Website: update article image filenames to match website naming conventions (#32263)

Related to: [#25943](https://github.com/fleetdm/fleet/issues/25943)

Changes:
- Updated filenames of images in the website/assets/images/articles/
folder to match website naming conventions
- Updated links to images in articles.

articles/automatic-software-install-in-fleet.md

@@ -23,12 +23,12 @@ SELECT 1 FROM apps WHERE bundle_identifier = 'com.adobe.Reader' AND version_comp
 
 3. **Open the software install automation modal**: In the **Policies** tab, click the **Manage automations** button on the top-right, then select **Install software** from the context menu that pops up.
 
-![Manage policies](../website/assets/images/articles/automatic-software-install-policies-manage.png)
+![Manage policies](../website/assets/images/articles/automatic-software-install-policies-manage-692x199@2x.png)
 
 4. **Select policy**: Click the checkbox next to your newly created policy's name. To the right of it select from the
    drop-down list the software you would like to be installed upon failure of this policy.
 
-![Install software modal](../website/assets/images/articles/automatic-software-install-install-software.png)
+![Install software modal](../website/assets/images/articles/automatic-software-install-install-software-398x259@2x.png)
 
 When a host fails the selected policy, this will trigger the software to be installed on the host.
 
@@ -42,7 +42,7 @@ If the software install fails, you can reset a software automation and trigger t
 * The policy check mechanism runs on a typical one-hour cadence on all online hosts.
 * Fleet will send install requests to the hosts on the first policy failure (first "No" result for the host) or if a policy goes from "Yes" to "No". Currently, Fleet will not send an install request if a policy is already failing and continues to fail ("No" -> "No"). See the following flowchart for details.
 
-![Flowchart](../website/assets/images/articles/automatic-software-install-workflow.png)
+![Flowchart](../website/assets/images/articles/automatic-software-install-workflow-674x189@2x.png)
 *Detailed flowchart*
 
 App Store (VPP) apps won't be installed if a host has MDM turned off or if you run out of licenses (purchased in Apple Business Manager). Currently, these errors aren't surfaced in Fleet. After turning MDM on for a host or purchasing more licenses, you can retry [installing the app on the host's **Host details** page](https://fleetdm.com/guides/deploy-software-packages#install-the-package). To retry on multiple hosts at once, head to **Policies > Manage Automations** in Fleet and turn the app's policy automation off and back on.

articles/building-an-effective-dashboard-with-fleet-rest-api-flask-and-plotly.md

@@ -1,6 +1,6 @@
 # Building an effective dashboard with Fleet's REST API, Flask, and Plotly: A step-by-step guide
 
-![Building an effective dashboard with Fleet's REST API, Flask, and Plotly: A step-by-step guide](../website/assets/images/articles/building-an-effective-dashboard-with-fleet-rest-api-flask-and-plotly@2x.jpg)
+![Building an effective dashboard with Fleet's REST API, Flask, and Plotly: A step-by-step guide](../website/assets/images/articles/building-an-effective-dashboard-with-fleet-rest-api-flask-and-plotly-800x450@2x.jpg)
 
 ## Background
 
@@ -94,5 +94,5 @@ Hopefully, this article sparked your interest in the Fleet REST API and potentia
 <meta name="authorGitHubUsername" value="dherder">
 <meta name="category" value="guides">
 <meta name="publishedOn" value="2023-05-22">
-<meta name="articleImageUrl" value="../website/assets/images/articles/building-an-effective-dashboard-with-fleet-rest-api-flask-and-plotly@2x.jpg">
+<meta name="articleImageUrl" value="../website/assets/images/articles/building-an-effective-dashboard-with-fleet-rest-api-flask-and-plotly-800x450@2x.jpg">
 <meta name="description" value="Step-by-step guide on building a dynamic dashboard with Fleet's REST API, Flask, and Plotly. Master data visualization with open-source tools!">

articles/configuration-profile-status.md

@@ -29,7 +29,7 @@ failed profiles to affected hosts.
     - **Pending**: the profile is pending install on the host
     - **Failed**: the profile failed to be installed on the host
 
-![](../website/assets/images/articles/profile-aggregate-stauts-650-440@2x.png)
+![](../website/assets/images/articles/profile-aggregate-stauts-650x440@2x.png)
 
 3. To resend a profile to all hosts where instialltion failed
     - Hover over the **Failed** status row.

articles/connect-end-user-to-wifi-with-certificate.md

@@ -130,7 +130,7 @@ When saving the configuration, Fleet will attempt to connect to the SCEP server
 
 When Fleet delivers the profile to your hosts, Fleet will replace the variables. If something goes wrong, errors will appear on each host's **Host details > OS settings**.
 
-![NDES SCEP failed profile](../website/assets/images/articles/ndes-scep-failed-profile.png)
+![NDES SCEP failed profile](../website/assets/images/articles/ndes-scep-failed-profile-405x215@2x.png)
 
 #### Example configuration profile
 

articles/creating-windows-csps.md

@@ -1,6 +1,6 @@
 Deploying Windows configurations profiles (aka Configuration Service Providers (CSPs)) for Windows devices can feel daunting, especially if you're new to the process or accustomed to ClickOps and other UI-driven approaches. The scarcity of straightforward documentation and guides can make it feel like you're venturing into a configuration rabbit hole.
 
-![Rabbit Hole](../website/assets/images/articles/down-the-rabbit-hole.png)
+![Rabbit Hole](../website/assets/images/articles/down-the-rabbit-hole-452x304@2x.png)
 
 This guide will help you understand the building blocks to crafting CSPs of varying complexity – from simple payloads to more complex ones that involve modification of ADMX underpinnings.
 
