ENGDOCS-2181c (#21419)

<!--Delete sections as needed -->

## Description

Replaces #20646 that was so old it
was still using the `toc.yaml` file.
SME reviews complete. Just need editorial 

## Related issues or tickets

<!-- Related issues, pull requests, or Jira tickets -->

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [x] Editorial review
- [ ] Product review

Author: aevesdocker

content/guides/admin-set-up/comms-and-info-gathering.md

@@ -26,7 +26,7 @@ Some companies may have more than one [Docker organization](/manuals/admin/organ
 
 Through [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md), Docker provides numerous configuration parameters that can be preset. The Docker organization owner, development lead, and infosec representative should review these settings to establish the company’s baseline configuration, including security features and [enforcing sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) for Docker Desktop users. Additionally, they should decide whether to take advantage of free trials for other Docker products, such as [Docker Scout](/manuals/scout/_index.md), which is included in the subscription.
 
-To view the parameters that can be preset, see [Configure Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure.md#step-two-configure-the-settings-you-want-to-lock-in).
+To view the parameters that can be preset, see [Configure Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md#step-two-configure-the-settings-you-want-to-lock-in).
 
 ## Optional step four: Meet with the Docker Implementation team
 

content/manuals/desktop/release-notes.md

@@ -615,7 +615,7 @@ This can be resolved by adding the user to the **docker-users** group. Before st
 
 ### New
 
-- You can now enforce Rosetta usage via [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure.md).
+- You can now enforce Rosetta usage via [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
 - [Docker socket mount restrictions](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md) with ECI is now generally available.
 - Docker Engine and CLI updated to [Moby 26.0](https://github.com/moby/moby/releases/tag/v26.0.0). This includes Buildkit 0.13, sub volumes mounts, networking updates, and improvements to the containerd multi-platform image store UX.
 - New and improved Docker Desktop error screens: swift troubleshooting, easy diagnostics uploads, and actionable remediation.
@@ -913,7 +913,7 @@ This can be resolved by adding the user to the **docker-users** group. Before st
 
 ### New
 
-- Administrators can now control access to beta and experimental features in the **Features in development** tab with [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure.md).
+- Administrators can now control access to beta and experimental features in the **Features in development** tab with [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
 - Introduced four new version update states in the footer.
 - `docker init` (Beta) now supports PHP with Apache + Composer.
 - The [**Builds** view](use-desktop/builds.md) is now GA. You can now inspect builds, troubleshoot errors, and optimize build speed.
@@ -1023,7 +1023,7 @@ This can be resolved by adding the user to the **docker-users** group. Before st
 - Rosetta is now Generally Available for all users on macOS 13 or later. It provides faster emulation of Intel-based images on Apple Silicon. To use Rosetta, see [Settings](/manuals/desktop/settings-and-maintenance/settings.md). Rosetta is enabled by default on macOS 14.1 and later.
 - Docker Desktop now detects if a WSL version is out of date. If an out dated version of WSL is detected, you can allow Docker Desktop to automatically update the installation or you can manually update WSL outside of Docker Desktop.
 - New installations of Docker Desktop for Windows now require a Windows version of 19044 or later.
-- Administrators now have the ability to control Docker Scout image analysis  in [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure.md).
+- Administrators now have the ability to control Docker Scout image analysis in [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
 
 ### Upgrades
 

content/manuals/scout/release-notes/cli.md

@@ -410,7 +410,7 @@ Discarded in favor of [1.9.1](#191).
   instance by Docker Desktop there's no need anymore to re-index it on WSL2
   side.
 - Indexing is now blocked in the CLI if it has been disabled using
-  [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure.md) feature.
+  [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md) feature.
 
 - Fix a panic that would occur when analyzing a single-image `oci-dir` input
 - Improve local attestation support with the containerd image store

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md

@@ -106,7 +106,7 @@ Enforcing sign-in ensures that your Docker Desktop developers always authenticat
 
 ##### Setup
 
-[Create and configure the `admin-settings.json` file](../settings-management/configure.md) and specify:
+[Create and configure the `admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) and specify:
 
 ```json
 {
@@ -135,6 +135,10 @@ For this to take effect:
 >
 > Selecting **Restart** from the Docker menu isn't enough as it only restarts some components of Docker Desktop.
 
+> [!TIP]
+>
+> You can now also configure these settings in the [Docker Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md).
+
 ### What do users see when this setting is enforced by an admin?
 
 When Enhanced Container Isolation is enabled, users see:

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md

@@ -39,7 +39,7 @@ Starting with Docker Desktop 4.27, admins can optionally configure ECI to allow
 bind mounting the Docker Engine socket into containers, but in a controlled way.
 
 This can be done via the Docker Socket mount permissions section in the
-[admin-settings.json](../settings-management/configure.md) file. For example:
+[admin-settings.json](../settings-management/_index.md) file. For example:
 
 ```json
 {
@@ -64,6 +64,10 @@ This can be done via the Docker Socket mount permissions section in the
 }
 ```
 
+> [!TIP]
+>
+> You can now also configure these settings in the [Docker Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md).
+
 As shown above, there are two configurations for bind-mounting the Docker
 socket into containers: the `imageList` and the `commandList`. These are
 described below.

content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md

@@ -25,9 +25,11 @@ For an extra layer of security, you can also use Settings Management to enable a
 
 ## How does it work?
 
-You can configure several Docker Desktop settings using an `admin-settings.json` file. This file is located on the Docker Desktop host and can only be accessed by developers with root or administrator privileges.
+You can configure several Docker Desktop settings using either:
+ - An `admin-settings.json` file. This file is located on the Docker Desktop host and can only be accessed by developers with root or administrator privileges.
+ - Creating a settings policy in the Docker Admin Console 
 
-Values that are set to `locked: true` within the `admin-settings.json` override any previous values set by developers and ensure that these cannot be modified. For more information, see [Configure Settings Management](configure.md#step-two-configure-the-settings-you-want-to-lock-in).
+Settings that are defined by an administrator override any previous values set by developers and ensure that these cannot be modified. 
 
 ## What features can I configure with Settings Management?
 
@@ -50,13 +52,15 @@ Using the `admin-settings.json` file, you can:
 - Specify which paths your developers can add file shares to
 - Configure Air-gapped containers
 
-For more details on the syntax and options, see [Configure Settings Management](configure.md).
+For more details on the syntax and options, see [Configure Settings Management](configure-json-file.md).
 
 ## How do I set up and enforce Settings Management?
 
 You first need to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since the Settings Management feature requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in.
 
-Next, you must either manually [create and configure the admin-settings.json file](configure.md), or use the `--admin-settings` installer flag on [macOS](/manuals/desktop/setup/install/mac-install.md#install-from-the-command-line) or [Windows](/manuals/desktop/setup/install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json` and save it in the correct location.
+Next, you must either:
+ - Manually [create and configure the `admin-settings.json` file](configure-json-file.md), or use the `--admin-settings` installer flag on [macOS](/manuals/desktop/setup/install/mac-install.md#install-from-the-command-line) or [Windows](/manuals/desktop/setup/install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json` and save it in the correct location.
+ - Fill out the **Settings policy** creation form in the [Docker Admin Console](configure-admin-console.md).
 
 Once this is done, Docker Desktop developers receive the changed settings when they either:
 - Quit, re-launch, and sign in to Docker Desktop
@@ -72,6 +76,7 @@ In addition, if Enhanced Container Isolation is enforced, developers can't use p
 
 ![Proxy settings grayed out](/assets/images/grayed-setting.png)
 
-## More resources
+## What's next?
 
-- [Video: Settings Management](https://www.youtube.com/watch?v=I9oJOJ1P9PQ)
+- [Configure Settings Management with a `.json` file](configure-json-file.md)
+- [Configure Settings Management with the Docker Admin Console](configure-admin-console.md)

content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md

@@ -0,0 +1,81 @@
+---
+description: How to configure Settings Management for Docker Desktop using the Docker Admin Console
+keywords: admin, controls, rootless, enhanced container isolation
+title: Configure Settings Management with the Admin Console
+linkTitle: Use the Admin Console
+weight: 20
+params:
+  sidebar:
+    badge:
+      color: violet
+      text: EA
+---
+
+{{% restricted title="Early Access" %}}
+Settings Management in the Docker Admin Console is an [early access](/release-lifecycle#early-access-ea) feature and is available to Docker Business customers only.
+{{% /restricted %}}
+
+This page contains information for administrators on how to configure Settings Management with the Docker Admin Console. You can specify and lock configuration parameters to create a standardized Docker Desktop environment across your Docker company or organization.
+
+## Prerequisites
+
+- [Download and install Docker Desktop 4.36.0 or later](/manuals/desktop/release-notes.md).
+- [Verify your domain](/manuals/security/for-admins/single-sign-on/configure.md#step-one-add-and-verify-your-domain).
+- [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md). The Settings Management feature requires a Docker Business
+subscription, therefore your Docker Desktop users must authenticate to your
+organization for configurations to take effect. 
+
+## Create a settings policy
+
+1. Within the [Docker Admin Console](https://admin.docker.com/) navigate to the company or organization you want to define a settings policy for. 
+2. Under the **Security and access** section, select **Desktop Settings Management**. 
+3. In the top-right corner, select **Create a settings policy**.
+4. Give your settings policy a name and an optional description.
