Revert "Enterprise docs section" (#23091)

Reverts docker/docs#23083

content/guides/admin-set-up/comms-and-info-gathering.md

@@ -24,9 +24,9 @@ Some companies may have more than one [Docker organization](/manuals/admin/organ
 
 ## Step three: Gather requirements
 
-Through [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md), Docker provides numerous configuration parameters that can be preset. The Docker organization owner, development lead, and infosec representative should review these settings to establish the company’s baseline configuration, including security features and [enforcing sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) for Docker Desktop users. Additionally, they should decide whether to take advantage of other Docker products, such as [Docker Scout](/manuals/scout/_index.md), which is included in the subscription.
+Through [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md), Docker provides numerous configuration parameters that can be preset. The Docker organization owner, development lead, and infosec representative should review these settings to establish the company’s baseline configuration, including security features and [enforcing sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) for Docker Desktop users. Additionally, they should decide whether to take advantage of other Docker products, such as [Docker Scout](/manuals/scout/_index.md), which is included in the subscription.
 
-To view the parameters that can be preset, see [Configure Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md#step-two-configure-the-settings-you-want-to-lock-in).
+To view the parameters that can be preset, see [Configure Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md#step-two-configure-the-settings-you-want-to-lock-in).
 
 ## Optional step four: Meet with the Docker Implementation team
 

content/guides/admin-set-up/finalize-plans-and-setup.md

@@ -6,9 +6,9 @@ weight: 20
 
 ## Step one: Send finalized settings files to the MDM team 
 
-After reaching an agreement with the relevant teams about your baseline and security configurations as outlined in module one, configure Settings Management using either the [Docker Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md) or an [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md).
+After reaching an agreement with the relevant teams about your baseline and security configurations as outlined in module one, configure Settings Management using either the [Docker Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) or an [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md).
 
-Once the file is ready, collaborate with your MDM team to deploy your chosen settings, along with your chosen method for [enforcing sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md).
+Once the file is ready, collaborate with your MDM team to deploy your chosen settings, along with your chosen method for [enforcing sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md).
 
 > [!IMPORTANT]
 >
@@ -22,9 +22,9 @@ If you have more than one organization, it’s recommended that you either conso
 
 ### Set up single sign-on SSO domain verification
 
-Single sign-on (SSO) lets developers authenticate using their identity providers (IdPs) to access Docker. SSO is available for a whole company, and all associated organizations, or an individual organization that has a Docker Business subscription. For more information, see the [documentation](/manuals/enterprise/security/single-sign-on/_index.md).
+Single sign-on (SSO) lets developers authenticate using their identity providers (IdPs) to access Docker. SSO is available for a whole company, and all associated organizations, or an individual organization that has a Docker Business subscription. For more information, see the [documentation](/manuals/security/for-admins/single-sign-on/_index.md).
 
-You can also enable [SCIM](/manuals/enterprise/security/provisioning/scim.md) for further automation of provisioning and deprovisioning of users.
+You can also enable [SCIM](/manuals/security/for-admins/provisioning/scim.md) for further automation of provisioning and deprovisioning of users.
 
 ### Set up Docker product entitlements included in the subscription
 

content/guides/admin-set-up/testing.md

@@ -17,7 +17,7 @@ You can test SSO and SCIM by signing in to Docker Desktop or Docker Hub with the
 > [!WARNING]
 > Be sure to communicate with your users before proceeding, as this step will impact all existing users signing into your Docker organization
 
-If you plan to use [Registry Access Management (RAM)](/manuals/enterprise/security/hardened-desktop/registry-access-management.md) and/or [Image Access Management (IAM)](/manuals/enterprise/security/hardened-desktop/image-access-management.md), ensure your test developer signs in to Docker Desktop using their organization credentials. Once authenticated, have them attempt to pull an unauthorized image or one from a disallowed registry via the Docker CLI. They should receive an error message indicating that the registry is restricted by the organization.
+If you plan to use [Registry Access Management (RAM)](/manuals/security/for-admins/hardened-desktop/registry-access-management.md) and/or [Image Access Management (IAM)](/manuals/security/for-admins/hardened-desktop/image-access-management.md), ensure your test developer signs in to Docker Desktop using their organization credentials. Once authenticated, have them attempt to pull an unauthorized image or one from a disallowed registry via the Docker CLI. They should receive an error message indicating that the registry is restricted by the organization.
 
 ## Deploy settings and enforce sign in to test group
 

content/guides/admin-user-management/onboard.md

@@ -11,7 +11,7 @@ This page guides you through onboarding owners and members, and using tools like
 
 When you create a Docker organization, you automatically become its sole owner. While optional, adding additional owners can significantly ease the process of onboarding and managing your organization by distributing administrative responsibilities. It also ensures continuity and does not cause a blocker if the primary owner is unavailable.
 
-For detailed information on owners, see [Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md).
+For detailed information on owners, see [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md).
 
 ## Step 2: Invite members and assign roles
 
@@ -47,11 +47,11 @@ SSO:
 
  - Simplifies onboarding as it works seamlessly with SCIM and group mapping for automated provisioning.
 
-[SSO documentation](/manuals/enterprise/security/single-sign-on/_index.md).
+[SSO documentation](/manuals/security/for-admins/single-sign-on/_index.md).
 
 ### Automate onboarding with SCIM and JIT provisioning
 
-Streamline user provisioning and role management with [SCIM](/manuals/enterprise/security/provisioning/scim.md) and [Just-in-Time (JIT) provisioning](/manuals/enterprise/security/provisioning/just-in-time.md).
+Streamline user provisioning and role management with [SCIM](/manuals/security/for-admins/provisioning/scim.md) and [Just-in-Time (JIT) provisioning](/manuals/security/for-admins/provisioning/just-in-time.md).
 
 With SCIM you can:
 
@@ -77,4 +77,4 @@ It also:
 
  - Help you scale permissions as teams grow or change.
 
-For more information on how it works, see [Group mapping](/manuals/enterprise/security/provisioning/group-mapping.md).
+For more information on how it works, see [Group mapping](/manuals/security/for-admins/provisioning/group-mapping.md).

content/guides/admin-user-management/setup.md

@@ -24,7 +24,7 @@ Docker’s predefined roles offer flexibility for various organizational needs.
 - Organization owner: Full organization administrative access. Organization owners can manage organization repositories, teams, members, settings, and billing.
 - Company owner: In addition to the permissions of an organization owner, company owners can configure settings for their associated organizations.
 
-For more information, see [Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md).
+For more information, see [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md).
 
 ### Enhancing with teams
 

content/guides/zscaler/index.md

@@ -46,7 +46,7 @@ necessary.
 
 If you are not using Zscaler as a system-level proxy, manually configure proxy
 settings in Docker Desktop. Set up proxy settings for all clients in the
-organization using [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md),
+organization using [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md),
 or edit proxy configuration in the Docker Desktop GUI under [**Settings > Resources > Proxies**](/manuals/desktop/settings-and-maintenance/settings.md#proxies).
 
 ## Install root certificates in Docker images

content/manuals/_index.md

@@ -13,7 +13,6 @@ params:
       - AI
       - Products
       - Platform
-      - Enterprise
   notoc: true
   open-source:
   - title: Docker Build
@@ -108,11 +107,6 @@ params:
     description: Commercial use licenses for Docker products.
     icon: card_membership
     link: /subscription/
-  enterprise:
-  - title: Deploy Docker Desktop
-    description: Deploy Docker Desktop at scale within your company
-    icon: download
-    link: /enterprise/enterprise-deployment/
 ---
 
 This section contains user guides on how to install, set up, configure, and use
@@ -139,12 +133,6 @@ End-to-end developer solutions for innovative teams.
 ## Platform
 
 Documentation related to the Docker platform, such as administration and
-subscription management.
+subscription management for organizations.
 
 {{< grid items=platform >}}
-
-## Enterprise
-
-Targeted at IT administrators with help on deploying Docker Desktop at scale with configuration guidance on security related features. 
-
-{{< grid items=enterprise >}}

content/manuals/admin/faqs/company-faqs.md

@@ -46,4 +46,4 @@ subscription seat.
 Company owners can navigate to the **Organizations** page to view all their
 nested organizations in a single location. They can also view or edit organization members and change single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) settings. Changes to company settings impact all users in each organization under the company.
 
