Address PR review issues

Author: lauradolan

articles/confidential-computing/confidential-computing-deployment-models.md

@@ -6,7 +6,7 @@ ms.service: virtual-machines
 ms.subservice: confidential-computing
 ms.workload: infrastructure
 ms.topic: conceptual
-ms.date: 11/03/2021
+ms.date: 11/04/2021
 ms.author: JenCook
 ms.custom: ignite-fall-2021
 ---
@@ -39,7 +39,7 @@ Containers also increase portability of applications, and improve resource usage
 Normally, you might deploy your solution on confidential VMs if:
 
 - You've got legacy applications that cannot be modified or containerized. However, you still need to introduce protection of data in memory, while the data is being processed.
-- You're running multiple applications requiring different operating systems (OSes) on a single piece of infrastructure.
+- You're running multiple applications requiring different operating systems (OS) on a single piece of infrastructure.
 - You want to emulate an entire computing environment, including all OS resources.
 - You're migrating your existing VMs from on-premises to Azure.
 

articles/confidential-computing/confidential-containers.md

@@ -4,7 +4,7 @@ description: Learn about unmodified container support with confidential containe
 services: container-service
 author: agowdamsft
 ms.topic: article
-ms.date: 11/03/2011
+ms.date: 11/04/2021
 ms.author: amgowda
 ms.service: container-service
 ms.custom: ignite-fall-2021
@@ -18,8 +18,6 @@ A hardware-based Trusted Execution Environment (TEE) provides strong assurances.
 
 Confidential containers support custom applications developed with any programming languages. You can also run Docker container apps off the shelf.
 
-![Diagram of confidential container protection boundary in Kubernetes.]()
-
 :::image type="content" source="./media/confidential-containers/sgx-confidential-container.png" alt-text="Diagram of confidential container protection boundary in Kubernetes, showing no access for admins.":::
 
 ## Enablers with Intel SGX on Azure Kubernetes Service(AKS)

articles/confidential-computing/confidential-nodes-aks-overview.md

@@ -6,7 +6,7 @@ author: agowdamsft
 ms.service: container-service
 ms.subservice: confidential-computing
 ms.topic: overview
-ms.date: 11/03/2021
+ms.date: 11/04/2021
 ms.author: amgowda
 ms.custom: ignite-fall-2021
 ---
@@ -19,7 +19,7 @@ ms.custom: ignite-fall-2021
 
 Azure Kubernetes Service (AKS) supports adding [DCsv2 confidential computing nodes](confidential-computing-enclaves.md) powered by Intel SGX. These nodes allow you to run sensitive workloads within a hardware-based trusted execution environment (TEE). TEE’s allow user-level code from containers to allocate private regions of memory to execute the code with CPU directly. These private memory regions that execute directly with CPU are called enclaves. Enclaves help protect the data confidentiality, data integrity and code integrity from other processes running on the same nodes. The Intel SGX execution model also removes the intermediate layers of Guest OS, Host OS and Hypervisor thus reducing the attack surface area. The *hardware based per container isolated execution* model in a node allows applications to directly execute with the CPU, while keeping the special block of memory encrypted per container. Confidential computing nodes with confidential containers are a great addition to your zero trust security planning and defense-in-depth container strategy.
 
-:::image type="content" source="./media/confidential-nodes-aks-overview/sgxaksnode.png" alt-text="Graphic of AKS Confidential Compute Node, showing confidential containers with code and data secured inside.":::
+:::image type="content" source="./media/confidential-nodes-aks-overview/sgx-aks-node.png" alt-text="Graphic of AKS Confidential Compute Node, showing confidential containers with code and data secured inside.":::
 
 ## AKS Confidential Nodes Features
 

articles/confidential-computing/media/confidential-containers/confidential-containers-deploy-steps.png

@@ -6,7 +6,7 @@ ms.service: virtual-machines
 ms.subservice: confidential-computing
 ms.workload: infrastructure
 ms.topic: overview
-ms.date: 11/03/2021
+ms.date: 11/04/2021
 ms.author: JenCook
 ms.custom: ignite-fall-2021
 ---
@@ -25,8 +25,6 @@ When used with data encryption at rest and in transit, confidential computing el
 
 [Microsoft's offerings](https://aka.ms/azurecc) for confidential computing extend from Infrastructure as a Service (IaaS) to Platform as a Service (PaaS) and as well as developer tools to support your journey to data and code confidentiality in the cloud.
 
-:::image type="content" source="media/overview-azure-products/acc-stack.png" alt-text="Screenshot of the Azure confidential computing stack, showing tools and services.":::
-
 ## Reducing the attack surface
 The trusted computing base (TCB) refers to all of a system's hardware, firmware, and software components that provide a secure environment. The components inside the TCB are considered "critical". If one component inside the TCB is compromised, the entire system's security may be jeopardized. A lower TCB means higher security. There's less risk of exposure to various vulnerabilities, malware, attacks, and malicious people. Azure confidential computing aims to lower the TCB for your cloud workloads by offering TEEs. 
 

articles/confidential-computing/media/confidential-nodes-aks-overview/sgxaksnode.png renamed to articles/confidential-computing/media/confidential-nodes-aks-overview/sgx-aks-node.png

@@ -6,14 +6,14 @@ author: JBCook
 ms.service: virtual-machines
 ms.subservice: confidential-computing
 ms.topic: overview
-ms.date: 11/03/2021
+ms.date: 11/04/2021
 ms.author: jencook
 ms.custom: ignite-fall-2021
 ---
 # Use cases and scenarios
 Confidential computing applies to various use cases for protecting data in regulated industries such as government, financial services, and healthcare institutes. For example, preventing access to sensitive data helps protect the digital identity of citizens from all parties involved, including the cloud provider that stores it. The same sensitive data may contain biometric data that is used for finding and removing known images of child exploitation, preventing human trafficking, and aiding digital forensics investigations.
 
-:::image type="content" source="media/use-cases-scenarios/use_cases.png" alt-text="Screenshot of use cases for Azure confidential computing, including government, financial services, and health care scenarios.":::
+:::image type="content" source="media/use-cases-scenarios/use-cases.png" alt-text="Screenshot of use cases for Azure confidential computing, including government, financial services, and health care scenarios.":::
 
 This article provides an overview of several common scenarios for Azure confidential computing. The recommendations in this article serve as a starting point as you develop your application using confidential computing services and frameworks.
 
@@ -51,7 +51,7 @@ In this secure multi-party computation example, multiple banks share data with e
 
 Through confidential computing, these financial institutions can increase fraud detection rates, address money laundering scenarios, reduce false positives, and continue learning from larger data sets.
 
-:::image type="content" source="media/use-cases-scenarios/mpc_banks.png" alt-text="Graphic of multiparty data sharing for banks, showing the data movement that confidential computing enables.":::
+:::image type="content" source="media/use-cases-scenarios/mpc-banks.png" alt-text="Graphic of multiparty data sharing for banks, showing the data movement that confidential computing enables.":::
 
 ### Drug development in healthcare