diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000000..ed9462b7e6
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,8 @@
+{
+    "markdownlint.config": {
+        "MD028": false,
+        "MD025": {
+            "front_matter_title": ""
+        }
+    }
+}
\ No newline at end of file
diff --git a/windows/client-management/images/config-lock-mdsl.png b/windows/client-management/images/config-lock-mdsl.png
new file mode 100644
index 0000000000..a2d1bf5130
Binary files /dev/null and b/windows/client-management/images/config-lock-mdsl.png differ
diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/mdm/config-lock.md
index 71f1b89074..f910c56d82 100644
--- a/windows/client-management/mdm/config-lock.md
+++ b/windows/client-management/mdm/config-lock.md
@@ -21,6 +21,8 @@ In an enterprise organization, IT administrators enforce policies on their corpo
 
 Secured-Core Configuration Lock (Config Lock) is a new [Secured-Core PC (SCPC)](/windows-hardware/design/device-experiences/oem-highly-secure) feature that prevents configuration drift from Secured-Core PC features (shown below) caused by unintentional misconfiguration. In short, it ensures a device intended to be a Secured-Core PC remains a Secured-Core PC.
 
+   :::image type="content" source="images/config-lock-mdsl.png" alt-text="modern device security levels for config lock.":::
+
 To summarize, Config Lock:
 
 - Enables IT to “lock” Secured-Core PC features when managed through MDM