-For more information, see [Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md).
+For more information, see [Roles and permissions](../../security/for-admins/roles-and-permissions.md).

content/manuals/admin/faqs/general-faqs.md

@@ -53,12 +53,12 @@ An organization owner is a member who has administrator permissions. They
 have full access to private repositories, all teams, billing information, and
 organization settings.
 
-For more information on the organization owner role, see [Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md).
+For more information on the organization owner role, see [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md).
 
 ### Can I configure multiple SSO identity providers (IdPs) to authenticate users to a single org?
 
 Yes. Docker SSO supports multiple IdP configurations. For more
-information, see [Configure SSO](/manuals/enterprise/security/single-sign-on/configure.md) and [SSO FAQs](../../security/faqs/single-sign-on/faqs.md).
+information, see [Configure SSO](../../security/for-admins/single-sign-on/configure/_index.md) and [SSO FAQs](../../security/faqs/single-sign-on/faqs.md).
 
 ### What is a service account?
 
@@ -68,7 +68,7 @@ or renewals of service accounts are no longer available and customers must renew
 under a new subscription.
 
 For similar functionality,
-transition to [Organization access tokens](/manuals/enterprise/security/access-tokens.md).
+transition to [Organization access tokens](/manuals/security/for-admins/access-tokens.md).
 
 ### Can I delete or deactivate a Docker account for another user?
 

content/manuals/admin/faqs/organization-faqs.md

@@ -27,11 +27,11 @@ assign them to a team during the invite process.
 ### Can I force my organization's members to authenticate before using Docker Desktop and are there any benefits?
 
 Yes. You can
-[enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md).
+[enforce sign-in](../../security/for-admins/enforce-sign-in/_index.md).
 
 Some benefits of enforcing sign-in are:
 
-- Administrators can enforce features like [Image Access Management](/manuals/enterprise/security/hardened-desktop/image-access-management.md) and [Registry Access Management](/manuals/enterprise/security/hardened-desktop/registry-access-management.md).
+- Administrators can enforce features like [Image Access Management](/manuals/security/for-admins/hardened-desktop/image-access-management.md) and [Registry Access Management](../../security/for-admins/hardened-desktop/registry-access-management.md).
  - Administrators can ensure compliance by blocking Docker Desktop usage for
  users who don't sign in as members of the organization.
 

content/manuals/admin/organization/convert-account.md

@@ -14,7 +14,7 @@ useful if you need multiple users to access your account and the repositories
 it’s connected to. Converting it to an organization gives you better control
 over permissions for these users through
 [teams](/manuals/admin/organization/manage-a-team.md) and
-[roles](/manuals/enterprise/security/roles-and-permissions.md).
+[roles](/manuals/security/for-admins/roles-and-permissions.md).
 
 When you convert a user account to an organization, the account is migrated to
 a Docker Team subscription by default.

content/manuals/admin/organization/deactivate-account.md

@@ -28,7 +28,7 @@ organization:
 - If you have an active Docker subscription, [downgrade it to a free subscription](../../subscription/change.md).
 - Remove all other members within the organization.
 - Unlink your [GitHub and Bitbucket accounts](../../docker-hub/repos/manage/builds/link-source.md#unlink-a-github-user-account).
-- For Business organizations, [remove your SSO connection](/manuals/enterprise/security/single-sign-on/manage.md#remove-an-organization).
+- For Business organizations, [remove your SSO connection](../../security/for-admins/single-sign-on/manage/#remove-an-organization).
 
 ## Deactivate
 

content/manuals/admin/organization/general-settings.md

@@ -29,7 +29,7 @@ select your organization.
 
 After configuring your organization information, you can:
 
-- [Configure single sign-on (SSO)](/manuals/enterprise/security/single-sign-on/configure.md)
-- [Set up SCIM provisioning](/manuals/enterprise/security/provisioning/scim.md)
-- [Manage domains](/manuals/enterprise/security/domain-management.md)
+- [Configure single sign-on (SSO)](../../security/for-admins/single-sign-on/configure/)
+- [Set up SCIM provisioning](../../security/for-admins/provisioning/scim.md)
+- [Manage domains](../../security/for-admins/domain-management.md)
 - [Create a company](new-company.md)

content/manuals/admin/organization/insights.md

@@ -175,7 +175,7 @@ A Docker Desktop user export file contains the following data points:
 - Username: User's Docker ID
 - Email: User's email address associated with their Docker ID
 - Type: User type
-- Role: User [role](/manuals/enterprise/security/roles-and-permissions.md)
+- Role: User [role](/manuals/security/for-admins/roles-and-permissions.md)
 - Teams: Team(s) within your organization the user is a
 member of
 - Date Joined: The date the user joined your organization
@@ -185,7 +185,7 @@ their web browser (this includes Docker Hub and Docker Home)
 installed
 - Last Seen Date: The last date the user used the Docker Desktop application
 - Opted Out Analytics: Whether the user has opted out of the
-[Send usage statistics](/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md#send-usage-statistics) setting in Docker Desktop
+[Send usage statistics](/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md#send-usage-statistics) setting in Docker Desktop
 
 ## Troubleshoot Insights
 

content/manuals/admin/organization/manage-a-team.md

@@ -32,7 +32,7 @@ An organization owner is an administrator who has the following permissions:
 organization settings
 - Specify [permissions](#permissions-reference) for each team in the
 organization
-- Enable [SSO](/manuals/enterprise/security/single-sign-on/_index.md) for the
+- Enable [SSO](../../security/for-admins/single-sign-on/_index.md) for the
 organization
 
 When SSO is enabled for your organization, the organization owner can
@@ -44,7 +44,7 @@ Organization owners can add others with the owner role to help them
 manage users, teams, and repositories in the organization.
 
 For more information on roles, see
-[Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md).
+[Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md).
 
 ## Create a team
 
@@ -92,7 +92,7 @@ access for.
 
 Organization owners can also assign members the editor role to grant partial
 administrative access. For more information on the editor role, see
-[Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md).
+[Roles and permissions](../../security/for-admins/roles-and-permissions.md).
 
 ### Permissions reference
 

content/manuals/admin/organization/manage-products.md

@@ -31,9 +31,9 @@ subscription, see
 
 To manage Docker Desktop access:
 
-1. [Enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md).
+1. [Enforce sign-in](../../security/for-admins/enforce-sign-in/_index.md).
 1. Manage members [manually](./members.md) or use
-[provisioning](/manuals/enterprise/security/provisioning/_index.md).
+[provisioning](../../security/for-admins/provisioning/_index.md).
 
 With sign-in enforced, only users who are a member of your organization can
 use Docker Desktop after signing in.
@@ -44,8 +44,8 @@ use Docker Desktop after signing in.
 ### Manage Docker Hub access
 
 To manage Docker Hub access, sign in to
-[Docker Home](https://app.docker.com/) and configure [Registry Access Management](/manuals/enterprise/security/hardened-desktop/registry-access-management.md)
-or [Image Access Management](/manuals/enterprise/security/hardened-desktop/image-access-management.md).
+[Docker Home](https://app.docker.com/) and configure [Registry Access Management](../../security/for-admins/hardened-desktop/registry-access-management.md)
+or [Image Access Management](../../security/for-admins/hardened-desktop/image-access-management.md).
 
 {{< /tab >}}
 {{< tab name="Docker Build Cloud" >}}
@@ -80,7 +80,7 @@ owner.
 **Repository settings**. For more information on,
 see [repository settings](../../scout/explore/dashboard.md#repository-settings).
 1. To manage access to Docker Scout for use on local images with Docker Desktop,
-use [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md)
+use [Settings Management](../../security/for-admins/hardened-desktop/settings-management/_index.md)
 and set `sbomIndexing` to `false` to disable, or to `true` to enable.
 
 {{< /tab >}}

content/manuals/admin/organization/members.md

@@ -27,7 +27,7 @@ Use the following steps to invite members to your organization via Docker ID or
 
 > [!NOTE]
 >
-> When you invite members, you assign them a role. See [Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md) for
+> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for
 details about the access permissions for each role.
 
