diff --git a/desktop/hardened-desktop/enhanced-container-isolation/faq.md b/desktop/hardened-desktop/enhanced-container-isolation/faq.md
index 3e4f5b72ff..d51ae2e2bf 100644
--- a/desktop/hardened-desktop/enhanced-container-isolation/faq.md
+++ b/desktop/hardened-desktop/enhanced-container-isolation/faq.md
@@ -32,7 +32,7 @@ containers securely. For more information, see [Key features and benefits](featu
 
 #### Will all privileged container workloads run with Enhanced Container Isolation?
 
-No. Privileged container workloads that wish to access global kernel resources, for example non-namespaced, inside the Docker Desktop Linux VM won't
+No. Privileged container workloads, or non-namespaced workloads, that wish to access global kernel resources inside the Docker Desktop Linux VM won't
 work. For example, you can't use a privileged container to load a kernel module.
 
 #### Why not just restrict usage of the `--privileged` flag?
diff --git a/desktop/hardened-desktop/enhanced-container-isolation/features-benefits.md b/desktop/hardened-desktop/enhanced-container-isolation/features-benefits.md
index c912044c86..5f147871b6 100644
--- a/desktop/hardened-desktop/enhanced-container-isolation/features-benefits.md
+++ b/desktop/hardened-desktop/enhanced-container-isolation/features-benefits.md
@@ -191,8 +191,8 @@ mount: permission denied (are you root?)
 ```
 
 Since the `$HOME` directory was mounted into the container's `/mnt` directory as
-read-only, it can't be changed from within the container to read-write. This
-ensures container processes use `mount`, or `umount`, to breach the container's
+read-only, it can't be changed from within the container to read-write, even if the container process has the capability to do so. This
+ensures container processes can't use `mount`, or `umount`, to breach the container's
 root filesystem.
 
 Note however that in the example above the container can still create mounts
diff --git a/desktop/hardened-desktop/enhanced-container-isolation/how-eci-works.md b/desktop/hardened-desktop/enhanced-container-isolation/how-eci-works.md
index 153c922bd9..c3d466aa1d 100644
--- a/desktop/hardened-desktop/enhanced-container-isolation/how-eci-works.md
+++ b/desktop/hardened-desktop/enhanced-container-isolation/how-eci-works.md
@@ -11,7 +11,7 @@ keywords: set up, enhanced container isolation, rootless, security
 Enhanced Container Isolation hardens container isolation using the [Sysbox
 container runtime](https://github.com/nestybox/sysbox). Sysbox is a fork of the
 standard OCI runc runtime that was modified to enhance container isolation and
-workloads. For more details see [Under the covers](#under-the-hood).
+workloads. For more details see [Under the hood](#under-the-hood).
 
 Starting with version 4.13, Docker Desktop includes a customized version of
 Sysbox.
diff --git a/desktop/hardened-desktop/enhanced-container-isolation/index.md b/desktop/hardened-desktop/enhanced-container-isolation/index.md
index c04864f9c6..767f7dd8cd 100644
--- a/desktop/hardened-desktop/enhanced-container-isolation/index.md
+++ b/desktop/hardened-desktop/enhanced-container-isolation/index.md
@@ -82,7 +82,7 @@ When Enhanced Container Isolation is enabled, users see that containers run with
 To check, run:
 
 ```
-$ docker run -it --rm alpine / # cat /proc/self/uid_map 
+$ docker run --rm alpine cat /proc/self/uid_map 
 ```
 
 The following output displays:
@@ -105,9 +105,9 @@ With Enhanced Container Isolation, if a process were to escape the container, it
 
 Since Enhanced Container Isolation [uses the Sysbox container runtime](how-eci-works.md) embedded in the Docker Desktop Linux VM, another way to determine if a container is running with Enhanced Container Isolation is by using `docker inspect`:
 
-```
-docker inspect --format='{{.HostConfig.Runtime}}' my_container
-```
+{% highlight liquid %}
+docker inspect --format={% raw %}'{{.HostConfig.Runtime}}'{% endraw %} my_container
+{% endhighlight %}
 
 It outputs: