Expanded group assignment for the conditional access policy. To help
admins understand that if they want to properly enforce access for
certain applications, they need to scope the broadest group possible for
their application. This will make sure that any devices not managed by
Fleet will be prompted to enroll in Fleet and be marked as compliant
before access is granted.
Related to: [#25943](https://github.com/fleetdm/fleet/issues/25943)
Changes:
- Updated filenames of images in the website/assets/images/articles/
folder to match website naming conventions
- Updated links to images in articles.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Expanded and clarified instructions for Entra conditional access
integration.
* Added requirements for user group membership in Intune.
* Provided steps for deploying the Company Portal app during macOS
device setup.
* Included reminders for assigning users/groups to Conditional Access
policies.
* Added guidance on temporarily disabling Conditional Access.
* Explained compliance implications when unenrolling from Fleet MDM.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