@@ -29,12 +29,12 @@ Windows maps the name and category path of a Group Policy to an MDM policy by pa
 
 Unfortunately, to capture handling of ADMX the admin building the policies must use a UI, such as the Group Policy Editor, to gather the necessary data. For this example, we will use the ```WindowsPowerShell``` which controls PowerShell settings and is an ADMX-backed policy. [This](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowspowershell) is the official documentation that we will work from if you want to follow along. Notice this banner that indicates the ADMX requirement:
 
-![ADMX Tool Tip](../website/assets/images/articles/admx-tool-tip.png)
+![ADMX Tool Tip](../website/assets/images/articles/admx-tool-tip-672x230@2x.png)
 
 
 In the Windows documentation, you will notice a section called ADMX Mapping:
 
-![ADMX Mapping](../website/assets/images/articles/admx-mapping.png)
+![ADMX Mapping](../website/assets/images/articles/admx-mapping-618x293@2x.png)
 
 Pay attention to the line **ADMX File Name**, which will show you the name of the .admx file you need to open to help craft your CSP. All ADMX files are located at:
 ```C:\Windows\PolicyDefinitions\{ADMXFileName.admx}```
@@ -66,7 +66,7 @@ Values can take one of the following types:
 At this point in the build we know the ADMX keys for this specific policy, which values those keys accept, and now to translate that into a CSP that Fleet can interpret.
 You can also see in the group policy editor the values that are being modified by the profile.
 
-![GPEDIT](../website/assets/images/articles/gpedit-example.png)
+![GPEDIT](../website/assets/images/articles/gpedit-example-240x79@2x.png)
 
 In this example, we will modify the ExecutionPolicy value, which in group policy editor translates to “Turn on Script Execution”, the XML from the .admx looks like such:
 
@@ -222,7 +222,7 @@ Applications and Service Logs > Microsoft > Windows > DeviceManagement-Enterpris
 
 The `Admin` logs will show you all profiles that have been pushed to the device and their status. It helps to use the `Find` function to look for keywords in your profile to narrow your search. Here is an example of the logs that show when the CSP we created here was deployed.
 
-![Windows Event Logs](../website/assets/images/articles/windows-event-log.png)
+![Windows Event Logs](../website/assets/images/articles/windows-event-log-314x222@2x.png)
 
 Alternatively, you can use this PowerShell one-liner to see errors from the MDM event log:
 

articles/deploying-entra-platform-sso-with-fleet.md

@@ -130,17 +130,17 @@ Uploading the profile to a team in Fleet will automatically deliver it to all ma
 ## End user experience
 When the Company Portal app and Platform SSO configuration profile are deployed to a host, the end user will receive a notification that says **Registration Required: Please register with your identity provider**. You should direct your end users to interact with this notification by clicking the **Register** button that appears when they hover their mouse over the notification.
 
-![Registration Notification](../website/assets/images/articles/deploying-entra-platform-sso-with-fleet-registration-notification.png)
+![Registration Notification](../website/assets/images/articles/deploying-entra-platform-sso-with-fleet-registration-notification-370x83@2x.png)
 
 After clicking the register button in the notification, a Platform Single Sign-On Registration window will appear. After clicking **Continue**, the user will be prompted for the password they use to log into their Mac (this might be different than their Entra ID password).
 
-![Registration Window](../website/assets/images/articles/deploying-entra-platform-sso-with-fleet-register-window.png)
+![Registration Window](../website/assets/images/articles/deploying-entra-platform-sso-with-fleet-register-window-592x740@2x.png)
 
 Next, they’ll be prompted to sign into Microsoft Entra ID. This is what associates the user’s device to their Microsoft Entra ID account.
 
 Lastly, they’ll be prompted to enable the Company Portal app to be used as a Passkey. The notification will direct them to System Settings and enable the toggle next to the Company Portal app.
 
-![Enable PSSO Passkey](../website/assets/images/articles/deploying-entra-platform-sso-with-fleet-passkey.gif)
+![Enable PSSO Passkey](../website/assets/images/articles/deploying-entra-platform-sso-with-fleet-passkey-717x605@2x.gif)
 
 Once registration is complete, the next time an employee logs into an Entra ID protected app in their web browser, the authentication will be seamless. The employee won’t be prompted for their password or be required to complete an MFA challenge. The Platform SSO extension will handle the entire authentication using the Secure Enclave-backed key.
 

articles/deploying-sentinelone-with-fleet.md

@@ -1,6 +1,6 @@
 # Deploying SentinelOne with Fleet
 
-![Fleet and SentinelOne](../website/assets/images/articles/installing-sentinel-one-with-fleet-1600x900.png)
+![Fleet and SentinelOne](../website/assets/images/articles/installing-sentinel-one-with-fleet-1600x900@2x.png)
 
 SentinelOne is a cybersecurity platform that provides endpoint protection, detection, and response capabilities to organizations. It uses artificial intelligence and machine learning to detect and prevent various types of cyber threats, including malware, ransomware, and zero-day exploits. It's a common toolset deployed by system admins through Fleet. This guide covers off deployment through macOS and Windows.
 
@@ -110,4 +110,4 @@ Want to learn more? Reach out directly to me or the [team at Fleet](https://flee
 <meta name="category" value="guides">
 <meta name="publishedOn" value="2025-04-15">
 <meta name="description" value="Deploying SentinelOne with Fleet">
-<meta name="articleImageUrl" value="../website/assets/images/articles/installing-sentinel-one-with-fleet-1600x900.png">
+<meta name="articleImageUrl" value="../website/assets/images/articles/installing-sentinel-one-with-fleet-1600x900@2x.png">

articles/embracing-the-future-declarative-device-management.md

@@ -1,6 +1,6 @@
 # Embracing the future: Declarative Device Management 
 
-![Embracing the future: Declarative Device Management](../website/assets/images/articles/embracing-the-future-declarative-device-management@2x.png)
+![Embracing the future: Declarative Device Management](../website/assets/images/articles/embracing-the-future-declarative-device-management-800x450@2x.png)
 
 As a Mac administrator, managing a fleet of Apple devices across your organization requires consistency and airtight security. With a variety of system services and background tasks to oversee, the challenge is not only to maintain uniform configurations but also to keep the organization's data secure. Recognizing these challenges, Apple has advanced a powerful new approach - Declarative Device Management (DDM).
 
@@ -61,5 +61,5 @@ Fleet is transforming how we manage and secure devices. Offering an open-core, c
