diff --git a/docs/id-governance/identity-governance-overview.md b/docs/id-governance/identity-governance-overview.md
index 5b7a4434456..48661a723ca 100644
--- a/docs/id-governance/identity-governance-overview.md
+++ b/docs/id-governance/identity-governance-overview.md
@@ -40,9 +40,9 @@ Identity Governance helps organizations achieve a balance between *productivity*
 
 ![Identity lifecycle](./media/identity-governance-overview/identity-lifecycle.png)
 
-For many organizations, identity lifecycle for employees is tied to the representation of that user in an HCM (human capital management) system.  Microsoft Entra ID P1 or P2, through inbound provisioning, automatically maintains user identities for people represented in Workday and SuccessFactors in both Active Directory and Microsoft Entra ID, as described in the  [cloud HR application to Microsoft Entra user provisioning planning guide](~/identity/app-provisioning/plan-cloud-hr-provision.md).  Microsoft Entra ID P1 or P2 also includes [Microsoft Identity Manager](/microsoft-identity-manager/), which can import records from on-premises HCM systems such as SAP HCM, Oracle eBusiness, and Oracle PeopleSoft.
+For many organizations, identity lifecycle for employees is tied to the representation of that user in an HCM (human capital management) system.  Microsoft Entra ID P1 or P2, through inbound provisioning, automatically maintains user identities for people represented in Workday and SuccessFactors in both Active Directory and Microsoft Entra ID, as described in the  [cloud HR application to Microsoft Entra user provisioning planning guide](~/identity/app-provisioning/plan-cloud-hr-provision.md). You can then fullfill identity assignments through automatic [user provisioning](~/identity/app-provisioning/user-provisioning.md) and deprovisioning into Microsoft Entra connected apps, including via SCIM, LDAP and SQL. Microsoft Entra ID P1 or P2 also includes [Microsoft Identity Manager](/microsoft-identity-manager/), which can import records from on-premises HCM systems such as SAP HCM, Oracle eBusiness, and Oracle PeopleSoft.
 
-Increasingly, scenarios require collaboration with people outside your organization. [Microsoft Entra B2B](/azure/active-directory/b2b/) collaboration enables you to securely share your organization's applications and services with guest users and external partners from any organization, while maintaining control over your own corporate data.  [Microsoft Entra entitlement management](entitlement-management-overview.md) enables you to select which organization's users are allowed to request access and be added as B2B guests to your organization's directory, and ensures that these guests are removed when they no longer need access.
+Increasingly, scenarios require collaboration with people outside your organization. [Microsoft Entra B2B](/azure/active-directory/b2b/) collaboration enables you to securely share your organization's applications and services with guest users and external partners from any organization, while maintaining control over your own corporate data.  [Microsoft Entra entitlement management](entitlement-management-overview.md) enables you to select which organization's users are allowed to request access and be added as [B2B](~/external-id/what-is-b2b.md) guests to your organization's directory, and ensures that these guests are removed when they no longer need access.
 
 Organizations are able to automate the identity lifecycle management process by using [Lifecycle Workflows](what-are-lifecycle-workflows.md). Workflows can be created to automatically run tasks for a user before they enter the organization, as they change states during their time in the organization, and as they leave the organization. For example, a workflow can be configured to send an email with a temporary password to a new user's manager, or a welcome email to the user on their first day.
 
@@ -54,7 +54,7 @@ Organizations need a process to manage access beyond what was initially provisio
 
 Typically, IT delegates access approval decisions to business decision makers.  Furthermore, IT can involve the users themselves.  For example, users that access confidential customer data in a company's marketing application in Europe need to know the company's policies. Guest users may be unaware of the handling requirements for data in an organization to which they've been invited.
 
-Organizations can automate the access lifecycle process through technologies such as [dynamic groups](~/identity/users/groups-dynamic-membership.md), coupled with user provisioning to [SaaS apps](~/identity/saas-apps/tutorial-list.md) or [apps integrated with SCIM](~/identity/app-provisioning/use-scim-to-provision-users-and-groups.md). Microsoft Entra ID can also provision access to apps that use [AD groups](entitlement-management-group-writeback.md), [other on-premises directories](~/identity/app-provisioning/on-premises-ldap-connector-configure.md) or [databases](~/identity/app-provisioning/on-premises-sql-connector-configure.md), or that have a [SOAP or REST API](~/identity/app-provisioning/on-premises-web-services-connector.md) including [SAP](sap.md).  Organizations can also control which [guest users have access to on-premises applications](~/external-id/hybrid-cloud-to-on-premises.md).  These access rights can then be regularly reviewed using recurring [Microsoft Entra access reviews](access-reviews-overview.md).   [Microsoft Entra entitlement management](entitlement-management-overview.md) also enables you to define how users request access across packages of group and team memberships, application roles, and SharePoint Online roles.  For more information, see the [simplifying identity governance tasks with automation](#simplifying-identity-governance-tasks-with-automation) section below to select the appropriate Microsoft Entra features for your access lifecycle automation scenarios.
+Organizations can automate the access lifecycle process through technologies such as [dynamic groups](~/identity/users/groups-dynamic-membership.md), coupled with user provisioning to [SaaS apps](~/identity/saas-apps/tutorial-list.md) or [apps integrated with SCIM](~/identity/app-provisioning/use-scim-to-provision-users-and-groups.md). Microsoft Entra ID can also provision access to apps that use [AD groups](entitlement-management-group-writeback.md), [other on-premises directories](~/identity/app-provisioning/on-premises-ldap-connector-configure.md) or [databases](~/identity/app-provisioning/on-premises-sql-connector-configure.md), or that have a [SOAP or REST API](~/identity/app-provisioning/on-premises-web-services-connector.md) including [SAP](sap.md).  Organizations can also control which [guest users have access to on-premises applications](~/external-id/hybrid-cloud-to-on-premises.md).  These access rights can then be regularly reviewed using recurring [Microsoft Entra access reviews](access-reviews-overview.md) for access recertification.   [Microsoft Entra entitlement management](entitlement-management-overview.md) also enables you to define how users request access across packages of group and team memberships, application roles, and SharePoint Online roles.  For more information, see the [simplifying identity governance tasks with automation](#simplifying-identity-governance-tasks-with-automation) section below to select the appropriate Microsoft Entra features for your access lifecycle automation scenarios.
 
