Merge pull request #252005 from greg-lindsay/agc-graphics

add graphics to AGC articles

Author: v-shils

articles/application-gateway/for-containers/how-to-backend-mtls-gateway-api.md

@@ -7,7 +7,7 @@ author: greglin
 ms.service: application-gateway
 ms.subservice: appgw-for-containers
 ms.topic: how-to
-ms.date: 07/24/2023
+ms.date: 09/19/2023
 ms.author: greglin
 ---
 
@@ -18,6 +18,14 @@ This document helps set up an example application that uses the following resour
 - Create an [HTTPRoute](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/) resource that references a backend service.
 - Create a [BackendTLSPolicy](api-specification-kubernetes.md#alb.networking.azure.io/v1.BackendTLSPolicy) resource that has a client and CA certificate for the backend service referenced in the HTTPRoute.
 
+## Background
+
+Mutual Transport Layer Security (MTLS) is a process that relies on certificate authentication to create an encrypted TLS connection. You can use MTLS to secure the connection from a client device to the Application Gateway for Containers backend target. If a client certificate is revoked or invalid, the connection is not secure. 
+
+See the following figure:
+
+[ ![A diagram showing the Application Gateway for Containers backend MTLS process.](./media/how-to-backend-mtls-gateway-api/backend-mtls.png) ](./media/how-to-backend-mtls-gateway-api/backend-mtls.png#lightbox)
+
 ## Prerequisites
 
 > [!IMPORTANT]