+
+   > [!TIP]
+   >
+   > If you have already configured Settings Management with an `admin-settings.json` file for an organization, you can upload it using the **Upload existing settings** button which then automatically populates the form for you. 
+   >
+   > Settings policies deployed via the Docker Admin Console take precedence over manually deployed `admin-settings.json` files.
+
+5. Assign the setting policy to all your users within the company or organization, or specific users.
+
+   > [!NOTE]
+   >
+   > If a settings policy is assigned to all users, it sets the policy as the global default policy. You can only have one global settings policy at a time. 
+   > If a user already has a user-specific settings policy assigned, the user-specific policy takes precedence over a global policy. 
+
+   > [!TIP]
+   >
+   > Before setting a global settings policy, it is recommended that you first test it as a user-specific policy to make sure you're happy with the changes before proceeding. 
+
+6. Configure the settings for the policy. Go through each setting and select your chosen setting state. You can choose:
+   - **User-defined**. Your developers are able to control and change this setting. 
+   - **Always enabled**. This means the setting is turned on and your users won't be able to edit this setting from Docker Desktop or the CLI.
+   - **Enabled**. The setting is turned on and users can edit this setting from Docker Desktop or the CLI.
+   - **Always disabled**. This means the setting is turned off and your users won't be able to edit this setting from Docker Desktop or the CLI.
+   - **Disabled**. The setting is turned off and users can edit this setting from Docker Desktop or the CLI.   
+7. Select **Create**
+
+For the settings policy to take effect:
+- On a new install, users need to launch Docker Desktop and authenticate to their organization.
+- On an existing install, users need to quit Docker Desktop through the Docker menu, and then re-launch Docker Desktop. If they are already signed in, they don't need to sign in again for the changes to take effect.
+
+  > [!IMPORTANT]
+  >
+  > Selecting **Restart** from the Docker menu isn't enough as it only restarts some components of Docker Desktop.
+
+To avoid disrupting your users' workflows, Docker doesn't automatically require that users re-launch once a change has been made.
+
+> [!NOTE]
+>
+> Settings are synced to Docker Desktop and the CLI when a user is signed in and starts Docker Desktop, and then every 60 minutes. 
+
+If your settings policy needs to be rolled back, either delete the policy or edit the policy to set individual settings to **User-defined**.
+
+## Settings policy actions
+
+From the **Actions** menu on the **Desktop Settings Management** page in the Docker Admin Console, you can:
+- Edit or delete an existing settings policy. 
+- Export a settings policy as an `admin-settings.json` file.
+- Promote a policy that is applied to a select group of users, to be the new global default policy for all users. 

content/manuals/security/for-admins/hardened-desktop/settings-management/configure.md renamed to content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md

@@ -1,18 +1,19 @@
 ---
 description: How to configure Settings Management for Docker Desktop
 keywords: admin, controls, rootless, enhanced container isolation
-title: Configure Settings Management
-linkTitle: Configure
-toc_min: 4
+title: Configure Settings Management with a JSON file
+linkTitle: Use a JSON file
+weight: 10
 aliases: 
  - /desktop/hardened-desktop/settings-management/configure/
+ - /security/for-admins/hardened-desktop/settings-management/configure/
 ---
 
 > [!NOTE]
 >
 > Settings Management is available to Docker Business customers only.
 
-This page contains information on how to configure Settings Management to specify and lock configuration parameters to create a standardized Docker Desktop environment across the organization.
+This page contains information on how to configure Settings Management with an `admin-settings.json` file. You can specify and lock configuration parameters to create a standardized Docker Desktop environment across your company or organization.
 
 Settings Management is designed specifically for organizations who don’t give developers root access to their machines.
 
@@ -41,7 +42,7 @@ To set it up manually:
 
 > [!NOTE]
 >
-> Some of the configuration parameters only apply to Windows or to specific Docker Desktop versions. This is highlighted in the following table.
+> Some of the configuration parameters only apply to certain platforms or to specific Docker Desktop versions. This is highlighted in the following table.
 
 The `admin-settings.json` file requires a nested list of configuration parameters, each of which must contain the `locked` parameter. You can add or remove configuration parameters as per your requirements.
 
@@ -241,6 +242,10 @@ The following `admin-settings.json` code and table provides an example of the re
 | `windowsContainers` |  | Parameters and settings related to `windowsContainers` options - grouped together here for convenience.  |  |
 |        `dockerDaemonOptions` |  | Overrides the options in the Linux daemon config file. See the [Docker Engine reference](/reference/cli/dockerd/#daemon-configuration-file).|  |
 
+> [!NOTE]
+> 
+> This setting is not available to configure via the Docker Admin Console.
+
 ### Kubernetes
 
 |Parameter|OS|Description|Version|