Update file paths to PNG

Author: lauradolan

articles/confidential-computing/confidential-computing-deployment-models.md

@@ -59,15 +59,15 @@ VM admins or any other app or service running inside the VM, operate beyond the
 
 AMD SEV-SNP technology provides VM isolation from the hypervisor. The hardware-based memory integrity protection helps prevent malicious hypervisor-based attacks. The SEV-SNP model trusts the AMD Secure Processor and the VM. The model doesn't trust any other hardware and software components. Untrusted components include the BIOS, and the hypervisor on the host system.
 
-![Diagram of AMD SEV-SNP VM architecture, defining trusted and untrusted components.](media/confidential-computing-deployment-models/amd-sev-snp-vm.jpg)
+![Diagram of AMD SEV-SNP VM architecture, defining trusted and untrusted components.](media/confidential-computing-deployment-models/amd-sev-snp-vm.png)
 
 ### Secure enclaves on Intel SGX
 
 **Secure enclaves on Intel SGX** protect memory spaces inside a VM with hardware-based encryption. The security boundary of application enclaves is more restricted than confidential VMs on AMD SEV-SNP. For Intel SGX, the security boundary applies to portions of memory within a VM. Users, apps, and services running inside the Intel SGX-powered VM can't access any data and code in execution inside the enclave.
 
 Intel SGX helps protect data in use by application isolation. By protecting selected code and data from modification, developers can partition their application into hardened enclaves or trusted execution modules to help increase application security. Entities outside the enclave can't read or write the enclave memory, whatever their permissions levels. The hypervisor or the operating system also can't obtain this access through normal OS-level calls. To call an enclave function, you have to use a new set of instructions in the Intel SGX CPUs. This process includes several protection checks.
 
-![Diagram of Intel SGX enclaves architecture, showing secure information inside app enclave.](media/confidential-computing-deployment-models/intel-sgx-enclave.jpg)
+![Diagram of Intel SGX enclaves architecture, showing secure information inside app enclave.](media/confidential-computing-deployment-models/intel-sgx-enclave.png)
 
 ## Next steps
 

articles/confidential-computing/confidential-containers.md

@@ -18,15 +18,15 @@ A hardware-based Trusted Execution Environment (TEE) provides strong assurances.
 
 Confidential containers support custom applications developed with any programming languages. You can also run Docker container apps off the shelf.
 
-![Diagram of confidential container protection boundary in Kubernetes.](./media/confidential-containers/sgx-confidential-container.jpg)
+![Diagram of confidential container protection boundary in Kubernetes.](./media/confidential-containers/sgx-confidential-container.png)
 
 ## Enablers with Intel SGX on Azure Kubernetes Service(AKS)
 
  To run an existing Docker container, applications on confidential computing nodes require an abstraction layer or Intel Software Guard Extensions (SGX) software to use the special CPU instruction set. Configure SGX to protect your sensitive application code. SGX creates a direct execution to the CPU to remove the guest operating system (OS), host OS, or hypervisor from the trust boundary. This step reduces the overall surface attack areas and vulnerabilities.
 
 Azure Kubernetes Service (AKS) fully supports confidential containers. You can run existing containers confidentially on AKS.
 
-![Diagram of confidential container conversion, with new steps for enabling Intel SGX and AKS](./media/confidential-containers/confidential-containers-deploy-steps.jpg)
+![Diagram of confidential container conversion, with new steps for enabling Intel SGX and AKS](./media/confidential-containers/confidential-containers-deploy-steps.png)
 
 ## Partner enablers
 

articles/confidential-computing/confidential-nodes-aks-overview.md

@@ -19,7 +19,7 @@ ms.custom: ignite-fall-2021
 
 Azure Kubernetes Service (AKS) supports adding [DCsv2 confidential computing nodes](confidential-computing-enclaves.md) powered by Intel SGX. These nodes allow you to run sensitive workloads within a hardware-based trusted execution environment (TEE). TEE’s allow user-level code from containers to allocate private regions of memory to execute the code with CPU directly. These private memory regions that execute directly with CPU are called enclaves. Enclaves help protect the data confidentiality, data integrity and code integrity from other processes running on the same nodes. The Intel SGX execution model also removes the intermediate layers of Guest OS, Host OS and Hypervisor thus reducing the attack surface area. The *hardware based per container isolated execution* model in a node allows applications to directly execute with the CPU, while keeping the special block of memory encrypted per container. Confidential computing nodes with confidential containers are a great addition to your zero trust security planning and defense-in-depth container strategy.
 