 Lifecycle access can be automated using workflows. [Workflows can be created](create-lifecycle-workflow.md) to automatically add user to groups, where access to applications and resources are granted. Users can also be moved when their condition within the organization changes to different groups, and can even be removed entirely from all groups.
 
@@ -68,25 +68,6 @@ Historically, privileged access has been described by other vendors as a separat
 
 [Microsoft Entra Privileged Identity Management (PIM)](~/id-governance/privileged-identity-management/pim-configure.md) provides additional controls tailored to securing access rights for resources, across Microsoft Entra, Azure, and other Microsoft Online Services.  The just-in-time access, and role change alerting capabilities provided by Microsoft Entra PIM, in addition to multi-factor authentication and Conditional Access, provide a comprehensive set of governance controls to help secure your company's resources (directory, Microsoft 365, and Azure resource roles). As with other forms of access, organizations can use access reviews to configure recurring access re-certification for all users in administrator roles.
 
-## Governance capabilities in other Microsoft Entra features
-
-In addition to the features listed above, additional Microsoft Entra features frequently used to provide identity governance scenarios include:
-
-| Capability | Scenario |Feature
-| ------- | --------------------- |-----|
-|Identity lifecycle (employees)|Admins can enable user account provisioning from Workday or SuccessFactors cloud HR, or on-premises HR.|[cloud HR to Microsoft Entra user provisioning](~/identity/app-provisioning/plan-cloud-hr-provision.md)|
-|Identity lifecycle (guests)|Admins can enable self-service guest user onboarding from another Microsoft Entra tenant, direct federation, One Time Passcode (OTP) or Google accounts.  Guest users are automatically provisioned and deprovisioned subject to lifecycle policies.|[Entitlement management](entitlement-management-overview.md) using [B2B](~/external-id/what-is-b2b.md)|
-|Entitlement management|Resource owners can create access packages containing apps, Teams, Microsoft Entra ID and Microsoft 365 groups, and SharePoint Online sites.|[Entitlement management](entitlement-management-overview.md)|
-|Lifecycle Workflows|Admins can enable the automation of the lifecycle process based user conditions.|[Lifecycle Workflows](what-are-lifecycle-workflows.md)|
-|Access requests|End users can request group membership or application access. End users, including guests from other organizations, can request access to access packages.|[Entitlement management](entitlement-management-overview.md)|
-|Workflow|Resource owners can define the approvers and escalation approvers for access requests and approvers for role activation requests.  |[Entitlement management](entitlement-management-overview.md) and [PIM](~/id-governance/privileged-identity-management/pim-configure.md)|
-|Policy and role management|Admin can define Conditional Access policies for run-time access to applications.  Resource owners can define policies for user's access via access packages.|[Conditional Access](~/identity/conditional-access/overview.md) and [Entitlement management](entitlement-management-overview.md) policies|
-|Access certification|Admins can enable recurring access recertification for: SaaS apps, on-premises apps, cloud group memberships, Microsoft Entra ID or Azure Resource role assignments. Automatically remove resource access, block guest access and delete guest accounts.|[Access reviews](access-reviews-overview.md), also surfaced in [PIM](~/id-governance/privileged-identity-management/pim-create-roles-and-resource-roles-review.md)|
-|Fulfillment and provisioning|Automatic provisioning and deprovisioning into Microsoft Entra connected apps, including via SCIM, LDAP, SQL and into SharePoint Online sites. |[user provisioning](~/identity/app-provisioning/user-provisioning.md)|
-|Reporting and analytics|Admins can retrieve audit logs of recent user provisioning and sign on activity. Integration with Azure Monitor and 'who has access' via access packages.|[Microsoft Entra reports](~/identity/monitoring-health/overview-monitoring-health.md) and [monitoring](~/identity/monitoring-health/overview-monitoring-health.md)|
-|Privileged access|Just-in-time and scheduled access, alerting, approval workflows for Microsoft Entra roles (including custom roles) and Azure Resource roles.|[Microsoft Entra PIM](~/id-governance/privileged-identity-management/pim-configure.md)|
-|Auditing|Admins can be alerted of creation of admin accounts.|[Microsoft Entra PIM alerts](~/id-governance/privileged-identity-management/pim-how-to-configure-security-alerts.md)|
-
 ## License requirements
 [!INCLUDE [active-directory-entra-governance-license.md](~/includes/entra-entra-governance-license.md)]
 