 Pending invitations appear in the table. Invitees receive an email with a link to Docker Hub where they can accept or decline the invitation.
@@ -76,7 +76,7 @@ Valid email addresses and any email addresses that have issues appear. Email add
 
 > [!NOTE]
 >
-> When you invite members, you assign them a role. See [Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md) for
+> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for
 details about the access permissions for each role.
 
 Pending invitations appear in the table. The invitees receive an email with a link to Docker Hub where they can accept or decline the invitation.
@@ -104,7 +104,7 @@ Use the following steps to invite members to your organization via Docker ID or
 
 > [!NOTE]
 >
-> When you invite members, you assign them a role. See [Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md) for
+> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for
 details about the access permissions for each role.
 
 Pending invitations appear in the table. The invitees receive an email with a link to Docker Hub where they can accept or decline the invitation.
@@ -154,7 +154,7 @@ Valid email addresses and any email addresses that have issues appear. Email add
 
 > [!NOTE]
 >
-> When you invite members, you assign them a role. See [Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md) for
+> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for
 details about the access permissions for each role.
 
 Pending invitations appear in the table. The invitees receive an email with a link to Docker Hub where they can accept or decline the invitation.
@@ -320,7 +320,7 @@ To add a member to a team with Docker Hub:
 
 > [!NOTE]
 >
-> If your organization uses single sign-on (SSO) with [SCIM](/manuals/enterprise/security/provisioning/scim.md) enabled, you should remove members from your identity provider (IdP). This will automatically remove members from Docker. If SCIM is disabled, you must manually manage members in Docker.
+> If your organization uses single sign-on (SSO) with [SCIM](/manuals/security/for-admins/provisioning/scim.md) enabled, you should remove members from your identity provider (IdP). This will automatically remove members from Docker. If SCIM is disabled, you must manually manage members in Docker.
 
 Organization owners can remove a member from a team in Docker Hub or Admin Console. Removing the member from the team will revoke their access to the permitted resources.
 

content/manuals/admin/organization/onboard.md

@@ -103,7 +103,7 @@ add additional owners.
 
 To add an owner, invite a user and assign them the owner role. For more
 details, see [Invite members](/manuals/admin/organization/members.md) and
-[Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md).
+[Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md).
 
 ### Step three: Invite members
 
@@ -114,7 +114,7 @@ they are signed in.
 
 To add a member, invite a user and assign them the member role.
 For more details, see [Invite members](/manuals/admin/organization/members.md) and
-[Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md).
+[Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md).
 
 ### Step four: Manage user access with SSO and SCIM
 
@@ -125,20 +125,20 @@ subscription, see [Change your subscription](/manuals/subscription/change.md).
 Use your identity provider (IdP) to manage members and provision them to Docker
 automatically via SSO and SCIM. See the following for more details:
 
-   - [Configure SSO](/manuals/enterprise/security/single-sign-on/configure.md)
+   - [Configure SSO](/manuals/security/for-admins/single-sign-on/configure.md)
    to authenticate and add members when they sign in to Docker through your
    identity provider.
    - Optional.
-   [Enforce SSO](/manuals/enterprise/security/single-sign-on/connect.md) to
+   [Enforce SSO](/manuals/security/for-admins/single-sign-on/connect.md) to
    ensure that when users sign in to Docker, they must use SSO.
 
      > [!NOTE]
      >
      > Enforcing single sign-on (SSO) and enforcing Docker Desktop sign in
      are different features. For more details, see
-     > [Enforcing sign-in versus enforcing single sign-on (SSO)](/manuals/enterprise/security/enforce-sign-in/_index.md#enforcing-sign-in-versus-enforcing-single-sign-on-sso).
+     > [Enforcing sign-in versus enforcing single sign-on (SSO)](/manuals/security/for-admins/enforce-sign-in.md#enforcing-sign-in-versus-enforcing-single-sign-on-sso).
 
-   - [Configure SCIM](/manuals/enterprise/security/provisioning/scim.md) to
+   - [Configure SCIM](/manuals/security/for-admins/provisioning/scim.md) to
    automatically provision, add, and de-provision members to Docker through
    your identity provider.
 
@@ -148,28 +148,28 @@ By default, members of your organization can use Docker Desktop without signing
 in. When users don’t sign in as a member of your organization, they don’t
 receive the
 [benefits of your organization’s subscription](../../subscription/details.md)
-and they can circumvent [Docker’s security features](/manuals/enterprise/security/hardened-desktop/_index.md).
+and they can circumvent [Docker’s security features](/manuals/security/for-admins/hardened-desktop/_index.md).
 
 There are multiple ways you can enforce sign-in, depending on your organization's
 Docker configuration:
-- [Registry key method (Windows only)](/manuals/enterprise/security/enforce-sign-in/methods.md#registry-key-method-windows-only)
-- [`.plist` method (Mac only)](/manuals/enterprise/security/enforce-sign-in/methods.md#plist-method-mac-only)
-- [`registry.json` method (All)](/manuals/enterprise/security/enforce-sign-in/methods.md#registryjson-method-all)
+- [Registry key method (Windows only)](/manuals/security/for-admins/enforce-sign-in/methods.md#registry-key-method-windows-only)
+- [`.plist` method (Mac only)](/manuals/security/for-admins/enforce-sign-in/methods.md#plist-method-mac-only)
+- [`registry.json` method (All)](/manuals/security/for-admins/enforce-sign-in/methods.md#registryjson-method-all)
 
 ### Step six: Manage Docker Desktop security
 
 Docker offers the following security features to manage your organization's
 security posture:
 
-- [Image Access Management](/manuals/enterprise/security/hardened-desktop/image-access-management.md): Control which types of images your developers can pull from Docker Hub.
-- [Registry Access Management](/manuals/enterprise/security/hardened-desktop/registry-access-management.md): Define which registries your developers can access.
-- [Settings management](/manuals/enterprise/security/hardened-desktop/settings-management.md): Set and control Docker Desktop settings for your users.
+- [Image Access Management](/manuals/security/for-admins/hardened-desktop/image-access-management.md): Control which types of images your developers can pull from Docker Hub.
+- [Registry Access Management](/manuals/security/for-admins/hardened-desktop/registry-access-management.md): Define which registries your developers can access.
+- [Settings management](/manuals/security/for-admins/hardened-desktop/settings-management.md): Set and control Docker Desktop settings for your users.
 
 ## What's next
 
 - [Manage Docker products](./manage-products.md) to configure access and view usage.
 - Configure [Hardened Docker Desktop](/desktop/hardened-desktop/) to improve your organization’s security posture for containerized development.
-- [Manage your domains](/manuals/enterprise/security/domain-management.md) to ensure that all Docker users in your domain are part of your organization.
+- [Manage your domains](/manuals/security/for-admins/domain-management.md) to ensure that all Docker users in your domain are part of your organization.
 
 Your Docker subscription provides many more additional features. To learn more,
 see [Docker subscriptions and features](/subscription/details/).

content/manuals/admin/organization/orgs.md

@@ -146,7 +146,7 @@ configure your organization.
 - **Settings**: Displays information about your
   organization, and you to view and change your repository privacy
   settings, configure org permissions such as
-  [Image Access Management](/manuals/enterprise/security/hardened-desktop/image-access-management.md), configure notification settings, and [deactivate](/manuals/admin/organization/deactivate-account.md#deactivate-an-organization) You can also update your organization name and company name that appear on your organization landing page. You must be an owner to access the organization's **Settings** page.
+  [Image Access Management](/manuals/security/for-admins/hardened-desktop/image-access-management.md), configure notification settings, and [deactivate](/manuals/admin/organization/deactivate-account.md#deactivate-an-organization) You can also update your organization name and company name that appear on your organization landing page. You must be an owner to access the organization's **Settings** page.
 - **Billing**: Displays information about your existing
   [Docker subscription](../../subscription/_index.md), including the number of seats and next payment due date. For how to access the billing history and payment methods for your organization, see [View billing history](../../billing/history.md).
 

content/manuals/ai/gordon/_index.md

@@ -226,7 +226,7 @@ If you've enabled Ask Gordon and you want to disable it again:
 