 <meta name="authorFullName" value="JD Strong">
 <meta name="publishedOn" value="2023-07-06">
 <meta name="articleTitle" value="Embracing the future: Declarative Device Management">
-<meta name="articleImageUrl" value="../website/assets/images/articles/embracing-the-future-declarative-device-management@2x.png">
+<meta name="articleImageUrl" value="../website/assets/images/articles/embracing-the-future-declarative-device-management-800x450@2x.png">
 <meta name="description" value="Explore the transformative impact of Declarative Device Management (DDM), Fleet, and osquery for MacAdmins.">

articles/enroll-personal-byod-ios-ipad-hosts-with-managed-apple-account.md

@@ -1,6 +1,6 @@
 # Account-driven User Enrollment for personal Apple devices (BYOD)
 
-![Apple Account-driven User Enrollment (BYOD)](../website/assets/images/articles/apple-account-driven-user-enrollment.png)
+![Apple Account-driven User Enrollment (BYOD)](../website/assets/images/articles/apple-account-driven-user-enrollment-800x400@2x.png)
 
 _Available in Fleet Premium._
 

articles/entra-conditional-access-integration.md

@@ -13,7 +13,7 @@ The steps to configure Fleet as "Compliance partner" for macOS devices can be fo
 
 After this is done, the "Fleet partner" will be shown with a "Pending activation" status.
 
-![Conditional access pending activation](../website/assets/images/compliance-partner-pending-activation.png)
+![Conditional access pending activation](../website/assets/images/articles/compliance-partner-pending-activation-885x413@2x.png)
 
 ### "All Company" Intune group requirement
 
@@ -27,7 +27,7 @@ To connect Fleet to your Entra account you need your "Microsoft Entra tenant ID"
 
 Once you have your tenant ID, go to Fleet: `Settings` > `Integrations` > `Conditional access` and enter the tenant ID.
 
-![Conditional access setup](../website/assets/images/conditional-access-setup.png)
+![Conditional access setup](../website/assets/images/articles/conditional-access-setup-554x250@2x.png)
 
 After clicking `Save` you will be redirected to https://login.microsoftonline.com to consent to the permissions for Fleet's multi-tenant application.
 After consenting you will be redirected back to Fleet (to `/settings/integrations/conditional-access`).
@@ -46,7 +46,7 @@ The Company Portal macOS application can be downloaded from https://go.microsoft
 
 To configure automatic installation on your macOS devices you go to `Software` > `Select the team` > `Add software` > `Custom package`. Upload the `CompanyPortal-Installer.pkg` and check the `Automatic install` option.
 
-!['Company Portal.app' automatic install](../website/assets/images/company-portal-automatic.png)
+!['Company Portal.app' automatic install](../website/assets/images/articles/company-portal-automatic-734x284@2x.png)
 
 You should also configure "Company Portal" as a software package to deploy during "Setup Experience" for DEP/ABM devices.
 Go to `Controls` > `Setup experience` > `Install software` > `Add software`, select `Company Portal` for macOS and hit `Save`.
@@ -160,7 +160,7 @@ Once Fleet policies are configured you also need to configure Entra ID "Conditio
 [Building a Conditional Access policy](https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policies) outlines the steps to create such policies on Entra ID.
 
 For instance, you can create a policy to "block access to Office 365 on macOS devices reported as non-compliant by Fleet":
-![Entra ID Conditional Access policy example](../website/assets/images/entra-conditional-access-policy.png)
+![Entra ID Conditional Access policy example](../website/assets/images/articles/entra-conditional-access-policy-554x506@2x.png)
 
 Make sure to assign Entra users/groups to the created "Conditional Access" policies.
 
@@ -177,11 +177,11 @@ Once disabled, hosts will not be reporting compliance status to Entra anymore.
 
 After the Platform SSO profile is deployed to end-user devices, users will see a notification and will perform the authentication flow with Entra ID.
 
-![Entra ID Platform SSO notification](../website/assets/images/entra-platform-sso-notification.png)
+![Entra ID Platform SSO notification](../website/assets/images/articles/entra-platform-sso-notification-194x59@2x.png)
 
 After following the authentication steps, the user might hit the following message if it attempts to log in to a Microsoft services/apps right away after authenticating via Platform SSO (Fleet can take up to one hour to gather the information and send it to Intune):
 
-![Entra ID Platform SSO refetch needed](../website/assets/images/entra-platform-sso-refetch-needed.png)
+![Entra ID Platform SSO refetch needed](../website/assets/images/articles/entra-platform-sso-refetch-needed-431x351@2x.png)
 
 On that scenario, after hitting "Continue" the user will be redirected to https://fleetdm.com/microsoft-compliance-partner/enroll which will advise to click on the Fleet tray icon "My device" > "🔄 Refetch". The refetch will synchronize data to Intune and the user will be able to log in to Microsoft services/apps without entering credentials.
 
@@ -190,10 +190,10 @@ On that scenario, after hitting "Continue" the user will be redirected to https:
 When a Fleet policy configured for conditional access starts failing on a host, then the user will be logged out and blocked from logging in to Entra ID.
 
 E.g. here's "Microsoft Teams" message on a blocked host:
-![Microsoft Teams message user needs to login again](../website/assets/images/entra-conditional-access-microsoft-teams-log-message.png)
+![Microsoft Teams message user needs to login again](../website/assets/images/articles/entra-conditional-access-microsoft-teams-log-message-1311x111@2x.png)
 
 And here's the error message when trying to re-login:
-![User tries to log in again](../website/assets/images/entra-conditional-access-relogin.png)
+![User tries to log in again](../website/assets/images/articles/entra-conditional-access-relogin-828x577@2x.png)
 
 Clicking on "Check Compliance" redirects the user to https://fleetdm.com/microsoft-compliance-partner/remediate.
 The user will be able to log in again once the failing policies are remediated.

articles/escrowbudy-basics.md

@@ -15,12 +15,12 @@ With EscrowBuddy, the generation and escrowing of FileVault recovery keys happen
 ## How do I set up EscrowBuddy with Fleet?
 To escrow FileVault recovery keys in Fleet, the only thing admins need to do is enable disk encryption on the teams for which disk encryption is required. To do this, in the Fleet UI, select your desired team and navigate to **Controls > OS settings > Disk encryption** then check the box next to **Turn on disk encryption**.
 
-![Turn on disk encryption](../website/assets/images/articles/escrowbuddy-basics-turn-on-disk-encryption.png)
+![Turn on disk encryption](../website/assets/images/articles/escrowbuddy-basics-turn-on-disk-encryption-975x553@2x.png)
 
 Fleet will send a configuration profile to all macOS hosts on that team to enable disk encryption and silently deploy EscrowBuddy.
 