diff --git a/docs/id-governance/licensing-fundamentals.md b/docs/id-governance/licensing-fundamentals.md
index a5e971e9dbc..8aeef1719c3 100644
--- a/docs/id-governance/licensing-fundamentals.md
+++ b/docs/id-governance/licensing-fundamentals.md
@@ -28,7 +28,7 @@ The following licenses are available for use with Microsoft Entra ID Governance
 - **Microsoft Entra ID Governance** - Microsoft Entra ID Governance is an advanced set of identity governance capabilities available for Microsoft Entra ID P1 and P2 customers, as two products **Microsoft Entra ID Governance** and **Microsoft Entra ID Governance Step Up for Microsoft Entra ID P2**.  These products contain the basic identity governance capabilities that were in Microsoft Entra ID P2, and additional advanced identity governance capabilities. 
 
 >[!NOTE]
->Some Microsoft Entra ID Governance scenarios can be configured to depend upon other features that aren't covered by Microsoft Entra ID Governance.  These features might have additional licensing requirements.  See [Governance capabilities in other Microsoft Entra features](identity-governance-overview.md#governance-capabilities-in-other-microsoft-entra-features) for more information on governance scenarios that rely on additional features.
+>Some Microsoft Entra ID Governance scenarios can be configured to depend upon other features that aren't covered by Microsoft Entra ID Governance.  These features might have additional licensing requirements.  See the [Identity Governance overview](identity-governance-overview.md) for more information on governance scenarios that rely on additional features.
 
 Microsoft Entra ID Governance products aren't yet available in the US government or US national clouds.
 