 If you want to disable Ask Gordon for your entire Docker organization, using
 [Settings
-Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md),
+Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md),
 add the following property to your `admin-settings.json` file:
 
 ```json

content/manuals/build-cloud/_index.md

@@ -69,4 +69,4 @@ Once you've signed up and created a builder, continue by
 [setting up the builder in your local environment](./setup.md).
 
 For information about roles and permissions related to Docker Build Cloud, see
-[Roles and Permissions](/manuals/enterprise/security/roles-and-permissions.md#docker-build-cloud-permissions).
+[Roles and Permissions](/manuals/security/for-admins/roles-and-permissions.md#docker-build-cloud-permissions).

content/manuals/build-cloud/ci.md

@@ -36,7 +36,7 @@ See [Loading build results](./usage/#loading-build-results) for details.
 
 To enable your CI/CD system to build and push images using Docker Build Cloud, provide both an access token and a username. The type of token and the username you use depend on your account type and permissions.
 
-- If you are an organization administrator or have permission to create [organization access tokens (OAT)](/manuals/enterprise/security/access-tokens.md), use an OAT and set `DOCKER_ACCOUNT` to your Docker Hub organization name.
+- If you are an organization administrator or have permission to create [organization access tokens (OAT)](../security/for-admins/access-tokens.md), use an OAT and set `DOCKER_ACCOUNT` to your Docker Hub organization name.
 - If you do not have permission to create OATs or are using a personal account, use a [personal access token (PAT)](/security/for-developers/access-tokens/) and set `DOCKER_ACCOUNT` to your Docker Hub username.
 
 ### Creating access tokens
@@ -45,7 +45,7 @@ To enable your CI/CD system to build and push images using Docker Build Cloud, p
 
 If you are an organization administrator:
 
-- Create an [organization access token (OAT)](/manuals/enterprise/security/access-tokens.md). The token must have these permissions:
+- Create an [organization access token (OAT)](../security/for-admins/access-tokens.md). The token must have these permissions:
     1. **cloud-connect** scope
     2. **Read public repositories** permission
     3. **Repository access** with **Image push** permission for the target repository:

content/manuals/desktop/features/kubernetes.md

@@ -57,7 +57,7 @@ Docker Desktop Kubernetes can be provisioned with either the `kubeadm` or `kind`
 provisioners.
 
 `kubeadm` is the older provisioner. It supports a single-node cluster, you can't select the kubernetes
-version, it's slower to provision than `kind`, and it's not supported by [Enhanced Container Isolation](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/index.md) (ECI),
+version, it's slower to provision than `kind`, and it's not supported by [Enhanced Container Isolation](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/index.md) (ECI),
 meaning that if ECI is enabled the cluster works but it's not protected by ECI.
 
 `kind` is the newer provisioner, and it's available if you are signed in and are
@@ -165,7 +165,7 @@ factors, including the version of Kubernetes being used. The tags vary for each
 
 To accommodate scenarios where access to Docker Hub is not allowed, admins can
 configure Docker Desktop to pull the above listed images from a different registry (e.g., a mirror)
-using the [KubernetesImagesRepository](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md#kubernetes) setting as follows.
+using the [KubernetesImagesRepository](../../security/for-admins/hardened-desktop/settings-management/configure-json-file.md#kubernetes) setting as follows.
 
 An image name can be broken into `[registry[:port]/][namespace/]repository[:tag]` components.
 The `KubernetesImagesRepository` setting allows users to override the `[registry[:port]/][namespace]`
@@ -214,8 +214,8 @@ The recommended approach to set this up is the following:
 
 > [!NOTE]
 >
-> When using `KubernetesImagesRepository` and [Enhanced Container Isolation (ECI)](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md)
-> is enabled, add the following images to the [ECI Docker socket mount image list](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md#enhanced-container-isolation):
+> When using `KubernetesImagesRepository` and [Enhanced Container Isolation (ECI)](../../security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md)
+> is enabled, add the following images to the [ECI Docker socket mount image list](../../security/for-admins/hardened-desktop/settings-management/configure-json-file.md#enhanced-container-isolation):
 >
 > * [imagesRepository]/desktop-cloud-provider-kind:*
 > * [imagesRepository]/desktop-containerd-registry-mirror:*

content/manuals/desktop/features/networking.md

@@ -107,8 +107,8 @@ Depending on your selected network mode, the options available are:
 
 ### Using Settings Management
 
-If you're an administrator, you can use [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md#networking) to enforce this Docker Desktop setting across your developer's machines. Choose from the following code snippets and at it to your `admin-settings.json` file,
-or configure this setting using the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+If you're an administrator, you can use [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md#networking) to enforce this Docker Desktop setting across your developer's machines. Choose from the following code snippets and at it to your `admin-settings.json` file,
+or configure this setting using the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 {{< tabs >}}
 {{< tab name="Networking mode" >}}

content/manuals/desktop/features/wsl/_index.md

@@ -111,7 +111,7 @@ Docker Desktop runs within its own dedicated WSL distribution, `docker-desktop`,
 
 WSL is designed to facilitate interoperability between Windows and Linux environments. Its file system is accessible from the Windows host `\\wsl$`, meaning Windows processes can read and modify files within WSL. This behavior is not specific to Docker Desktop, but rather a core aspect of WSL itself.
 
-For organizations concerned about security risks related to WSL and want stricter isolation and security controls, run Docker Desktop in Hyper-V mode instead of WSL 2. Alternatively, run your container workloads with [Enhanced Container Isolation](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md) enabled.
+For organizations concerned about security risks related to WSL and want stricter isolation and security controls, run Docker Desktop in Hyper-V mode instead of WSL 2. Alternatively, run your container workloads with [Enhanced Container Isolation](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md) enabled.
 
 ## Additional resources
 

content/manuals/desktop/release-notes.md

@@ -163,7 +163,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 - Improved the sign-in enforcement message when more than 10 organizations are enforced.
 - Changed the way ports are mapped by Docker Desktop to fully support IPv6 ports.
 - Fixed a bug in the Dashboard container logs screen causing the scrollbar to disappear as the mouse approaches.
-- [Enforced sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) fixed for Teams subscription users.
+- [Enforced sign-in](../security/for-admins/enforce-sign-in) fixed for Teams subscription users.
 - `llama.cpp` server now supports streaming and tool calling in Model Runner.
 - Sign-in Enforcement capability is now available to all subscriptions.
 
@@ -264,7 +264,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 - Improved error messages when downloading Registry Access Management configuration.
 - If Docker can't bind an ICMPv4 socket, it now logs an error and continues rather than quits.
 - Enabled the memory protection keys mechanism in the Docker Desktop Linux VM, allowing containers like Oracle database images to run correctly.
-- Fixed a problem with containers accessing `/proc/sys/kernel/shm*` sysctls when [Enhanced Container Isolation](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md) is enabled on Mac, Windows Hyper-V, or Linux.
+- Fixed a problem with containers accessing `/proc/sys/kernel/shm*` sysctls when [Enhanced Container Isolation](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md) is enabled on Mac, Windows Hyper-V, or Linux.
 - Added kernel module `nft_fib_inet`, required for running firewalld in a Linux container.
 - MacOS QEMU Virtualization option is being deprecated on July 14, 2025.
 
@@ -427,7 +427,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 #### For all platforms
 
 - Fixed a bug where access tokens generated by the `docker login` web flow could not be refreshed by Docker Desktop.
-- Fixed a bug where container creation via the Docker API using `curl` failed when [Enhanced Container Isolation](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md) was enabled.
+- Fixed a bug where container creation via the Docker API using `curl` failed when [Enhanced Container Isolation](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md) was enabled.
 - Fixed a bug where the RAM policy was not refreshed after the refresh period had elapsed.
 - Fixed a bug in Enhanced Container Isolation when mounting the Docker socket into a container, and then creating Docker containers with bind-mounts from within that container.
