reduce character count for alt text

Author: DeCohen

ATPDocs/investigate-security-alerts.md

@@ -72,7 +72,7 @@ Some alerts have extra tabs, such as details about:
 
 For example:
 
-:::image type="content" source="media/understanding-security-alerts/involved-entities.png" alt-text="Screenshot showing the Microsoft Defender for Identity alert report for Network mapping reconnaissance (DNS). The Summary tab is selected, displaying details such as title, description, start and end times, severity, status, and a link to view in browser. Other tabs include Source Computer, DNS Servers, Network Activities, and Related." lightbox="media/understanding-security-alerts/involved-entities.png":::
+:::image type="content" source="media/understanding-security-alerts/involved-entities.png" alt-text="Screenshot showing a Microsoft Defender for Identity alert summary for network mapping reconnaissance (DNS), with summary details." lightbox="media/understanding-security-alerts/involved-entities.png":::
 
 ## How can I use Defender for Identity information in an investigation?
 
@@ -90,7 +90,7 @@ Includes the data Defender for Identity learned from Active Directory about the
 
 Includes all data Defender for Identity profiled on the entity. Defender for Identity uses the network and event activities captured to learn about the environment's users and computers. Defender for Identity profiles relevant information per entity. This information contributes Defender for Identity's threat identification capabilities.
 
-:::image type="content" source="media/understanding-security-alerts/related-entities.png" alt-text="Screenshot showing the Related Entities tab of a Microsoft Defender for Identity alert report for Network mapping reconnaissance (DNS). The table lists related entities with columns for ID, Type, Name, Unique Entity JSON, and Unique Entity Profile JSON. Two computer entities are shown, including one named DC1." lightbox="media/understanding-security-alerts/related-entities.png":::
+:::image type="content" source="media/understanding-security-alerts/related-entities.png" alt-text="Screenshot showing the Related Entities tab of a Microsoft Defender for Identity alert report for Network mapping reconnaissance (DNS)." lightbox="media/understanding-security-alerts/related-entities.png":::
 
 
 For more information about how to work with Defender for Identity security alerts, see [Working with security alerts](/defender-for-identity/understanding-security-alerts).

ATPDocs/understanding-security-alerts.md

@@ -27,7 +27,7 @@ Alerts from the last seven days are displayed with the following information:
 - First activity
 - Last activity
 
-:::image type="content" source="media/understanding-security-alerts/filtered-alerts.png" alt-text="Screenshot showing the Alerts page in the Microsoft Defender portal, filtered for new alerts from Microsoft Defender for Identity. Two alerts are listed with the name Suspected brute-force. Each entry includes columns for severity, investigation state, status, category, detection source, impacted assets, and timestamps for first and last activity."  lightbox="media/understanding-security-alerts/filtered-alerts.png":::
+:::image type="content" source="media/understanding-security-alerts/filtered-alerts.png" alt-text="Screenshot showing the Alerts page in the Defender portal. Two alerts named Suspected brute-force are listed with full alert details."  lightbox="media/understanding-security-alerts/filtered-alerts.png":::
 
 
 
@@ -117,7 +117,7 @@ You can create a new incident from the alert or link to an existing incident.
 ### Assign alerts
 If an alert isn't yet assigned, you can select Assign to me to assign the alert to yourself.
 
-:::image type="content" source="media/understanding-security-alerts/alert-state.png" alt-text="Screenshot showing the Alert state section in the Microsoft Defender portal. The Classification field is marked as “Not Set” with a link to “Set Classification.” The Assigned to field shows “Unassigned” with a link labeled “Assign to me.” This section allows users to manage alert ownership and classification." lightbox="media/understanding-security-alerts/alert-state.png":::
+:::image type="content" source="media/understanding-security-alerts/alert-state.png" alt-text="Screenshot that shows how to assign an alert to yourself." lightbox="media/understanding-security-alerts/alert-state.png":::
 
 ### Add comments to an alert
 You can add comments to an alert to provide additional context or information. This is useful for sharing insights with your team or documenting your investigation process.
@@ -142,7 +142,7 @@ Following proper investigation, all Defender for Identity security alerts can be
 
 - **False positive (FP)**: A false alarm, meaning the activity didn't happen.
 
-:::image type="content" source="media/understanding-security-alerts/classify-alert.png" alt-text="Screenshot showing a Microsoft Defender alert titled “Suspected brute-force attack (LDAP).” The alert is labeled with severity Medium, status New, and classification Unknown. Below, a classification banner includes a message to classify the alert, with buttons labeled “True alert” and “False alert” for user response." lightbox="media/understanding-security-alerts/classify-alert.png":::
+:::image type="content" source="media/understanding-security-alerts/classify-alert.png" alt-text="Screenshot that shows how to classify an alert as a true or false alert." lightbox="media/understanding-security-alerts/classify-alert.png":::
 
 > [!NOTE]
 > An increase of alerts of the exact same type typically reduces the suspicious/importance level of the alert. For repeated alerts, verify configurations, and use security alert details and definitions to understand exactly what is happening that trigger the repeats.