diff --git a/docs/identity-platform/media/app-objects-and-service-principals/app-registrations-blade.png b/docs/identity-platform/media/app-objects-and-service-principals/app-registrations-blade.png
index cb540d2438b..1e03ba70972 100644
Binary files a/docs/identity-platform/media/app-objects-and-service-principals/app-registrations-blade.png and b/docs/identity-platform/media/app-objects-and-service-principals/app-registrations-blade.png differ
diff --git a/docs/identity-platform/media/app-objects-and-service-principals/enterprise-apps-blade.png b/docs/identity-platform/media/app-objects-and-service-principals/enterprise-apps-blade.png
index c4900707e23..dd0a9967318 100644
Binary files a/docs/identity-platform/media/app-objects-and-service-principals/enterprise-apps-blade.png and b/docs/identity-platform/media/app-objects-and-service-principals/enterprise-apps-blade.png differ
diff --git a/docs/identity-platform/media/custom-extension-get-started/configure-auth-function-app.png b/docs/identity-platform/media/custom-extension-get-started/configure-auth-function-app.png
index 03e86736159..dab19135c79 100644
Binary files a/docs/identity-platform/media/custom-extension-get-started/configure-auth-function-app.png and b/docs/identity-platform/media/custom-extension-get-started/configure-auth-function-app.png differ
diff --git a/docs/identity-platform/media/custom-extension-get-started/custom-extensions-overview.png b/docs/identity-platform/media/custom-extension-get-started/custom-extensions-overview.png
index 39452c78b6a..b322109ba49 100644
Binary files a/docs/identity-platform/media/custom-extension-get-started/custom-extensions-overview.png and b/docs/identity-platform/media/custom-extension-get-started/custom-extensions-overview.png differ
diff --git a/docs/identity-platform/media/custom-extension-get-started/open-id-connect-based-sign-on.png b/docs/identity-platform/media/custom-extension-get-started/open-id-connect-based-sign-on.png
index 922c3904065..3d3250aa5e0 100644
Binary files a/docs/identity-platform/media/custom-extension-get-started/open-id-connect-based-sign-on.png and b/docs/identity-platform/media/custom-extension-get-started/open-id-connect-based-sign-on.png differ
diff --git a/docs/identity-platform/media/custom-extension-get-started/register-test-web-application.png b/docs/identity-platform/media/custom-extension-get-started/register-test-web-application.png
index 2b680878141..018a482d966 100644
Binary files a/docs/identity-platform/media/custom-extension-get-started/register-test-web-application.png and b/docs/identity-platform/media/custom-extension-get-started/register-test-web-application.png differ
diff --git a/docs/identity-platform/media/developer-guide-conditional-access-authentication-context/authentication-context-application-flow.png b/docs/identity-platform/media/developer-guide-conditional-access-authentication-context/authentication-context-application-flow.png
index 159af61ebe5..1db2e73f8a6 100644
Binary files a/docs/identity-platform/media/developer-guide-conditional-access-authentication-context/authentication-context-application-flow.png and b/docs/identity-platform/media/developer-guide-conditional-access-authentication-context/authentication-context-application-flow.png differ
diff --git a/docs/identity-platform/media/developer-guide-conditional-access-authentication-context/configure-conditional-access-authentication-context.png b/docs/identity-platform/media/developer-guide-conditional-access-authentication-context/configure-conditional-access-authentication-context.png
index 983b8ea7948..332a1b03bcb 100644
Binary files a/docs/identity-platform/media/developer-guide-conditional-access-authentication-context/configure-conditional-access-authentication-context.png and b/docs/identity-platform/media/developer-guide-conditional-access-authentication-context/configure-conditional-access-authentication-context.png differ
diff --git a/docs/identity-platform/media/msal-authentication-flows/authorization-code.png b/docs/identity-platform/media/msal-authentication-flows/authorization-code.png
index e7bce580806..c3f8209863e 100644
Binary files a/docs/identity-platform/media/msal-authentication-flows/authorization-code.png and b/docs/identity-platform/media/msal-authentication-flows/authorization-code.png differ
diff --git a/docs/identity-platform/media/msal-authentication-flows/confidential-client-certificate.png b/docs/identity-platform/media/msal-authentication-flows/confidential-client-certificate.png
index 49fe8f97e7a..507b684866a 100644
Binary files a/docs/identity-platform/media/msal-authentication-flows/confidential-client-certificate.png and b/docs/identity-platform/media/msal-authentication-flows/confidential-client-certificate.png differ
diff --git a/docs/identity-platform/media/msal-authentication-flows/confidential-client-password.png b/docs/identity-platform/media/msal-authentication-flows/confidential-client-password.png
index a958e2be569..30289e9265d 100644
Binary files a/docs/identity-platform/media/msal-authentication-flows/confidential-client-password.png and b/docs/identity-platform/media/msal-authentication-flows/confidential-client-password.png differ
diff --git a/docs/identity-platform/media/msal-authentication-flows/device-code.png b/docs/identity-platform/media/msal-authentication-flows/device-code.png
index 7a19ca2f2a4..ebf78f4e099 100644
Binary files a/docs/identity-platform/media/msal-authentication-flows/device-code.png and b/docs/identity-platform/media/msal-authentication-flows/device-code.png differ
diff --git a/docs/identity-platform/media/msal-authentication-flows/integrated-windows-authentication.png b/docs/identity-platform/media/msal-authentication-flows/integrated-windows-authentication.png
index 60e6432cf6e..6afd3039de6 100644
Binary files a/docs/identity-platform/media/msal-authentication-flows/integrated-windows-authentication.png and b/docs/identity-platform/media/msal-authentication-flows/integrated-windows-authentication.png differ
diff --git a/docs/identity-platform/media/msal-authentication-flows/on-behalf-of.png b/docs/identity-platform/media/msal-authentication-flows/on-behalf-of.png
index 79e8f2a2bbf..eafe7588edc 100644
Binary files a/docs/identity-platform/media/msal-authentication-flows/on-behalf-of.png and b/docs/identity-platform/media/msal-authentication-flows/on-behalf-of.png differ
diff --git a/docs/identity-platform/media/msal-authentication-flows/username-password.png b/docs/identity-platform/media/msal-authentication-flows/username-password.png
index aed6bed3908..3cc1c49a30e 100644
Binary files a/docs/identity-platform/media/msal-authentication-flows/username-password.png and b/docs/identity-platform/media/msal-authentication-flows/username-password.png differ
diff --git a/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-02-configured-permissions-pane.png b/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-02-configured-permissions-pane.png
index 6be1dbd125f..851d6c827dc 100644
Binary files a/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-02-configured-permissions-pane.png and b/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-02-configured-permissions-pane.png differ
diff --git a/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-03-grant-admin-consent-button.png b/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-03-grant-admin-consent-button.png
index 6be30db1091..e5085302c42 100644
Binary files a/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-03-grant-admin-consent-button.png and b/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-03-grant-admin-consent-button.png differ
diff --git a/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-04-admin-consent-granted.png b/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-04-admin-consent-granted.png
index a16535531cd..76667bcf809 100644
Binary files a/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-04-admin-consent-granted.png and b/docs/identity-platform/media/quickstart-configure-app-access-web-apis/portal-04-admin-consent-granted.png differ
diff --git a/docs/identity-platform/media/v2-conditional-access-dev-guide/app-accessing-multiple-services-new-token.png b/docs/identity-platform/media/v2-conditional-access-dev-guide/app-accessing-multiple-services-new-token.png
index 662febccc33..1fd98cd497a 100644
Binary files a/docs/identity-platform/media/v2-conditional-access-dev-guide/app-accessing-multiple-services-new-token.png and b/docs/identity-platform/media/v2-conditional-access-dev-guide/app-accessing-multiple-services-new-token.png differ
diff --git a/docs/identity-platform/media/v2-conditional-access-dev-guide/app-accessing-multiple-services-scenario.png b/docs/identity-platform/media/v2-conditional-access-dev-guide/app-accessing-multiple-services-scenario.png
index 9a3dab827ae..3e41535289b 100644
Binary files a/docs/identity-platform/media/v2-conditional-access-dev-guide/app-accessing-multiple-services-scenario.png and b/docs/identity-platform/media/v2-conditional-access-dev-guide/app-accessing-multiple-services-scenario.png differ
diff --git a/docs/identity-platform/media/v2-conditional-access-dev-guide/app-performing-on-behalf-of-scenario.png b/docs/identity-platform/media/v2-conditional-access-dev-guide/app-performing-on-behalf-of-scenario.png
index 298054ea013..2eb83f163f2 100644
Binary files a/docs/identity-platform/media/v2-conditional-access-dev-guide/app-performing-on-behalf-of-scenario.png and b/docs/identity-platform/media/v2-conditional-access-dev-guide/app-performing-on-behalf-of-scenario.png differ
diff --git a/docs/identity-platform/media/v2-conditional-access-dev-guide/spa-using-msal-scenario.png b/docs/identity-platform/media/v2-conditional-access-dev-guide/spa-using-msal-scenario.png
index 44610f0c6f0..89e2a050995 100644
Binary files a/docs/identity-platform/media/v2-conditional-access-dev-guide/spa-using-msal-scenario.png and b/docs/identity-platform/media/v2-conditional-access-dev-guide/spa-using-msal-scenario.png differ
diff --git a/docs/identity/enterprise-apps/add-application-portal-assign-users.md b/docs/identity/enterprise-apps/add-application-portal-assign-users.md
index 3c4d84edf21..0aebbbbc615 100644
--- a/docs/identity/enterprise-apps/add-application-portal-assign-users.md
+++ b/docs/identity/enterprise-apps/add-application-portal-assign-users.md
@@ -39,7 +39,7 @@ To create a user account in your Microsoft Entra tenant:
 1. Browse to **Identity** > **Users** > **All users**
 1. Select **New user** at the top of the pane and then, select **Create new user**. 
 