-![sgx node overview](./media/confidential-nodes-aks-overview/sgxaksnode.jpg)
+![sgx node overview](./media/confidential-nodes-aks-overview/sgxaksnode.png)
 
 ## AKS Confidential Nodes Features
 

articles/confidential-computing/overview-azure-products.md

@@ -17,15 +17,15 @@ Today customers encrypt their data at rest and in transit, but not while it is i
 
 Technologies like [Intel Software Guard Extensions](https://www.intel.com.au/content/www/au/en/architecture-and-technology/software-guard-extensions-enhanced-data-protection.html) (Intel SGX), or [AMD Secure Encrypted Virtualization](https://www.amd.com/en/processors/amd-secure-encrypted-virtualization) (SEV-SNP) are recent CPU improvements supporting confidential computing implementations. These technologies are designed as virtualization extensions and provide feature sets including memory encryption and integrity, CPU-state confidentiality and integrity, and attestation, for building the confidential computing threat model.
 
-![Graphic of three states of data protection, with confidential computing's data in use highlighted.](media/overview-azure-products/three-states.jpg)
+![Graphic of three states of data protection, with confidential computing's data in use highlighted.](media/overview-azure-products/three-states.png)
 
 When used with data encryption at rest and in transit, confidential computing eliminates the single largest barrier of encryption - encryption while in use - by protecting sensitive or highly regulated data sets and application workloads in a secure public cloud platform. Confidential computing extends beyond generic data protection. TEEs are also being used to protect proprietary business logic, analytics functions, machine learning algorithms, or entire applications.
 
 ## Navigating Azure confidential computing
 
 [Microsoft's offerings](https://aka.ms/azurecc) for confidential computing extend from Infrastructure as a Service (IaaS) to Platform as a Service (PaaS) and as well as developer tools to support your journey to data and code confidentiality in the cloud.
 
-![Screenshot of the Azure confidential computing stack, showing tools and services.](media/overview-azure-products/acc-stack.jpg)
+![Screenshot of the Azure confidential computing stack, showing tools and services.](media/overview-azure-products/acc-stack.png)
 
 ## Reducing the attack surface
 The trusted computing base (TCB) refers to all of a system's hardware, firmware, and software components that provide a secure environment. The components inside the TCB are considered "critical". If one component inside the TCB is compromised, the entire system's security may be jeopardized. A lower TCB means higher security. There's less risk of exposure to various vulnerabilities, malware, attacks, and malicious people. Azure confidential computing aims to lower the TCB for your cloud workloads by offering TEEs. 

articles/confidential-computing/use-cases-scenarios.md

@@ -13,7 +13,7 @@ ms.custom: ignite-fall-2021
 # Use cases and scenarios
 Confidential computing applies to various use cases for protecting data in regulated industries such as government, financial services, and healthcare institutes. For example, preventing access to sensitive data helps protect the digital identity of citizens from all parties involved, including the cloud provider that stores it. The same sensitive data may contain biometric data that is used for finding and removing known images of child exploitation, preventing human trafficking, and aiding digital forensics investigations.
 
-![Confidential computing use cases](media/use-cases-scenarios/use_cases.jpg)
+![Confidential computing use cases](media/use-cases-scenarios/use_cases.png)
 
 This article provides an overview of several common scenarios for Azure confidential computing. The recommendations in this article serve as a starting point as you develop your application using confidential computing services and frameworks.
 
@@ -51,7 +51,7 @@ In this secure multi-party computation example, multiple banks share data with e
 
 Through confidential computing, these financial institutions can increase fraud detection rates, address money laundering scenarios, reduce false positives, and continue learning from larger data sets.
 
-![Multiparty data sharing for banks](media/use-cases-scenarios/mpc_banks.jpg)
+![Multiparty data sharing for banks](media/use-cases-scenarios/mpc_banks.png)
 
 ### Drug development in healthcare