 When the disk encryption profile is delivered to a host, but a key is not yet escrowed, Fleet will show the profile as Action required (pending). The next time the user logs in to their Mac, EscrowBuddy generates a new recovery key on the host and Fleet will collect it.
-![Acation needed](../website/assets/images/articles/escrowbuddy-basics-action-needed.png)
+![Acation needed](../website/assets/images/articles/escrowbuddy-basics-action-needed-535x102@2x.png)
 
 ## What’s going on behind the scenes?
 Behind the scenes, EscrowBuddy runs as a [macOS authorization plugin](https://developer.apple.com/documentation/security/authorization-plug-ins). It works in conjunction with the FileVault profile that Fleet deploys to hosts to enforce disk encryption.

articles/fleet-4.15.0.md

@@ -25,7 +25,7 @@ Fleet Desktop is currently in beta. Check out the remaining work to bring Fleet
 ## Scope transparency with Fleet Desktop on macOS, Windows, and Linux
 **Available in Fleet Free & Fleet Premium**
 
-![Scope transparency with Fleet Desktop on macOS, Windows, and Linux](../website/assets/images/articles/fleet-4.15.0-2-1200x674.gif)
+![Scope transparency with Fleet Desktop on macOS, Windows, and Linux](../website/assets/images/articles/fleet-4.15.0-2-600x337@2x.gif)
 
 Fleet Desktop also allows end-users to see what information about their laptop or workstation, is accessible to their organization.
 

articles/fleet-4.18.0.md

@@ -16,7 +16,7 @@ Fleet Desktop uses a random UUID to authenticate to the Fleet server. While it's
 ## Show your end users a call to action in Fleet Desktop for failing policies
 **Available in Fleet Free & Fleet Premium**
 
-![Show your end users a call to action in Fleet desktop for failing policies.](../website/assets/images/articles/fleet-4.18.0-1.gif)
+![Show your end users a call to action in Fleet desktop for failing policies.](../website/assets/images/articles/fleet-4.18.0-1-800x500@2x.gif)
 The main goal of Fleet Desktop is to empower end users to take charge of managing the security of their enrolled device. If a device is failing a policy check, Fleet Desktop will now show end users useful information for resolving the issue and make it easy to check if they've fixed it. 
 
 ## More new features, improvements, and bug fixes

articles/fleet-4.19.0.md

@@ -19,7 +19,7 @@ Fleet will now automatically create a user account when a new user attempts to l
 ## See remaining disk space for all hosts
 **Available in Fleet Free and Fleet Premium**
 
-![See remaining disk space for all hosts](../website/assets/images/articles/fleet-4.19.0-1.gif)
+![See remaining disk space for all hosts](../website/assets/images/articles/fleet-4.19.0-1-800x450@2x.gif)
 
 Fleet 4.19.0 adds the ability to quickly see which hosts may not have enough remaining disk space to install operating system updates.
 
@@ -34,7 +34,7 @@ Fleet 4.19.0 adds the ability to see a list of all Windows operating system (OS)
 
 Also, Windows operating system versions now include the display version like "21H" or "21H2." This allows you to quickly reference [endoflife.date/windows](https://endoflife.date/windows), so you can see which operating systems Microsoft no longer supports. 
 
-![Aggregate mobile device management (MDM) data](../website/assets/images/articles/fleet-4.19.0-2.gif) 
+![Aggregate mobile device management (MDM) data](../website/assets/images/articles/fleet-4.19.0-2-800x450@2x.gif) 
 
 Fleet 4.19.0 also adds the improved Windows operating system versions on the **Hosts** page and **Host details** page in the Fleet UI, as well as the `GET /hosts` and `GET /hosts/{id}` API routes.
 

articles/fleet-4.20.0.md

@@ -1,6 +1,6 @@
 # Fleet 4.20.0 | Aggregate Munki issues, test features on canary teams, improved macOS vulnerability detection
 
-![Fleet 4.20.0](../website/assets/images/articles/fleet-4.20.0-1600x900.jpg)
+![Fleet 4.20.0](../website/assets/images/articles/fleet-4.20.0-800x450@2x.jpg)
 
 Fleet 4.20.0 is up and running. Check out the full [changelog](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.20.0) or continue reading to get the highlights.
 
@@ -14,7 +14,7 @@ For update instructions, see our [upgrade guide](https://fleetdm.com/docs/deploy
 ## Aggregate Munki issues
 **Available in Fleet Free and Fleet Premium**
 
-![Aggregate Munki issues](../website/assets/images/articles/aggregate-munki-1600x900.jpg)
+![Aggregate Munki issues](../website/assets/images/articles/aggregate-munki-800x450@2x.jpg)
 
 Fleet 4.20.0 adds the ability to see a list of all Munki warnings and errors (issues) across all your hosts. 
 
@@ -23,7 +23,7 @@ To see this in action, head to the **Home > macOS** page and view the **Munki**
 ## Test features on canary teams
 **Available in Fleet Premium**
 
-![Aggregate Munki issues](../website/assets/images/articles/canaries-1600x900.jpg)
+![Aggregate Munki issues](../website/assets/images/articles/canaries-800x450@2x.jpg)
 
 You can now test features like software inventory on a subset of your hosts.
 
@@ -114,4 +114,4 @@ Visit our [Update guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in
 <meta name="authorGitHubUsername" value="noahtalerman">
 <meta name="publishedOn" value="2022-09-09">
 <meta name="articleTitle" value="Fleet 4.20.0 | Aggregate Munki issues, test features on canary teams, improved macOS vulnerability detection">
-<meta name="articleImageUrl" value="../website/assets/images/articles/fleet-4.20.0-1600x900.jpg">
+<meta name="articleImageUrl" value="../website/assets/images/articles/fleet-4.20.0-800x450@2x.jpg">

articles/fleet-4.21.0.md

@@ -27,7 +27,7 @@ In addition to validating required keys and the type of document values, Fleet m
 ## Manage osquery flags remotely with Orbit
 **Available in Fleet Free and Fleet Premium**
 
-![Manage osquery flags remotely with Orbit](../website/assets/images/articles/fleet-4.21.0.gif)
+![Manage osquery flags remotely with Orbit](../website/assets/images/articles/fleet-4.21.0-800x450@2x.gif)
 
 Admins used to need a software orchestration tool (e.g., Chef) to deploy new osquery flags to the end user. Now, you can specify new flags in Fleet — and Orbit will restart osquery with the appropriate flags.
 

articles/fleet-4.27.0.md

@@ -17,7 +17,7 @@ Fleet 4.27.0 makes it easy to see who tried to log in to Fleet and failed. Our c
 
 In the UI an account administrator will see the following information:
 
-![Login failed example](../website/assets/images/articles/fleet-4.27.0-add-failed-login-activity-type-800x450%402x.jpg)
+![Login failed example](../website/assets/images/articles/fleet-4.27.0-add-failed-login-activity-type-800x450@2x.jpg)
 
 If you pair this new login activity with the audit improvements from [release 4.26](https://fleetdm.com/releases/fleet-4.26.0) you can now set up an alert if multiple failed login attempts occur. 
 

articles/fleet-desktop-on-fedora-and-debian.md

@@ -18,8 +18,8 @@ Starting in version v4.58.0, Fleet supports running scripts to remediate failing