-    :::image type="content" source="media/add-application-portal-assign-users/new-user.png" alt-text="Add a new user account to your Microsoft Entra tenant.":::
+    :::image type="content" source="media/add-application-portal-assign-users/new-user.png" alt-text="Add a new user account to your Microsoft Entra tenant." lightbox="media/add-application-portal-assign-users/new-user.png":::
     
 1. In the **User principal name** field, enter the username of the user account. For example, `contosouser1@contoso.com`. Be sure to change `contoso.com` to the name of your tenant domain.
 1. In the **Display name** field, enter the name of the user of the account. For example, `contosouser1`.
@@ -51,10 +51,10 @@ To create a user account in your Microsoft Entra tenant:
 To assign a user account to an enterprise application:
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
-1. Browse to **Identity** > **Applications** > **Enterprise applications** > **All applications**. For example, the application that you created in the previous quickstart named **Azure AD SAML Toolkit 1**.
+1. Browse to **Identity** > **Applications** > **Enterprise applications** > **All applications**. For example, the application that you created in the previous quickstart named **Microsoft Entra SAML Toolkit 1**.
 1. In the left pane, select **Users and groups**, and then select **Add user/group**.
 
-    :::image type="content" source="media/add-application-portal-assign-users/assign-user.png" alt-text="Assign user account to an application in your Microsoft Entra tenant.":::
+    :::image type="content" source="media/add-application-portal-assign-users/assign-user.png" alt-text="Assign user account to an application in your Microsoft Entra tenant." lightbox="media/add-application-portal-assign-users/assign-user.png":::
 
 1. On the **Add Assignment** pane, select **None Selected** under **Users and groups**.
 1. Search for and select the user that you want to assign to the application. For example, `contosouser1@contoso.com`.
diff --git a/docs/identity/enterprise-apps/add-application-portal-setup-oidc-sso.md b/docs/identity/enterprise-apps/add-application-portal-setup-oidc-sso.md
index 2a4b1146d24..2763c24e5b0 100644
--- a/docs/identity/enterprise-apps/add-application-portal-setup-oidc-sso.md
+++ b/docs/identity/enterprise-apps/add-application-portal-setup-oidc-sso.md
@@ -43,7 +43,7 @@ To configure OIDC-based SSO for an application:
 1. The **Browse Microsoft Entra Gallery** pane opens and displays tiles for cloud platforms, on-premises applications, and featured applications. Applications listed in the **Featured applications** section have icons indicating whether they support federated SSO and provisioning. Search for and select the application. In this example, **SmartSheet** is being used.
 1. Select **Sign-up**. Sign in with the user account credentials from Microsoft Entra ID. If you already have a subscription to the application, then user details and tenant information is validated. If the application is not able to verify the user, then it redirects you to sign up for the application service.
 