 - Fixed an issue that caused a discrepancy between the GUI and the CLI, the former forcing the `0.0.0.0` HostIP in port-mappings. This caused default binding IPs configured through Engine's `ip` flag, or through the bridge option `com.docker.network.bridge.host_binding_ipv4`, to not be used.
@@ -490,7 +490,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 #### For all platforms
 
 - Fixed an issue that caused the AI Catalog in Docker Hub to be unavailable in Docker Desktop.
-- Fixed an issue that caused Docker Desktop to panic with `index out of range [0] with length 0` when using [Enhanced Container Isolation](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md).
+- Fixed an issue that caused Docker Desktop to panic with `index out of range [0] with length 0` when using [Enhanced Container Isolation](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md).
 
 ### Known issues
 
@@ -586,13 +586,13 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 
 - Existing Docker Desktop installations using the WSL2 engine on Windows are now automatically migrated to a unified single-distribution architecture for enhanced consistency and performance.
 - Administrators can now:
-  - Enforce sign-in with macOS [configuration profiles](/manuals/enterprise/security/enforce-sign-in/methods.md#configuration-profiles-method-mac-only) (Early Access).
+  - Enforce sign-in with macOS [configuration profiles](/manuals/security/for-admins/enforce-sign-in/methods.md#configuration-profiles-method-mac-only) (Early Access).
   - Enforce sign-in for more than one organization at a time (Early Access).
-  - Deploy Docker Desktop for Mac in bulk with the [PKG installer](/manuals/enterprise/enterprise-deployment/pkg-install-and-configure.md) (Early Access).
+  - Deploy Docker Desktop for Mac in bulk with the [PKG installer](/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md) (Early Access).
   - Use Desktop Settings Management to manage and enforce defaults via admin.docker.com (Early Access).
 - Enhance Container Isolation (ECI) has been improved to:
-  - Allow admins to [turn off Docker socket mount restrictions](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/config.md#allowing-all-containers-to-mount-the-docker-socket).
-  - Support wildcard tags when using the [`allowedDerivedImages` setting](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/config.md#docker-socket-mount-permissions-for-derived-images).
+  - Allow admins to [turn off Docker socket mount restrictions](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md#allowing-all-containers-to-mount-the-docker-socket).
+  - Support wildcard tags when using the [`allowedDerivedImages` setting](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md#docker-socket-mount-permissions-for-derived-images).
 
 ### Upgrades
 
@@ -701,7 +701,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 - Fixed a bug where the **Push to Docker Hub** action in the **Images** view would result in an `invalid tag format` error. Fixes [docker/for-win#14258](https://github.com/docker/for-win/issues/14258).
 - Fixed an issue where Docker Desktop startup failed when ICMPv6 setup was not successful.
 - Added drivers that allow USB/IP to work.
-- Fixed a bug in Enhanced Container Isolation (ECI) [Docker socket mount permissions for derived images](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/config.md) where it was incorrectly denying Docker socket mounts for some images when Docker Desktop uses the containerd image store.
+- Fixed a bug in Enhanced Container Isolation (ECI) [Docker socket mount permissions for derived images](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md) where it was incorrectly denying Docker socket mounts for some images when Docker Desktop uses the containerd image store.
 - Enable `NFT_NUMGEN`, `NFT_FIB_IPV4` and `NFT_FIB_IPV6` kernel modules.
 - Build UI:
   - Highlight build check warnings in the **Completed builds** list.
@@ -709,7 +709,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
   - Image tags added to **Build results** section under the **Info** tab.
 - Improved efficiency of host-side disk utilization for fresh installations on Mac and Linux.
 - Fixed a bug that prevented the Sign in enforcement popup to be triggered when token expires.
-- Fixed a bug where containers would not be displayed in the GUI immediately after signing in when using [enforced sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md).
+- Fixed a bug where containers would not be displayed in the GUI immediately after signing in when using [enforced sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md).
 - `settings.json` has been renamed to `settings-store.json`
 - The host networking feature no longer requires users to be signed-in in order to use it.
 
@@ -816,8 +816,8 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 - [Host networking](/manuals/engine/network/drivers/host.md#docker-desktop) support on Docker Desktop is now generally available.
 - If you authenticate via the CLI, you can now authenticate through a browser-based flow, removing the need for manual PAT generation.
 - Windows now supports automatic reclamation of disk space in Docker Desktop for WSL2 installations [using a managed virtual hard disk](/manuals/desktop/features/wsl/best-practices.md).
-- Deploying Docker Desktop via the [MSI installer](/manuals/enterprise/enterprise-deployment/msi-install-and-configure.md) is now generally available.
-- Two new methods to [enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) (windows registry key and `.plist` file) are now generally available.
+- Deploying Docker Desktop via the [MSI installer](/manuals/desktop/setup/install/enterprise-deployment/msi-install-and-configure.md) is now generally available.
+- Two new methods to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) (windows registry key and `.plist` file) are now generally available.
 - Fresh installations of Docker Desktop now use the containerd image store by default.
 - [Compose Bridge](/manuals/compose/bridge/_index.md) (Experimental) is now available from the Compose file viewer. Easily convert and deploy your Compose project to a Kubernetes cluster.
 
@@ -864,8 +864,8 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
   > [!NOTE]
   > Using `docker login` with an address that includes URL path segments is not a documented use case and is considered unsupported. The recommended usage is to specify only a registry hostname, and optionally a port, as the address for `docker login`.
 - When running `docker compose up` and Docker Desktop is in the Resource Saver mode, the command is unresponsive. As a workaround, manually exit the Resource Saving mode and Docker Compose becomes responsive again.
-- When [Enhanced Container Isolation (ECI)](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md) is enabled, Docker Desktop may not enter Resource Saver mode. This will be fixed in a future Docker Desktop release.
-- The new [ECI Docker socket mount permissions for derived images](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/config.md#docker-socket-mount-permissions-for-derived-images) feature does not yet work when Docker Desktop is configured with the  **Use containerd for pulling and storing images**. This will be fixed in the next Docker Desktop release.
+- When [Enhanced Container Isolation (ECI)](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md) is enabled, Docker Desktop may not enter Resource Saver mode. This will be fixed in a future Docker Desktop release.
+- The new [ECI Docker socket mount permissions for derived images](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md#docker-socket-mount-permissions-for-derived-images) feature does not yet work when Docker Desktop is configured with the  **Use containerd for pulling and storing images**. This will be fixed in the next Docker Desktop release.
 
 ## 4.33.2
 
@@ -1016,7 +1016,7 @@ For more information, see [microsoft/WSL#11794](https://github.com/microsoft/WSL
 
 - Improved instructions for `watch` in the Compose File Viewer
 - Added support for Golang projects that don't have dependencies in Docker Init. Addresses [docker/roadmap#611](https://github.com/docker/roadmap/issues/611)
-- [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md) now lets admins set the default value to `ProxyEnableKerberosNTLM`.
+- [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md) now lets admins set the default value to `ProxyEnableKerberosNTLM`.
 - Removed a temporary compatibility fix for older versions of Visual Studio Code.
 - Builds view:
   - Changed icon for imported build record to a "files" icon.
@@ -1071,7 +1071,7 @@ For more information, see [microsoft/WSL#11794](https://github.com/microsoft/WSL
 
 ### New
 
-- [Air-Gapped Containers](/manuals/enterprise/security/hardened-desktop/air-gapped-containers.md) is now generally available.
+- [Air-Gapped Containers](/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md) is now generally available.
 - Docker Compose File Viewer shows your Compose YAML with syntax highlighting and contextual links to relevant docs (Beta, progressive rollout).
 - New Sidebar user experience.
 
@@ -1095,7 +1095,7 @@ For more information, see [microsoft/WSL#11794](https://github.com/microsoft/WSL
 - Added `proxyEnableKerberosNTLM` config to `settings.json` to enable fallback to basic proxy authentication if Kerberos/NTLM environment is not properly set up.