 Following are screenshots of the end-user experience when Fleet runs the script to install the extension (GNOME requires a prompt for installation of extensions for security purposes).
 
 <p float="left">
-  <img src="../website/assets/images/fedora_38_appindicator_extension_prompt.png" title="Fedora 38" width="300" />
-  <img src="../website/assets/images/debian_12_appindicator_extension_prompt.png" title="Debian 12" width="300" /> 
+  <img src="../website/assets/images/articles/fedora_38_appindicator_extension_prompt-326x434@2x.png" title="Fedora 38" width="300" />
+  <img src="../website/assets/images/articles/debian_12_appindicator_extension_prompt-326x434@2x.png" title="Debian 12" width="300" /> 
 </p>
 
 > If the end-user hits `Cancel` instead of `Install` then the extension won't be installed and the policy will continue to fail on the host. Fleet only deploys the script on the first failure of the policy, so the end-user won't be prompted again and again, just once. Admins can still run the script on such hosts manually.
@@ -29,8 +29,8 @@ Following are screenshots of the end-user experience when Fleet runs the script
 After the extension is installed your users will see the Fleet icon on their menu bar:
 
 <p float="left">
-  <img src="../website/assets/images/fedora_38_fleet_desktop_tray.png" title="Fedora 38" width="300" />
-  <img src="../website/assets/images/debian_12_fleet_desktop_tray.png" title="Debian 12" width="300" /> 
+  <img src="../website/assets/images/articles/fedora_38_fleet_desktop_tray-159x59@2x.png" title="Fedora 38" width="300" />
+  <img src="../website/assets/images/articles/debian_12_fleet_desktop_tray-159x59@2x.png" title="Debian 12" width="300" /> 
 </p>
 
 <meta name="authorGitHubUsername" value="lucasmrod">

articles/fleet-in-vegas-2023.md

@@ -1,6 +1,6 @@
 # Fleet takes on Vegas: Exploring cybersecurity's future at Black Hat, B-Sides, and DEF CON 31 
 
-[![BlackHat/B-Sides/DefCon 31 in Las Vegas](../website/assets/images/articles/fleet-in-vegas-2023@2x.jpg)](https://fleetdm.com/imagine/defcon-31)
+![BlackHat/B-Sides/DefCon 31 in Las Vegas](../website/assets/images/articles/fleet-in-vegas-2023-960x540@2x.jpg)
 
 Fleet is participating in Black Hat, Security B-Sides, and DEF CON 31 this year in Las Vegas, with representation by two of our key team members: Marcos Oviedo and Zach Wasserman.
 
@@ -64,5 +64,5 @@ Fleet is committed to staying on the leading edge of cybersecurity trends and ad
 <meta name="authorFullName" value="JD Strong">
 <meta name="publishedOn" value="2023-08-02">
 <meta name="articleTitle" value="Fleet takes on Vegas: Exploring cybersecurity's future at Black Hat, B-Sides, and DEF CON 31">
-<meta name="articleImageUrl" value="../website/assets/images/articles/fleet-in-vegas-2023@2x.jpg">
+<meta name="articleImageUrl" value="../website/assets/images/articles/fleet-in-vegas-2023-960x540@2x.jpg">
 <meta name="description" value="Explore cybersecurity's cutting edge with Fleet at three top-tier conferences - Black Hat, Security B-Sides, and DEF CON.">

articles/fleet-introduces-mdm.md

@@ -35,7 +35,7 @@ Organizations can deploy configuration profiles, settings, and policies aligned
 
 Fleet brings the GitOps workflow to your organization’s configuration profiles with a full API and scriptable command line interface (CLI). GitOps is a modern approach to Continuous Deployment (CD) that uses Git as the single source of truth for declarative infrastructure and application configurations and MDM configuration profiles.
 
-![Fleet GitOps workflow](../website/assets/images/articles/fleet-mdm-launch-gitops-flow-800x640.jpg)
+![Fleet GitOps workflow](../website/assets/images/articles/fleet-mdm-launch-gitops-flow-800x640@2x.jpg)
 
 ## Programmability and automation make for a better user experience
 

articles/fleet-is-abuzz-for-macdevops-yvr-2023.md

@@ -1,6 +1,6 @@
 # Fleet is abuzz 🐝 for MacDevOps:YVR 
 
-[![MacDevOps:YVR June 21-22, 2023](../website/assets/images/articles/fleet-is-abuzz-for-macdevops-yvr-2023@2x.png)](https://mdoyvr.com/)
+[![MacDevOps:YVR June 21-22, 2023](../website/assets/images/articles/fleet-is-abuzz-for-macdevops-yvr-2023-960x540@2x.png)](https://mdoyvr.com/)
 
 _Pun Warning: If puns give you the heebie-jeebies, we apologize. MacDevOps:YVR has a bee 🐝 theme this year, and we frankly couldn't help ourselves. That's all._
 
@@ -36,5 +36,5 @@ If you are interested in attending the [MacDevOps:YVR Conference](https://mdoyvr
 <meta name="authorFullName" value="JD Strong">
 <meta name="publishedOn" value="2023-06-07">
 <meta name="articleTitle" value="Fleet is abuzz 🐝 for MacDevOps:YVR">
-<meta name="articleImageUrl" value="../website/assets/images/articles/fleet-is-abuzz-for-macdevops-yvr-2023@2x.png">
+<meta name="articleImageUrl" value="../website/assets/images/articles/fleet-is-abuzz-for-macdevops-yvr-2023-960x540@2x.png">
 <meta name="description" value="Fleet is a proud sponsor of MacDevOps:YVR which is back in person in Vancouver, B.C. June 21-22, 2023">

articles/foreign-vitals-map-idp-users-to-hosts.md

@@ -1,6 +1,6 @@
 # Foreign vitals: map IdP users to hosts
 
-![Import users from IdP to Fleet](../website/assets/images/articles/add-users-from-idp-cover-img.png)
+![Import users from IdP to Fleet](../website/assets/images/articles/add-users-from-idp-cover-img-800x400@2x.png)
 
 _Available in Fleet Premium._
 
@@ -45,7 +45,7 @@ To map users from Okta to hosts in Fleet, we'll do the following steps:
 9. Back in Okta, select **Save**.
 10. Under the **Provisioning** tab, select **To App** and then select **Edit** in the **Provisioning to App** section. Enable **Create Users**, **Update User Attributes**, **Deactivate Users**, and then select **Save**.
 11. On the same page, make sure that `givenName` and `familyName` have Okta value assigned to it. Currently, Fleet requires the `userName`, `givenName`, and `familyName` SCIM attributes. Fleet also supports the `department` attribute (optional). Delete the rest of the attributes.
-![Okta SCIM attributes mapping](../website/assets/images/articles/okta-scim-attributes-mapping.png)
+![Okta SCIM attributes mapping](../website/assets/images/articles/okta-scim-attributes-mapping-402x181@2x.png)
 
 #### Step 3: Map users and groups to hosts in Fleet
 
@@ -53,7 +53,7 @@ To send users and groups information to Fleet, you have to assign them to your n
 
 1. In OKta's main menu **Directory > Groups** and then select **Add group**. Name it "Fleet human-device mapping".
 2. On the same page, select the **Rules** tab. Create a rule that will assign users to your  "Fleet human-device mapping" group.
-![Okta group rule](../website/assets/images/articles/okta-scim-group-rules.png)
+![Okta group rule](../website/assets/images/articles/okta-scim-group-rules-1000x522@2x.png)
 3. In the main menu, select **Applications > Applications**  and select your new SCIM app. Then, select the **Assignments** tab.
 4. Select **Assign > Assign to Groups** and then select **Assign** next to the "Fleet human-device mapping" group. Then, select **Done**. Now all users that you assigned to the  "Fleet human-device mapping" group will be provisioned to Fleet.