-    :::image type="content" source="media/add-application-portal-setup-oidc-sso/oidc-sso-configuration.png" alt-text="Complete the consent screen for an application.":::
+    :::image type="content" source="media/add-application-portal-setup-oidc-sso/oidc-sso-configuration.png" alt-text="Complete the consent screen for an application." lightbox="media/add-application-portal-setup-oidc-sso/oidc-sso-configuration.png":::
 
 1. Select **Consent on behalf of your organization** and then select **Accept**. The application is added to your tenant and the application home page appears. To learn more about user and admin consent, see [Understand user and admin consent](~/identity-platform/howto-convert-app-to-be-multi-tenant.md#understand-user-and-admin-consent-and-make-appropriate-code-changes).
 
diff --git a/docs/identity/enterprise-apps/add-application-portal.md b/docs/identity/enterprise-apps/add-application-portal.md
index 81ceaa018b0..a0db01b2600 100644
--- a/docs/identity/enterprise-apps/add-application-portal.md
+++ b/docs/identity/enterprise-apps/add-application-portal.md
@@ -17,7 +17,7 @@ ms.custom: mode-other, enterprise-apps
 
 # Quickstart: Add an enterprise application
 
-In this quickstart, you use the Microsoft Entra admin center to add an enterprise application to your Microsoft Entra tenant. Microsoft Entra ID has a gallery that contains thousands of enterprise applications that have been preintegrated. Many of the applications your organization uses are probably already in the gallery. This quickstart uses the application named **Azure AD SAML Toolkit** as an example, but the concepts apply for most [enterprise applications in the gallery](~/identity/saas-apps/tutorial-list.md).
+In this quickstart, you use the Microsoft Entra admin center to add an enterprise application to your Microsoft Entra tenant. Microsoft Entra ID has a gallery that contains thousands of enterprise applications that have been preintegrated. Many of the applications your organization uses are probably already in the gallery. This quickstart uses the application named **Microsoft Entra SAML Toolkit** as an example, but the concepts apply for most [enterprise applications in the gallery](~/identity/saas-apps/tutorial-list.md).
 
 It's recommended that you use a nonproduction environment to test the steps in this quickstart.
 
@@ -37,11 +37,11 @@ To add an enterprise application to your tenant:
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator). 
 1. Browse to **Identity** > **Applications** > **Enterprise applications** > **All applications**.
 1. Select **New application**.
-1. The **Browse Microsoft Entra Gallery** pane opens and displays tiles for cloud platforms, on-premises applications, and featured applications. Applications listed in the **Featured applications** section have icons indicating whether they support federated single sign-on (SSO) and provisioning. Search for and select the application. In this quickstart, **Azure AD SAML Toolkit* is being used.
+1. The **Browse Microsoft Entra Gallery** pane opens and displays tiles for cloud platforms, on-premises applications, and featured applications. Applications listed in the **Featured applications** section have icons indicating whether they support federated single sign-on (SSO) and provisioning. Search for and select the application. In this quickstart, **Microsoft Entra SAML Toolkit* is being used.
 
-    :::image type="content" source="media/add-application-portal/browse-gallery.png" alt-text="Browse in the enterprise application gallery for the application that you want to add.":::
+    :::image type="content" source="media/add-application-portal/browse-gallery.png" alt-text="Browse in the enterprise application gallery for the application that you want to add." lightbox="media/add-application-portal/browse-gallery.png":::
 
-1. Enter a name that you want to use to recognize the instance of the application. For example, `Azure AD SAML Toolkit 1`.
+1. Enter a name that you want to use to recognize the instance of the application. For example, `Microsoft Entra SAML Toolkit 1`.
 1. Select **Create**.
 
 If you choose to install an application that uses OpenID Connect based SSO, instead of seeing a **Create** button, you see a button that redirects you to the application sign-in or sign-up page depending on whether you already have an account there. For more information, see [Add an OpenID Connect based single sign-on application](add-application-portal-setup-oidc-sso.md). After sign-in, the application is added to your tenant.
diff --git a/docs/identity/enterprise-apps/delete-application-portal.md b/docs/identity/enterprise-apps/delete-application-portal.md
index da37a2ebdfd..3e805a28d31 100644
--- a/docs/identity/enterprise-apps/delete-application-portal.md
+++ b/docs/identity/enterprise-apps/delete-application-portal.md
@@ -39,11 +39,11 @@ To delete an enterprise application, you need:
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator). 
 1. Browse to **Identity** > **Applications** > **Enterprise applications** > **All applications**.
-1. Enter the name of the existing application in the search box, and then select the application from the search results. In this article, we use the **Azure AD SAML Toolkit 1** as an example.
+1. Enter the name of the existing application in the search box, and then select the application from the search results. In this article, we use the **Microsoft Entra SAML Toolkit 1** as an example.
 1. In the **Manage** section of the left menu, select **Properties**.
 1. At the top of the **Properties** pane, select **Delete**, and then select **Yes** to confirm you want to delete the application from your Microsoft Entra tenant.
 
