Alt text & descriptions

windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md

@@ -1,6 +1,6 @@
 ---
 title: BitLocker cannot encrypt a drive  known issues
-description: 
+description: Provides guidance for troubleshooting known issues that may prevent BitLocker Drive Encryption from encrypting a drive
 ms.reviewer: kaushika
 ms.prod: w10
 ms.sitesec: library
@@ -79,11 +79,11 @@ To verify that this issue has occurred, follow these steps:
 
 1. Copy this output, and then use it as part of the [**ConvertFrom-SddlString**](https://docs.microsoft.com/powershell/module/microsoft.powershell.utility/convertfrom-sddlstring?view=powershell-6) command in the PowerShell window, as follows:
 
-   ![](./images/ts-bitlocker-usb-sddl.png)
+   ![Output of the ConvertFrom-SddlString command, showing NT AUTHORITY\\INTERACTIVE](./images/ts-bitlocker-usb-sddl.png)
 
    If you see NT AUTHORITY\INTERACTIVE (as highlighted), in the output of this command, this is the cause of the problem. Under typical conditions, the output should resemble the following:
 
-   ![default](./images/ts-bitlocker-usb-default-sddl.png)
+   ![Output of the ConvertFrom-SddlString command, showing NT AUTHORITY\\Authenticated Users](./images/ts-bitlocker-usb-default-sddl.png)
 
 > [!NOTE]
 > GPOs that change the security descriptors of services have been known to cause this issue.

windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md

@@ -1,6 +1,6 @@
 ---
 title: BitLocker cannot encrypt a drive  known TPM issues 
-description: 
+description: Provides guidance for troubleshooting known issues that may prevent BitLocker Drive Encryption from encrypting a drive, and that you can attribute to the TPM
 ms.reviewer: kaushika
 ms.prod: w10
 ms.sitesec: library

windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md

@@ -1,6 +1,6 @@
 ---
 title: BitLocker configuration known issues
-description: 
+description: Describes common issues that involve your BitLocker configuration and BitLocker's general functionality, and provides guidance for addressing those issues.
 ms.reviewer: kaushika
 ms.prod: w10
 ms.sitesec: library
@@ -11,7 +11,7 @@ manager: kaushika
 audience: ITPro
 ms.collection: Windows Security Technologies\BitLocker
 ms.topic: troubleshooting
-ms.date: 9/27/2019
+ms.date: 10/7/2019
 ---
 
 # BitLocker configuration: known issues

windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md

@@ -1,6 +1,6 @@
 ---
 title: Decode Measured Boot logs to track PCR changes
-description: 
+description: Provides instructions for installing and using a tool for analyzing log information to identify changes to PCRs
 ms.reviewer: kaushika
 ms.prod: w10
 ms.sitesec: library
@@ -11,7 +11,7 @@ manager: kaushika
 audience: ITPro
 ms.collection: Windows Security Technologies\BitLocker
 ms.topic: troubleshooting
-ms.date: 10/4/2019
+ms.date: 10/7/2019
 ---
 
 # Decode Measured Boot logs to track PCR changes
@@ -39,11 +39,11 @@ To install the tool, follow these steps:
 
 1. Accept the default installation path.
 
-   ![](./images/ts-tpm-1.png)
+   ![Specify Location page of the Windows Hardware Lab Kit installation wizard](./images/ts-tpm-1.png)
 
 1. Under **Select the features you want to install**, select **Windows Hardware Lab Kit—Controller + Studio**.
 
-   ![](./images/ts-tpm-2.png)
+   ![Select features page of the Windows Hardware Lab Kit installation wizard](./images/ts-tpm-2.png)
 
 1. Finish the installation.
 
@@ -54,7 +54,7 @@ To install the tool, follow these steps:
 
    The TBSLogGenerator.exe file resides in this folder.
 
-   ![](./images/ts-tpm-3.png)
+   ![Properties and location of the TBSLogGenerator.exe file](./images/ts-tpm-3.png)
 
 1. Run the following command:
    ```cmd
@@ -67,16 +67,16 @@ To install the tool, follow these steps:
     TBSLogGenerator.exe -LF C:\MeasuredBoot\0000000005-0000000000.log > C:\MeasuredBoot\0000000005-0000000000.txt
     ```
 
-   ![](./images/ts-tpm-4.png)
+   ![Command Prompt window that shows an example of how to use TBSLogGenerator](./images/ts-tpm-4.png)
 
    The command produces a text file that uses the specified name. In the case of the example, the file is **0000000005-0000000000.txt**. The file resides in the same folder as the original .log file.
 
-   ![](./images/ts-tpm-5.png)
+   ![Windows Explorer window that shows the text file that TBSLogGenerator produces](./images/ts-tpm-5.png)
 
 The content of this text file resembles the following:
 
-![](./images/ts-tpm-6.png)
+![Contents of the text file, as shown in NotePad](./images/ts-tpm-6.png)
 
 To find the PCR information, go to the end of the file.
 
-   ![](./images/ts-tpm-7.png)
+   ![View of NotePad that shows the PCR information at the end of the text file](./images/ts-tpm-7.png)

windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md

@@ -1,6 +1,6 @@
 ---
 title: Enforcing BitLocker policies by using Intune  known issues
-description: 
+description: provides assistance for issues that you may see if you use Microsoft Intune policy to manage silent BitLocker encryption on devices.
 ms.reviewer: kaushika
 ms.prod: w10
 ms.sitesec: library
@@ -11,12 +11,12 @@ manager: kaushika
 audience: ITPro
 ms.collection: Windows Security Technologies\BitLocker
 ms.topic: troubleshooting
-ms.date: 10/2/2019
+ms.date: 10/7/2019
 ---
 
 # Enforcing BitLocker policies by using Intune: known issues
 
-This article provides assistance for issues you may see if you use Microsoft Intune policy to manage silent BitLocker encryption on devices. The Intune portal indicates if BitLocker has failed to encrypt on or more managed devices.
+This article provides assistance for issues that you may see if you use Microsoft Intune policy to manage silent BitLocker encryption on devices. The Intune portal indicates whether BitLocker has failed to encrypt on or more managed devices.
 
 ![The BitLocker status indictors on the Intune portal](./images/4509189_en_1.png)
 
@@ -314,13 +314,13 @@ The OMA-URI references for these settings are the following:
 
 During regular operations, BitLocker Drive Encryption generates events such as event ID 796 and event ID 845.
 
-![](./images/4509203_en_1.png)
+![Event ID 796, as shown in Event Viewer](./images/4509203_en_1.png)
 
-![](./images/4509204_en_1.png)
+![Event ID 845, as shown in Event Viewer](./images/4509204_en_1.png)
 
 You can also verify if the BitLocker Recovery Key has been uploaded to Azure by checking the device details in the Azure AD Devices section.
 
-![](./images/4509205_en_1.png)
+![BitLocker recovery key information as viewed in Azure AD](./images/4509205_en_1.png)
 
 On the device, check the Registry Editor to verify the policy settings on the device. Verify the entries under the following subkeys:
 

windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md

@@ -279,4 +279,4 @@ To resolve this issue, do one of the following:
 - Remove any device that uses TPM 1.2 from any group that is subject to Group Policy Objects (GPOs) that enforce Secure Launch.
 - Modify the **Turn On Virtualization Based Security** GPO to set **Secure Launch Configuration** to **Disabled**.
 
-   ![](./images/4496674_en_1.png)
+   ![The Turn On Virtualization Based Security policy dialog box](./images/4496674_en_1.png)