 5. On the same page, select **Push Groups** tab. Then, select **Push Groups > Find groups by name** and add all groups that you assigned to "Fleet human-device mapping" group previously (make sure that **Push group memberships immediately** is selected). All groups will be provisioned in Fleet, and Fleet will map those groups to users.
@@ -86,10 +86,10 @@ To map users from Entra ID to hosts in Fleet, we'll do the following steps:
 #### Step 3: Map users and groups to hosts in Fleet
 
 1. From the side menu, select **Attribute mapping** and then select **Provision Microsoft Entra ID Groups**.
-![Entra SCIM attributes mapping for groups](../website/assets/images/articles/entra-group-scim-attributes.png)    
+![Entra SCIM attributes mapping for groups](../website/assets/images/articles/entra-group-scim-attributes-504x134@2x.png)    
 2. Select **Provision Microsoft Entra ID Users**.
 3. Ensure that the attributes `userName`, `givenName`, `familyName`, `department`, `active`, and `externalId` are mapped to **Microsoft Entra ID Attribute**. Currently, Fleet requires the `userName` `givenName`, and `familyName` SCIM attributes. Delete the rest of the attributes. Then, elect **Save** and select the close icon in the top right corner.
-![Entra SCIM attributes mapping for users](../website/assets/images/articles/entra-user-scim-attributes.png)  
+![Entra SCIM attributes mapping for users](../website/assets/images/articles/entra-user-scim-attributes-480x160@2x.png)  
 4. Next, from the side menu, select **Users and groups** , **+ Add user/group**, and **None Selected**.
 5. Select the users and groups that you want to map to hosts in Fleet and then select **Assign**. 
 6. From the side menu, select **Overview** and select **Start provisioning**.
@@ -225,9 +225,9 @@ To map users from Google Workspace to hosts in Fleet, we'll do the following ste
 7. For the **Bind CN**, enter the username that you saved in the first step. For **Bind Password**, enter the password you saved.
 8. In **Base DN**, enter your Google Workspace domain in a DN format (e.g. dc=yourcompany,dc=com).
 9. For the **User Property Mappings,** remove all selected properties by clicking the "X" icon, and select all user properties that we created in the left box and select the ">" icon between boxes.
-![authentik LDAP user property mappings](../website/assets/images/articles/authentik-user-ldap-attributes-custom-mappings.png)
+![authentik LDAP user property mappings](../website/assets/images/articles/authentik-user-ldap-attributes-custom-mappings-960x270@2x.png)
 10. For the **Group Property Mappings**, remove all selected properties by clicking the "X" icon, and select all group properties that we created in the left box and select the ">" icon between boxes.
-![authentik LDAP user property mappings](../website/assets/images/articles/authentik-group-ldap-attributes-custom-mappings.png)
+![authentik LDAP user property mappings](../website/assets/images/articles/authentik-group-ldap-attributes-custom-mappings-960x270@2x.png)
 11. Under **Additional settings**, enter values below:
 **User object filter** > `(objectClass=person)`,  **Group object filter** > `(objectClass= groupOfNames)`, **Group membership field** > `member`, **Object uniqueness field** > `objectSid`
 13. Select **Finish** to save your configuration. 
@@ -266,5 +266,5 @@ last name).
 <meta name="authorFullName" value="Marko Lisica">
 <meta name="publishedOn" value="2025-04-11">
 <meta name="articleTitle" value="Foreign vitals: map IdP users to hosts">
-<meta name="articleImageUrl" value="../website/assets/images/articles/add-users-from-idp-cover-img.png">
+<meta name="articleImageUrl" value="../website/assets/images/articles/add-users-from-idp-cover-img-800x400@2x.png">
 <meta name="category" value="guides">

articles/gitops-mode.md

@@ -6,12 +6,12 @@ For example, if a user in the Fleet UI adds a query and then GitOps runs, the qu
 GitOps mode helps avoid this by preventing the user from saving or editing the query in the first place
 (though does still allow running an ad-hoc live query):
 
-![](../website/assets/images/articles/gitops-mode-disables-saving-queries.png)
+![](../website/assets/images/articles/gitops-mode-disables-saving-queries-900x480@2x.png)
 
 ## Enabling
 To turn GitOps mode on or off, navigate to **Settings** > **Integrations** > **Change management**:
 
-![](../website/assets/images/articles/enabling-gitops-mode.gif)
+![](../website/assets/images/articles/enabling-gitops-mode-960x594@2x.gif)
 
 ## Still available
 

articles/introducing-workbrew.md

@@ -19,7 +19,7 @@ Workbrew enables companies to maintain the agility developers love while ensurin
 
 As noted in the article, Workbrew brings a customizable solution to organizations struggling with “[shadow IT](https://techcrunch.com/2015/09/25/its-time-to-embrace-not-fear-shadow-it/)” risks. By offering a fleet dashboard, vulnerability detection, and deep integrations with tools like [Fleet](https://fleetdm.com/device-management), Workbrew helps companies maintain visibility and control over Homebrew deployments at scale. Whether it’s ensuring compliance in regulated industries or automating package installations for remote teams, Workbrew is paving the way for safer, smarter IT management.
 
-![Workbrew console](../website/assets/images/articles/workbrew-console-3412x2020px.png)
+![Workbrew console](../website/assets/images/articles/workbrew-console-1706x1010@2x.png)
 
 At Fleet, we’re excited to support Workbrew’s efforts. Our [integration](https://fleetdm.com/integrations) ensures that Workbrew users can easily sync device data, enabling seamless management across teams. Workbrew’s approach resonates with our belief in open-source and transparent tools for IT and security.
 

articles/macos-setup-experience.md

@@ -189,7 +189,7 @@ You can configure software installations and a script to be executed during Setu
 
 If you configure software and/or a script for setup experience, users will see a window like this pop open after their device enrolls in MDM via ADE:
 
-![screen shot of Fleet setup experience window](../website/assets/images/install-software-preview.png)
+![screen shot of Fleet setup experience window](../website/assets/images/articles/install-software-preview-462x364@2x.png)
 
 This window shows the status of the software installations as well as the script exectution. Once all steps have completed, the window can be closed and Setup Assistant will proceed as usual.
 

articles/mapping-fleet-and-osquery-results-to-the-mitre-attck-framework-via-splunk.md

@@ -30,7 +30,7 @@ Now that you have the nice .yaml, you can `apply` to your fleet server:
 fleetctl apply network_connection_listening.yaml
 ```
 There are a bunch to convert and apply:
-![code-convert](../website/assets/images/articles/fleetctl-convert-apply.png)
+![code-convert](../website/assets/images/articles/fleetctl-convert-apply-1788x1094@2x.png)
 