 - Fixed a bug where Docker Debug was not working properly with Enhanced Container Isolation enabled.
 - Fixed a bug where UDP responses were not truncated properly.
-- Fixed a bug where the **Update** screen was hidden when using [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md).
+- Fixed a bug where the **Update** screen was hidden when using [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
 - Fixed a bug where proxy settings defined in `admin-settings.json` were not applied correctly on startup.
 - Fixed a bug where the **Manage Synchronized file shares with Compose** toggle did not correctly reflect the value with the feature.
 - Fixed a bug where a bind mounted file modified on host is not updated after the container restarts, when gRPC FUSE file sharing is used on macOS and on Windows with Hyper-V. Fixes [docker/for-mac#7274](https://github.com/docker/for-mac/issues/7274), [docker/for-win#14060](https://github.com/docker/for-win/issues/14060).
@@ -1160,7 +1160,7 @@ For more information, see [microsoft/WSL#11794](https://github.com/microsoft/WSL
 #### For all platforms
 
 - Docker Desktop now supports [SOCKS5 proxies](/manuals/desktop/features/networking.md#socks5-proxy-support). Requires a Business subscription.
-- Added a new setting to manage the onboarding survey in [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md).
+- Added a new setting to manage the onboarding survey in [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
 
 #### For Windows
 
@@ -1239,14 +1239,14 @@ This can be resolved by adding the user to the **docker-users** group. Before st
 
 ### New
 
-- You can now enforce Rosetta usage via [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md).
-- [Docker socket mount restrictions](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/config.md) with ECI is now generally available.
+- You can now enforce Rosetta usage via [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
+- [Docker socket mount restrictions](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md) with ECI is now generally available.
 - Docker Engine and CLI updated to [Moby 26.0](https://github.com/moby/moby/releases/tag/v26.0.0). This includes Buildkit 0.13, sub volumes mounts, networking updates, and improvements to the containerd multi-platform image store UX.
 - New and improved Docker Desktop error screens: swift troubleshooting, easy diagnostics uploads, and actionable remediation.
 - Compose supports [Synchronized file shares (experimental)](/manuals/desktop/features/synchronized-file-sharing.md).
 - New [interactive Compose CLI (experimental)](/manuals/compose/how-tos/environment-variables/envvars.md#compose_menu).
 - Beta release of:
-  - Air-Gapped Containers with [Settings Management](/manuals/enterprise/security/hardened-desktop/air-gapped-containers.md).
+  - Air-Gapped Containers with [Settings Management](/manuals/security/for-admins/hardened-desktop/air-gapped-containers/_index.md).
   - [Host networking](/manuals/engine/network/drivers/host.md#docker-desktop) in Docker Desktop.
   - [Docker Debug](use-desktop/container.md#integrated-terminal) for running containers.
   - [Volumes Backup & Share extension](use-desktop/volumes.md) functionality available in the **Volumes** tab.
@@ -1317,7 +1317,7 @@ This can be resolved by adding the user to the **docker-users** group. Before st
 
 ### New
 
-- [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md) now allows admins to set the default file-sharing implementation and specify which paths developer can add file shares to.
+- [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md) now allows admins to set the default file-sharing implementation and specify which paths developer can add file shares to.
 - Added support for `socks5://` HTTP and HTTPS proxy URLs when the [`SOCKS` proxy support beta feature](/manuals/desktop/features/networking.md) is enabled.
 - Users can now filter volumes to see which ones are in use in the **Volumes** tab.
 
@@ -1436,7 +1436,7 @@ This can be resolved by adding the user to the **docker-users** group. Before st
 
 - Docker init now supports Java and is generally available to all users.
 - [Synchronized File Shares](/manuals/desktop/features/synchronized-file-sharing.md) provides fast and flexible host-to-VM file sharing within Docker Desktop. Utilizing the technology behind [Docker’s acquisition of Mutagen](https://www.docker.com/blog/mutagen-acquisition/), this feature provides an alternative to virtual bind mounts that uses synchronized filesystem caches, improving performance for developers working with large codebases.
-- Organization admins can now [configure Docker socket mount permissions](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/config.md) when ECI is enabled.
+- Organization admins can now [configure Docker socket mount permissions](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md) when ECI is enabled.
 - [Containerd Image Store](/manuals/desktop/features/containerd.md) support is now generally available to all users.
 - Get a debug shell into any container or image with the new [`docker debug` command](/reference/cli/docker/debug.md) (Beta).
 - Organization admins, with a Docker Business subscription, can now configure a custom list of extensions with [Private Extensions Marketplace](/manuals/extensions/private-marketplace.md) enabled (Beta)
@@ -1537,7 +1537,7 @@ This can be resolved by adding the user to the **docker-users** group. Before st
 
 ### New
 
-- Administrators can now control access to beta and experimental features in the **Features in development** tab with [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md).
+- Administrators can now control access to beta and experimental features in the **Features in development** tab with [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
 - Introduced four new version update states in the footer.
 - `docker init` (Beta) now supports PHP with Apache + Composer.
 - The [**Builds** view](use-desktop/builds.md) is now GA. You can now inspect builds, troubleshoot errors, and optimize build speed.
@@ -1647,7 +1647,7 @@ This can be resolved by adding the user to the **docker-users** group. Before st
 - Rosetta is now Generally Available for all users on macOS 13 or later. It provides faster emulation of Intel-based images on Apple Silicon. To use Rosetta, see [Settings](/manuals/desktop/settings-and-maintenance/settings.md). Rosetta is enabled by default on macOS 14.1 and later.
 - Docker Desktop now detects if a WSL version is out of date. If an out dated version of WSL is detected, you can allow Docker Desktop to automatically update the installation or you can manually update WSL outside of Docker Desktop.
 - New installations of Docker Desktop for Windows now require a Windows version of 19044 or later.
-- Administrators now have the ability to control Docker Scout image analysis in [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md).
+- Administrators now have the ability to control Docker Scout image analysis in [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
 
 ### Upgrades
 
@@ -1910,7 +1910,7 @@ This can be resolved by adding the user to the **docker-users** group. Before st
 
 #### For all platforms
 
-- [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md) now lets you turn off Docker Extensions for your organisation.
+- [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md) now lets you turn off Docker Extensions for your organisation.
 - Fixed a bug where turning on Kubernetes from the UI failed when the system was paused.
 - Fixed a bug where turning on Wasm from the UI failed when the system was paused.
 - Bind mounts are now shown when you [inspect a container](use-desktop/container.md).
@@ -2542,7 +2542,7 @@ This can be resolved by adding the user to the **docker-users** group. Before st
 
 ### New
 
-- Two new security features have been introduced for Docker Business users, Settings Management and Enhanced Container Isolation. Read more about Docker Desktop’s new [Hardened Docker Desktop security model](/manuals/enterprise/security/hardened-desktop/_index.md).
+- Two new security features have been introduced for Docker Business users, Settings Management and Enhanced Container Isolation. Read more about Docker Desktop’s new [Hardened Docker Desktop security model](/manuals/security/for-admins/hardened-desktop/_index.md).
 - Added the new Dev Environments CLI `docker dev`, so you can create, list, and run Dev Envs via command line. Now it's easier to integrate Dev Envs into custom scripts.
 - Docker Desktop can now be installed to any drive and folder using the `--installation-dir`. Partially addresses [docker/roadmap#94](https://github.com/docker/roadmap/issues/94).
 
@@ -3239,7 +3239,7 @@ Installing Docker Desktop 4.5.0 from scratch has a bug which defaults Docker Des
 ### New
 
 - Easy, Secure sign in with Auth0 and Single Sign-on
-  - Single Sign-on: Users with a Docker Business subscription can now configure SSO to authenticate using their identity providers (IdPs) to access Docker. For more information, see [Single Sign-on](/manuals/enterprise/security/single-sign-on/_index.md).
+  - Single Sign-on: Users with a Docker Business subscription can now configure SSO to authenticate using their identity providers (IdPs) to access Docker. For more information, see [Single Sign-on](../security/for-admins/single-sign-on/_index.md).