-    :::image type="content" source="media/delete-application-portal/delete-application.png" alt-text="Delete an enterprise application.":::
+    :::image type="content" source="media/delete-application-portal/delete-application.png" alt-text="Delete an enterprise application." lightbox="media/delete-application-portal/delete-application.png":::
 
 :::zone-end
 
diff --git a/docs/identity/enterprise-apps/media/add-application-portal-assign-users/assign-user.png b/docs/identity/enterprise-apps/media/add-application-portal-assign-users/assign-user.png
index 3292bbdc364..12a0f73b583 100644
Binary files a/docs/identity/enterprise-apps/media/add-application-portal-assign-users/assign-user.png and b/docs/identity/enterprise-apps/media/add-application-portal-assign-users/assign-user.png differ
diff --git a/docs/identity/enterprise-apps/media/add-application-portal-assign-users/new-user.png b/docs/identity/enterprise-apps/media/add-application-portal-assign-users/new-user.png
index fb58e7274fe..2b218a3db79 100644
Binary files a/docs/identity/enterprise-apps/media/add-application-portal-assign-users/new-user.png and b/docs/identity/enterprise-apps/media/add-application-portal-assign-users/new-user.png differ
diff --git a/docs/identity/enterprise-apps/media/add-application-portal-setup-oidc-sso/oidc-sso-configuration.png b/docs/identity/enterprise-apps/media/add-application-portal-setup-oidc-sso/oidc-sso-configuration.png
index 34ef9e8363f..9fc2a965444 100644
Binary files a/docs/identity/enterprise-apps/media/add-application-portal-setup-oidc-sso/oidc-sso-configuration.png and b/docs/identity/enterprise-apps/media/add-application-portal-setup-oidc-sso/oidc-sso-configuration.png differ
diff --git a/docs/identity/enterprise-apps/media/add-application-portal/browse-gallery.png b/docs/identity/enterprise-apps/media/add-application-portal/browse-gallery.png
index f83432e6bb9..b4402682f90 100644
Binary files a/docs/identity/enterprise-apps/media/add-application-portal/browse-gallery.png and b/docs/identity/enterprise-apps/media/add-application-portal/browse-gallery.png differ
diff --git a/docs/identity/enterprise-apps/media/certificate-signing-options/application-overview-page.png b/docs/identity/enterprise-apps/media/certificate-signing-options/application-overview-page.png
index bdbbc9c292f..45caf81faf8 100644
Binary files a/docs/identity/enterprise-apps/media/certificate-signing-options/application-overview-page.png and b/docs/identity/enterprise-apps/media/certificate-signing-options/application-overview-page.png differ
diff --git a/docs/identity/enterprise-apps/media/certificate-signing-options/saml-signing-page.png b/docs/identity/enterprise-apps/media/certificate-signing-options/saml-signing-page.png
index 0014f197ac5..1205b38ad4b 100644
Binary files a/docs/identity/enterprise-apps/media/certificate-signing-options/saml-signing-page.png and b/docs/identity/enterprise-apps/media/certificate-signing-options/saml-signing-page.png differ
diff --git a/docs/identity/enterprise-apps/media/configure-admin-consent-workflow/review-consent-requests.png b/docs/identity/enterprise-apps/media/configure-admin-consent-workflow/review-consent-requests.png
index ba24bf8533a..2f8fe6f5e00 100644
Binary files a/docs/identity/enterprise-apps/media/configure-admin-consent-workflow/review-consent-requests.png and b/docs/identity/enterprise-apps/media/configure-admin-consent-workflow/review-consent-requests.png differ
diff --git a/docs/identity/enterprise-apps/media/debug-saml-sso-issues/test-single-sign-on.png b/docs/identity/enterprise-apps/media/debug-saml-sso-issues/test-single-sign-on.png
index 1299b6e9c61..d11b750ec48 100644
Binary files a/docs/identity/enterprise-apps/media/debug-saml-sso-issues/test-single-sign-on.png and b/docs/identity/enterprise-apps/media/debug-saml-sso-issues/test-single-sign-on.png differ
diff --git a/docs/identity/enterprise-apps/media/delete-application-portal/delete-application.png b/docs/identity/enterprise-apps/media/delete-application-portal/delete-application.png
index 28c635afa4e..1592b9ceecf 100644
Binary files a/docs/identity/enterprise-apps/media/delete-application-portal/delete-application.png and b/docs/identity/enterprise-apps/media/delete-application-portal/delete-application.png differ
diff --git a/docs/identity/enterprise-apps/media/howto-saml-token-encryption/import-certificate-small.png b/docs/identity/enterprise-apps/media/howto-saml-token-encryption/import-certificate-small.png
index a6bd44ad255..2610be7a95b 100644
Binary files a/docs/identity/enterprise-apps/media/howto-saml-token-encryption/import-certificate-small.png and b/docs/identity/enterprise-apps/media/howto-saml-token-encryption/import-certificate-small.png differ
diff --git a/docs/identity/enterprise-apps/media/manage-certificates-for-federated-single-sign-on/all-certificate-download-options.png b/docs/identity/enterprise-apps/media/manage-certificates-for-federated-single-sign-on/all-certificate-download-options.png
index df418f9f604..828cbaa57d7 100644
Binary files a/docs/identity/enterprise-apps/media/manage-certificates-for-federated-single-sign-on/all-certificate-download-options.png and b/docs/identity/enterprise-apps/media/manage-certificates-for-federated-single-sign-on/all-certificate-download-options.png differ
diff --git a/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/adfs-application-activity.png b/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/adfs-application-activity.png
index 53cb191a0ca..cb1ebd12dbb 100644
Binary files a/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/adfs-application-activity.png and b/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/adfs-application-activity.png differ
diff --git a/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-details.png b/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-details.png
index 0c1160c23f4..b6a34a78c99 100644
Binary files a/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-details.png and b/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-details.png differ
diff --git a/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-rule-details-guidance.png b/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-rule-details-guidance.png
index 2a09a456ce6..0447a0d3e7f 100644
Binary files a/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-rule-details-guidance.png and b/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-rule-details-guidance.png differ
diff --git a/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-rule-details.png b/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-rule-details.png
index 36d05c73cb1..440ce2d0b36 100644
Binary files a/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-rule-details.png and b/docs/identity/enterprise-apps/media/migrate-adfs-application-activity/migration-rule-details.png differ
diff --git a/docs/identity/enterprise-apps/media/overview-application-gallery/enterprise-applications.png b/docs/identity/enterprise-apps/media/overview-application-gallery/enterprise-applications.png
index 9ec41b0744c..e8c4a30f7ea 100644
Binary files a/docs/identity/enterprise-apps/media/overview-application-gallery/enterprise-applications.png and b/docs/identity/enterprise-apps/media/overview-application-gallery/enterprise-applications.png differ
diff --git a/docs/identity/enterprise-apps/media/overview-application-gallery/on-premises-applications.png b/docs/identity/enterprise-apps/media/overview-application-gallery/on-premises-applications.png
index 8bcfd518ed9..772ccd88742 100644
Binary files a/docs/identity/enterprise-apps/media/overview-application-gallery/on-premises-applications.png and b/docs/identity/enterprise-apps/media/overview-application-gallery/on-premises-applications.png differ
diff --git a/docs/identity/enterprise-apps/media/overview-application-gallery/search-applications.png b/docs/identity/enterprise-apps/media/overview-application-gallery/search-applications.png
index 37e2167b3e2..50feef71e3c 100644
Binary files a/docs/identity/enterprise-apps/media/overview-application-gallery/search-applications.png and b/docs/identity/enterprise-apps/media/overview-application-gallery/search-applications.png differ
diff --git a/docs/identity/enterprise-apps/media/view-applications-portal/view-enterprise-applications.png b/docs/identity/enterprise-apps/media/view-applications-portal/view-enterprise-applications.png
index 150ac078ebf..6bf2acb9468 100644
Binary files a/docs/identity/enterprise-apps/media/view-applications-portal/view-enterprise-applications.png and b/docs/identity/enterprise-apps/media/view-applications-portal/view-enterprise-applications.png differ
diff --git a/docs/identity/enterprise-apps/review-admin-consent-requests.md b/docs/identity/enterprise-apps/review-admin-consent-requests.md
index 8ac12beca52..43b208ae56c 100644
--- a/docs/identity/enterprise-apps/review-admin-consent-requests.md
+++ b/docs/identity/enterprise-apps/review-admin-consent-requests.md
@@ -42,7 +42,7 @@ To review the admin consent requests and take action:
    - To view the application details, select the **App details** tab.
    - To see who is requesting access and why, select the **Requested by** tab.
    
