 
 7. Set **Operation** to **Get_Workers**
 
 8.    Click the small **configure** link below the Request/Response panes to set your Workday credentials. Check **Authentication**, and then enter the user name and password for your Workday integration system account. Be sure to format the user name as name\@tenant, and leave the **WS-Security UsernameToken** option selected.
-   ![Workday Studio](./media/workday-inbound-tutorial/wdstudio2.png)
+   ![Screenshot that shows the "Security" tab with the "Username" and "Password" entered, and "WS-Security Username Token" selected.](./media/workday-inbound-tutorial/wdstudio2.png)
 
 9. Select **OK**.
 
@@ -1087,7 +1087,7 @@ To do this change, you must use [Workday Studio](https://community.workday.com/s
 
 13. In the command bar of Workday Studio, select **File > Open File...** and open the XML file you saved. This action will open the file in the Workday Studio XML editor.
 
-    ![Workday Studio](./media/workday-inbound-tutorial/wdstudio3.png)
+    ![Screenshot of an X M L file open in the "Workday Studio X M L editor".](./media/workday-inbound-tutorial/wdstudio3.png)
 
 14. In the file tree, navigate through **/env: Envelope > env: Body > wd:Get_Workers_Response > wd:Response_Data > wd: Worker** to find your user's data.
 
@@ -1113,7 +1113,7 @@ To do this change, you must use [Workday Studio](https://community.workday.com/s
 
 5. Select **Edit attribute list for Workday**.
 
-    ![Workday Studio](./media/workday-inbound-tutorial/wdstudio_aad1.png)
+    ![Screenshot that shows the "Workday to Azure A D User Provisioning - Provisioning" page with the "Edit attribute list for Workday" action highlighted.](./media/workday-inbound-tutorial/wdstudio_aad1.png)
 
 6. Scroll to the bottom of the attribute list to where the input fields are.
 

articles/azure-functions/functions-create-private-site-access.md

@@ -68,7 +68,7 @@ The first step in this tutorial is to create a new virtual machine inside a virt
 1. Choose the _Networking_ tab and select **Create new** to configure a new virtual network.
 
     >[!div class="mx-imgBorder"]
-    >![Create a new virtual network for the new VM](./media/functions-create-private-site-access/create-vm-networking.png)
+    >![Screenshot that shows the "Networking" tab with the "Create new" action highlighted in the "Virtual network" section.](./media/functions-create-private-site-access/create-vm-networking.png)
 
 1. In _Create virtual network_, use the settings in the table below the image:
 

articles/azure-functions/functions-debug-event-grid-trigger-local.md

@@ -48,7 +48,7 @@ ngrok http -host-header=localhost 7071
 ```
 As the utility is set up, the command window should look similar to the following screenshot:
 
-![Start ngrok](./media/functions-debug-event-grid-trigger-local/functions-debug-event-grid-trigger-local-ngrok.png)
+![Screenshot that shows the Command Prompt after starting the "ngrok" utility.](./media/functions-debug-event-grid-trigger-local/functions-debug-event-grid-trigger-local-ngrok.png)
 
 Copy the **HTTPS** URL generated when *ngrok* is run. This value is used when configuring the event grid event endpoint.
 

articles/azure-functions/functions-deployment-slots.md

@@ -109,7 +109,7 @@ You can swap slots via the [CLI](/cli/azure/functionapp/deployment/slot?view=azu
 1. Navigate to the function app.
 1. Select **Deployment slots**, and then select **Swap**.
 
-    :::image type="content" source="./media/functions-deployment-slots/functions-swap-deployment-slot.png" alt-text="Swap the deployment slot." border="true":::
+    :::image type="content" source="./media/functions-deployment-slots/functions-swap-deployment-slot.png" alt-text="Screenshot that shows the 'Deployment slot' page with the 'Add Slot' action selected." border="true":::
 
 1. Verify the configuration settings for your swap and select **Swap**
 
@@ -131,7 +131,7 @@ You can remove a slot via the [CLI](/cli/azure/functionapp/deployment/slot?view=
 
 1. Select **Delete**.
 
-    :::image type="content" source="./media/functions-deployment-slots/functions-delete-deployment-slot.png" alt-text="Delete the deployment slot in the Azure portal." border="true":::
+    :::image type="content" source="./media/functions-deployment-slots/functions-delete-deployment-slot.png" alt-text="Screenshot that shows the 'Overview' page with the 'Delete' action selected." border="true":::
 
 1. Type the name of the deployment slot you want to delete, and then select **Delete**.
 

articles/azure-functions/functions-manually-run-non-http.md

@@ -43,7 +43,7 @@ You use this request location in Postman along with the function's master key in
 
 1. After copying the *_master* key, select **Code + Test**, and then select **Logs**. You'll see messages from the function logged here when you manually run the function from Postman.
 
-    :::image type="content" source="./media/functions-manually-run-non-http/azure-portal-function-log.png" alt-text="View the logs to see the master key test results." border="true":::
+    :::image type="content" source="./media/functions-manually-run-non-http/azure-portal-function-log.png" alt-text="Screenshot that shows the 'Code + Test' page with a message from the logs displayed." border="true":::
 
 > [!CAUTION]  
 > Due to the elevated permissions in your function app granted by the master key, you should not share this key with third parties or distribute it in an application. The key should only be sent to an HTTPS endpoint.