   - Signing in to Docker Desktop now takes you through the browser so that you get all the benefits of auto-filling from password managers.
 
 ### Upgrades

content/manuals/desktop/settings-and-maintenance/settings.md

@@ -83,7 +83,7 @@ If you choose the integrated terminal, you can run commands in a running contain
   troubleshoot the application. Clear the checkbox to opt out. Docker may
   periodically prompt you for more information.
 
-- **Use Enhanced Container Isolation**. Select to enhance security by preventing containers from breaching the Linux VM. For more information, see [Enhanced Container Isolation](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md).
+- **Use Enhanced Container Isolation**. Select to enhance security by preventing containers from breaching the Linux VM. For more information, see [Enhanced Container Isolation](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md).
     > [!NOTE]
     >
     > This setting is only available if you are signed in to Docker Desktop and have a Docker Business subscription.
@@ -256,7 +256,7 @@ To set a different proxy for Docker Desktop, turn on **Manual proxy configuratio
 upstream proxy URL of the form `http://proxy:port` or `https://proxy:port`.
 
 To prevent developers from accidentally changing the proxy settings, see
-[Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md#what-features-can-i-configure-with-settings-management).
+[Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md#what-features-can-i-configure-with-settings-management).
 
 The HTTPS proxy settings used for scanning images are set using the `HTTPS_PROXY` environment variable.
 
@@ -270,7 +270,7 @@ The HTTPS proxy settings used for scanning images are set using the `HTTPS_PROXY
 > settings via the Docker CLI configuration file (`config.json`).
 >
 > To manage proxy configurations for Docker Desktop, configure the settings in
-> the Docker Desktop app or use [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md).
+> the Docker Desktop app or use [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
 
 #### Proxy authentication
 

content/manuals/desktop/setup/install/enterprise-deployment/_index.md

@@ -0,0 +1,8 @@
+---
+title: Enterprise deployment
+weight: 50
+description: If you're an IT admin, learn how to deploy Docker Desktop at scale
+keywords: msi, docker desktop, windows, installation, mac, pkg, enterprise 
+build:
+  render: never
+---

content/manuals/desktop/setup/install/enterprise-deployment/dev-box.md

@@ -3,10 +3,8 @@ Title: Docker Desktop in Microsoft Dev Box
 linkTitle: Microsoft Dev Box
 description: Learn about the benefits of and  how to setup Docker Desktop in Microsoft Dev Box
 keywords: desktop, docker, windows, microsoft dev box
-weight: 60
 aliases:
  - /desktop/features/dev-box/
- - /desktop/setup/install/enterprise-deployment/dev-box/
 ---
 
 Docker Desktop is available as a pre-configured image in the Microsoft Azure Marketplace for use with Microsoft Dev Box, allowing developers to quickly set up consistent development environments in the cloud.

content/manuals/desktop/setup/install/enterprise-deployment/faq.md

@@ -4,11 +4,9 @@ linkTitle: FAQs
 description: Frequently asked questions for deploying Docker Desktop at scale
 keywords: msi, deploy, docker desktop, faqs, pkg, mdm, jamf, intune, windows, mac, enterprise, admin
 tags: [FAQ, admin]
-weight: 70
 aliases:
- - /desktop/install/msi/faq/
- - /desktop/setup/install/msi/faq/
- - /desktop/setup/install/enterprise-deployment/faq/
+- /desktop/install/msi/faq/
+- /desktop/setup/install/msi/faq/
 ---
 
 ## MSI

content/manuals/desktop/setup/install/enterprise-deployment/ms-store.md

@@ -5,8 +5,6 @@ description: Install Docker Desktop for Windows through the Microsoft Store. Und
 keywords: microsoft store, windows, docker desktop, install, deploy, configure, admin, mdm, intune, winget
 tags: [admin]
 weight: 30
-aliases: 
- - /desktop/setup/install/enterprise-deployment/ms-store/
 ---
 
 You can deploy Docker Desktop for Windows through the [Microsoft app store](https://apps.microsoft.com/detail/xp8cbj40xlbwkx?hl=en-GB&gl=GB).

content/manuals/desktop/setup/install/enterprise-deployment/msi-install-and-configure.md

@@ -5,11 +5,10 @@ keywords: msi, windows, docker desktop, install, deploy, configure, admin, mdm
 tags: [admin]
 weight: 10
 aliases:
- - /desktop/install/msi/install-and-configure/
- - /desktop/setup/install/msi/install-and-configure/
- - /desktop/install/msi/
- - /desktop/setup/install/msi/
- - /desktop/setup/install/enterprise-deployment/msi-install-and-configure/
+- /desktop/install/msi/install-and-configure/
+- /desktop/setup/install/msi/install-and-configure/
+- /desktop/install/msi/
+- /desktop/setup/install/msi/
 ---
 
 {{< summary-bar feature_name="MSI installer" >}}
@@ -192,7 +191,7 @@ msiexec /x "DockerDesktop.msi" /quiet
 | :--- | :--- | :--- |
 | `ENABLEDESKTOPSHORTCUT` | Creates a desktop shortcut. | 1 |
 | `INSTALLFOLDER` | Specifies a custom location where Docker Desktop will be installed. | C:\Program Files\Docker |
-| `ADMINSETTINGS` | Automatically creates an `admin-settings.json` file which is used to [control certain Docker Desktop settings](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md) on client machines within organizations. It must be used together with the `ALLOWEDORG` property. | None |
+| `ADMINSETTINGS` | Automatically creates an `admin-settings.json` file which is used to [control certain Docker Desktop settings](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md) on client machines within organizations. It must be used together with the `ALLOWEDORG` property. | None |
 | `ALLOWEDORG` | Requires the user to sign in and be part of the specified Docker Hub organization when running the application. This creates a registry key called `allowedOrgs` in `HKLM\Software\Policies\Docker\Docker Desktop`. | None |
 | `ALWAYSRUNSERVICE` | Lets users switch to Windows containers without needing admin rights | 0 |
 | `DISABLEWINDOWSCONTAINERS` | Disables the Windows containers integration | 0 |
@@ -251,4 +250,4 @@ When analytics is disabled, this key is set to `1`.
 
 ## Additional resources
 
-- [Explore the FAQs](/manuals/enterprise/enterprise-deployment/faq.md)
+- [Explore the FAQs](/manuals/desktop/setup/install/enterprise-deployment/faq.md)

content/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md

@@ -4,8 +4,6 @@ description: Understand how to use the PKG installer. Also explore additional co
 keywords: pkg, mac, docker desktop, install, deploy, configure, admin, mdm
 tags: [admin]
 weight: 20
-aliases:
- - /desktop/setup/install/enterprise-deployment/pkg-install-and-configure/
 ---
 
 {{< summary-bar feature_name="PKG installer" >}}
@@ -48,4 +46,4 @@ The PKG package supports various MDM (Mobile Device Management) solutions, makin
 ## Additional resources
 
 - See how you can deploy Docker Desktop for Mac using [Intune](use-intune.md) or [Jamf Pro](use-jamf-pro.md)
-- Explore how to [Enforce sign-in](/manuals/enterprise/security/enforce-sign-in/methods.md#plist-method-mac-only) for your users.
+- Explore how to [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/methods.md#plist-method-mac-only) for your users.

content/manuals/desktop/setup/install/enterprise-deployment/use-intune.md

@@ -5,9 +5,8 @@ keywords: microsoft, windows, docker desktop, deploy, mdm, enterprise, administr
 tags: [admin]
 weight: 40
 aliases:
- - /desktop/install/msi/use-intune/
- - /desktop/setup/install/msi/use-intune/
- - /desktop/setup/install/enterprise-deployment/use-intune/
+- /desktop/install/msi/use-intune/
+- /desktop/setup/install/msi/use-intune/
 ---
 
 {{< summary-bar feature_name="Intune" >}}
@@ -56,4 +55,4 @@ Next, assign the app:
 ## Additional resources
 
 - [Explore the FAQs](faq.md).
-- Learn how to [enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) for your users.
+- Learn how to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) for your users.

content/manuals/desktop/setup/install/enterprise-deployment/use-jamf-pro.md

@@ -4,8 +4,6 @@ description: Use Jamf Pro to deploy Docker Desktop for Mac
 keywords: jamf, mac, docker desktop, deploy, mdm, enterprise, administrator, pkg
 tags: [admin]
 weight: 50
-aliases: 
- - /desktop/setup/install/enterprise-deployment/use-jamf-pro/
 ---
 
 {{< summary-bar feature_name="Jamf Pro" >}}
@@ -31,4 +29,4 @@ For more information, see [Jamf Pro's official documentation](https://learn.jamf
 
 ## Additional resources
 
-- Learn how to [enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) for your users.
+- Learn how to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) for your users.

content/manuals/desktop/setup/install/mac-install.md

@@ -124,7 +124,7 @@ The `install` command accepts the following flags:
 
 - `--allowed-org=<org name>`: Requires the user to sign in and be part of the specified Docker Hub organization when running the application
 - `--user=<username>`: Performs the privileged configurations once during installation. This removes the need for the user to grant root privileges on first run. For more information, see [Privileged helper permission requirements](/manuals/desktop/setup/install/mac-permission-requirements.md#permission-requirements). To find the username, enter `ls /Users` in the CLI.
-- `--admin-settings`: Automatically creates an `admin-settings.json` file which is used by administrators to control certain Docker Desktop settings on client machines within their organization. For more information, see [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md).