-   :::image type="content" source="media/configure-admin-consent-workflow/review-consent-requests.png" alt-text="Screenshot of the admin consent requests in the portal.":::
+   :::image type="content" source="media/configure-admin-consent-workflow/review-consent-requests.png" alt-text="Screenshot of the admin consent requests in the portal." lightbox="media/configure-admin-consent-workflow/review-consent-requests.png":::
    
 1. Evaluate the request and take the appropriate action:
    - **Approve the request**. To approve a request, grant admin consent to the application. Once a request is approved, all requestors are notified that they have been granted access. Approving a request allows all users in your tenant to access the application unless otherwise restricted with user assignment. 
diff --git a/docs/identity/enterprise-apps/view-applications-portal.md b/docs/identity/enterprise-apps/view-applications-portal.md
index 2a0c735a793..02b5ce5e46b 100644
--- a/docs/identity/enterprise-apps/view-applications-portal.md
+++ b/docs/identity/enterprise-apps/view-applications-portal.md
@@ -38,7 +38,7 @@ To view the enterprise applications registered in your tenant:
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator). 
 1. Browse to **Identity** > **Applications** > **Enterprise applications** > **All applications**.
-    :::image type="content" source="media/view-applications-portal/view-enterprise-applications.png" alt-text="View the registered applications in your Microsoft Entra tenant.":::
+    :::image type="content" source="media/view-applications-portal/view-enterprise-applications.png" alt-text="View the registered applications in your Microsoft Entra tenant." lightbox="media/view-applications-portal/view-enterprise-applications.png":::
 1. To view more applications, select **Load more** at the bottom of the list. If there are many applications in your tenant, it might be easier to search for a particular application instead of scrolling through the list.
 
 ## Search for an application