 In the Queries list within fleet, you will now have:
 ![fleet-attck-queries](../website/assets/images/articles/mapping-fleet-and-osquery-results-to-the-mitre-attck-framework-via-splunk-attck-queries-1780x923@2x.png)

articles/mdm-migration.md

@@ -55,7 +55,7 @@ Configuration:
 
 > Available in Fleet Premium
 
-![Fleet's MDM migration dialog](../website/assets/images/articles/mdm-migration-dialog.png)
+![Fleet's MDM migration dialog](../website/assets/images/articles/mdm-migration-dialog-494x327@2x.png)
 
 End user experience:
 

articles/prevent-tampering-login-items.md

@@ -8,7 +8,7 @@ Since the release of Ventura, users can now manage Login Items, LaunchAgents and
 
 Now in macOS, not only can users see which apps are set up for persistence, they can also control them from a single place in System Settings. Importantly, when apps add a LaunchAgent, LaunchDaemon, or Login Item, the system now displays a banner. 
 
-![Login Item Banner](../website/assets/images/articles/login-item-banner.png)
+![Login Item Banner](../website/assets/images/articles/login-item-banner-337x78@2x.png)
 
 ## Login items in the enterprise
 
@@ -16,7 +16,7 @@ While transparency and openness to see what is running on your machine is a [key
 
 To properly manage these “Login Items”, admins need to use an MDM to deploy a profile with the new `com.apple.servicemanagement` payload. This profile cannot be manually installed and it must be deployed from an MDM to a device. 
 
-![Profile Error](../website/assets/images/articles/user-profile-error.png)
+![Profile Error](../website/assets/images/articles/user-profile-error-389x327@2x.png)
 
 ## The anatomy of the payload
 
@@ -90,7 +90,7 @@ For a complete `.mobileconfig` example, check out [this repo.](https://github.co
 
 Upload this .mobileconfig to your MDM and once it’s deployed to your endpoints, you will see something like such in the Login Items section of the System Settings:
 
-![Profile Error](../website/assets/images/articles/locked-login-item.png)
+![Profile Error](../website/assets/images/articles/locked-login-item-606x76@2x.png)
 
 And that’s it!
 

articles/psu-macadmins-conference-2023.md

@@ -1,6 +1,6 @@
 # Mac admins summer camp ⛺ at PSU MacAdmins Conference 2023 
 
-[![PSU MacAdmins Conference July 18-21](../website/assets/images/articles/psu-macadmins-conference-2023@2x.png)](https://mdoyvr.com/)
+[![PSU MacAdmins Conference July 18-21](../website/assets/images/articles/psu-macadmins-conference-2023-1600x900@2x.png)](https://mdoyvr.com/)
 
 Hello there, macOS admins! Let's talk about the upcoming PSU MacAdmins Conference 2023 (aka Summer Camp for Mac Admins). PSUMAC is July 18-21 at Penn State University. Hope to see you there. 
 
@@ -45,5 +45,5 @@ In a nutshell, the [PSU MacAdmins Conference 2023](https://macadmins.psu.edu/) i
 <meta name="authorFullName" value="JD Strong">
 <meta name="publishedOn" value="2023-07-13">
 <meta name="articleTitle" value="Mac admins summer camp ⛺ at PSU MacAdmins Conference 2023">
-<meta name="articleImageUrl" value="../website/assets/images/articles/psu-macadmins-conference-2023@2x.png">
+<meta name="articleImageUrl" value="../website/assets/images/articles/psu-macadmins-conference-2023-1600x900@2x.png">
 <meta name="description" value="A look ahead to PSU MacAdmin Conference July 18-21, 2023">

articles/software-self-service.md

@@ -1,6 +1,6 @@
 # Software self-service
 
-![Software self-service](../website/assets/images/articles/software-self-service-2670x1514.png)
+![Software self-service](../website/assets/images/articles/software-self-service-1335x757@2x.png)
 
 _Available in Fleet Premium_
 

articles/using-bioutil-cmd.md

@@ -1,6 +1,6 @@
 # Using bioutil to verify Touch ID/biometric utilization
 
-![Apple TouchID](../website/assets/images/articles/bioutil@2x.png)
+![Apple TouchID](../website/assets/images/articles/bioutil-1600x900@2x.png)
 
 ## Intro
 
@@ -79,7 +79,7 @@ At this point, we know that the file we want to read, `biometric_config.json` ex
 
 `SELECT * FROM parse_json WHERE path = '/opt/orbit/biometric_config.json'`
 
-![bioutil example query](../website/assets/images/articles/bioutil-command.png)
+![bioutil example query](../website/assets/images/articles/bioutil-command-1459x192@2x.png)
 
 If you just wanted to return the number of enrolled fingerprints, use a query like such:
 
@@ -106,4 +106,4 @@ For more tips and detailed guides, don’t forget to check out the Fleet
 <meta name="category" value="guides">
 <meta name="publishedOn" value="2024-12-29">
 <meta name="description" value="Streamline Biometric Security with bioutil and Fleet">
-<meta name="articleImageUrl" value="../website/assets/images/articles/bioutil@2x.png">
+<meta name="articleImageUrl" value="../website/assets/images/articles/bioutil-1600x900@2x.png">

articles/using-fleet-and-okta-workflows-to-generate-a-daily-os-report.md

@@ -1,6 +1,6 @@
 # Using Fleet and Okta Workflows to generate a daily OS report
 
-![Using Fleet and Okta Workflows to Generate a daily OS Report](../website/assets/images/articles/using-fleet-and-okta-workflows-to-generate-a-daily-os-report@2x.jpg)
+![Using Fleet and Okta Workflows to Generate a daily OS Report](../website/assets/images/articles/using-fleet-and-okta-workflows-to-generate-a-daily-os-report-800x450@2x.jpg)
 
 _Today we wanted to feature [Harrison](https://kitchenstocomputers.com/fleet/), a member of our community. We thought this piece was exceptionally useful and wanted to share it with you all. If you are interested in contributing to the Fleet blog, feel free to [contact us](https://fleetdm.com/company/contact) or reach out to [@jdstrong](https://osquery.slack.com/team/U04MTPBAHQS) on the osquery slack._ 
 
@@ -145,5 +145,5 @@ than a 200, but I have skipped that for now.
 <meta name="authorGitHubUsername" value="harrisonravazzolo">
 <meta name="category" value="guides">
 <meta name="publishedOn" value="2023-05-09">
-<meta name="articleImageUrl" value="../website/assets/images/articles/using-fleet-and-okta-workflows-to-generate-a-daily-os-report@2x.jpg">
+<meta name="articleImageUrl" value="../website/assets/images/articles/using-fleet-and-okta-workflows-to-generate-a-daily-os-report-800x450@2x.jpg">
 <meta name="description" value="Learn how to use Fleet to query device OS information through the Fleet REST API and automate daily Slack notifications using Okta Workflows.">

articles/using-github-actions-to-apply-configuration-profiles-with-fleet.md

@@ -1,6 +1,6 @@
 # Using GitHub Actions to apply configuration profiles with Fleet
 
-![Using GitHub Actions to apply configuration profiles with Fleet](../website/assets/images/articles/using-github-actions-to-apply-configuration-profiles-with-fleet@2x.jpg)
+![Using GitHub Actions to apply configuration profiles with Fleet](../website/assets/images/articles/using-github-actions-to-apply-configuration-profiles-with-fleet-1600x900@2x.jpg)
 
 In the ever-evolving realm of software management, automated workflows are an essential tool in maintaining system efficiency and security. At the heart of this drive towards automation is GitHub Actions, a powerful platform that enables developers to automate, customize, and execute software development workflows directly in their repositories. In this blog post, we focus on utilizing GitHub Actions with Fleet to apply the latest configuration profiles from your repository.
 
@@ -167,5 +167,5 @@ With this in place, you need to trigger your GitHub action by adding configurati
 <meta name="authorGitHubUsername" value="spokanemac">
 <meta name="category" value="guides">
 <meta name="publishedOn" value="2023-05-31">
-<meta name="articleImageUrl" value="../website/assets/images/articles/using-github-actions-to-apply-configuration-profiles-with-fleet@2x.jpg">
+<meta name="articleImageUrl" value="../website/assets/images/articles/using-github-actions-to-apply-configuration-profiles-with-fleet-1600x900@2x.jpg">
 <meta name="description" value="A guide on using GitHub Actions with Fleet for efficient and automated application of the latest configuration profiles for a GitOps workflow.">