+- `--admin-settings`: Automatically creates an `admin-settings.json` file which is used by administrators to control certain Docker Desktop settings on client machines within their organization. For more information, see [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
   - It must be used together with the `--allowed-org=<org name>` flag. 
   - For example: `--allowed-org=<org name> --admin-settings="{'configurationFileVersion': 2, 'enhancedContainerIsolation': {'value': true, 'locked': false}}"`
 
@@ -137,7 +137,7 @@ The `install` command accepts the following flags:
 
 > [!TIP]
 >
-> As an IT administrator, you can use endpoint management (MDM) software to identify the number of Docker Desktop instances and their versions within your environment. This can provide accurate license reporting, help ensure your machines use the latest version of Docker Desktop, and enable you to [enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md).
+> As an IT administrator, you can use endpoint management (MDM) software to identify the number of Docker Desktop instances and their versions within your environment. This can provide accurate license reporting, help ensure your machines use the latest version of Docker Desktop, and enable you to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md).
 > - [Intune](https://learn.microsoft.com/en-us/mem/intune/apps/app-discovered-apps)
 > - [Jamf](https://docs.jamf.com/10.25.0/jamf-pro/administrator-guide/Application_Usage.html)
 > - [Kandji](https://support.kandji.io/support/solutions/articles/72000559793-view-a-device-application-list)

content/manuals/desktop/setup/install/mac-permission-requirements.md

@@ -105,7 +105,7 @@ retain their original permissions.
 ## Enhanced Container Isolation
 
 In addition, Docker Desktop supports [Enhanced Container Isolation
-mode](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md) (ECI),
+mode](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md) (ECI),
 available to Business customers only, which further secures containers without
 impacting developer workflows.
 

content/manuals/desktop/setup/install/windows-install.md

@@ -273,7 +273,7 @@ The `install` command accepts the following flags:
 ##### Security and access control
 
 - `--allowed-org=<org name>`: Requires the user to sign in and be part of the specified Docker Hub organization when running the application
-- `--admin-settings`: Automatically creates an `admin-settings.json` file which is used by admins to control certain Docker Desktop settings on client machines within their organization. For more information, see [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md).
+- `--admin-settings`: Automatically creates an `admin-settings.json` file which is used by admins to control certain Docker Desktop settings on client machines within their organization. For more information, see [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
   - It must be used together with the `--allowed-org=<org name>` flag. 
   - For example:`--allowed-org=<org name> --admin-settings="{'configurationFileVersion': 2, 'enhancedContainerIsolation': {'value': true, 'locked': false}}"`
 - `--no-windows-containers`: Disables the Windows containers integration. This can improve security. For more information, see [Windows containers](/manuals/desktop/setup/install/windows-permission-requirements.md#windows-containers).
@@ -310,7 +310,7 @@ Docker Desktop does not start automatically after installation. To start Docker
 
 > [!TIP]
 >
-> As an IT administrator, you can use endpoint management (MDM) software to identify the number of Docker Desktop instances and their versions within your environment. This can provide accurate license reporting, help ensure your machines use the latest version of Docker Desktop, and enable you to [enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md).
+> As an IT administrator, you can use endpoint management (MDM) software to identify the number of Docker Desktop instances and their versions within your environment. This can provide accurate license reporting, help ensure your machines use the latest version of Docker Desktop, and enable you to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md).
 > - [Intune](https://learn.microsoft.com/en-us/mem/intune/apps/app-discovered-apps)
 > - [Jamf](https://docs.jamf.com/10.25.0/jamf-pro/administrator-guide/Application_Usage.html)
 > - [Kandji](https://support.kandji.io/support/solutions/articles/72000559793-view-a-device-application-list)

content/manuals/desktop/setup/install/windows-permission-requirements.md

@@ -68,7 +68,7 @@ into Docker containers still retain their original permissions.  Containers don'
 ## Enhanced Container Isolation
 
 In addition, Docker Desktop supports [Enhanced Container Isolation
-mode](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md) (ECI),
+mode](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md) (ECI),
 available to Business customers only, which further secures containers without
 impacting developer workflows.
 

content/manuals/desktop/setup/sign-in.md

@@ -32,7 +32,7 @@ aliases:
 
 Docker recommends signing in with the **Sign in** option in the top-right corner of the Docker Dashboard. 
 
-In large enterprises where admin access is restricted, administrators can [enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md). 
+In large enterprises where admin access is restricted, administrators can [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md). 
 
 > [!TIP]
 >
@@ -44,7 +44,7 @@ In large enterprises where admin access is restricted, administrators can [enfor
 
 - Increase your pull rate limit compared to anonymous users. See [Usage and limits](/manuals/docker-hub/usage/_index.md).
 
-- Enhance your organization’s security posture for containerized development with [Hardened Desktop](/manuals/enterprise/security/hardened-desktop/_index.md).
+- Enhance your organization’s security posture for containerized development with [Hardened Desktop](/manuals/security/for-admins/hardened-desktop/_index.md).
 
 > [!NOTE]
 >

content/manuals/desktop/setup/vm-vdi.md

@@ -95,4 +95,4 @@ For WSL 2-related issues, contact Nutanix support. For Docker Desktop-specific i
 
 ## Aditional resources
 
-- [Docker Desktop on Microsoft Dev Box](/manuals/enterprise/enterprise-deployment/dev-box.md)
+- [Docker Desktop on Microsoft Dev Box](/manuals/desktop/setup/install/enterprise-deployment/dev-box.md)

content/manuals/docker-hub/release-notes.md

@@ -84,7 +84,7 @@ known issues for each Docker Hub release.
 
 ### Bug fixes and enhancements
 
-- In Docker Hub, you can now download a [registry.json](/manuals/enterprise/security/enforce-sign-in/_index.md) file or copy the commands to create a registry.json file to enforce sign-in for your organization.
+- In Docker Hub, you can now download a [registry.json](../security/for-admins/enforce-sign-in/_index.md) file or copy the commands to create a registry.json file to enforce sign-in for your organization.
 
 ## 2022-09-19
 
@@ -114,7 +114,7 @@ known issues for each Docker Hub release.
 
 ### New
 
-- [Registry Access Management](/manuals/enterprise/security/hardened-desktop/registry-access-management.md) is now available for all Docker Business subscriptions. When enabled, your users can access specific registries in Docker Hub.
+- [Registry Access Management](/manuals/security/for-admins/hardened-desktop/registry-access-management.md) is now available for all Docker Business subscriptions. When enabled, your users can access specific registries in Docker Hub.
 
 ## 2022-05-03
 

content/manuals/docker-hub/repos/create.md

@@ -39,7 +39,7 @@ weight: 20
      is only accessible to you and collaborators. In addition, if you selected
      an organization's namespace, then the repository is accessible to those
      with applicable roles or permissions. For more details, see [Roles and
-     permissions](/manuals/enterprise/security/roles-and-permissions.md).
+     permissions](../../security/for-admins/roles-and-permissions.md).
 
    > [!NOTE]
    >

content/manuals/docker-hub/repos/manage/access.md

@@ -94,7 +94,7 @@ repository from that repository's **Settings** page.
 
 Organizations can use roles for individuals, giving them different
 permissions in the organization. For more details, see [Roles and
-permissions](/manuals/enterprise/security/roles-and-permissions.md).
+permissions](/manuals/security/for-admins/roles-and-permissions.md).
 
 ## Organization teams
 
@@ -131,7 +131,7 @@ To configure team repository permissions:
 
 Organizations can use OATs. OATs let you assign fine-grained repository access
 permissions to tokens. For more details, see [Organization access
-tokens](/manuals/enterprise/security/access-tokens.md).
+tokens](/manuals/security/for-admins/access-tokens.md).
 
 ## Gated distribution
 
@@ -156,7 +156,7 @@ If you are interested in Gated Distribution contact the [Docker Sales Team](http
 ### Invite distributor members via API
 
 > [!NOTE]
-> When you invite members, you assign them a role. See [Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md) for details about the access permissions for each role.
+> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for details about the access permissions for each role.
 
 Distributor members (used for gated distribution) can only be invited using the Docker Hub API. UI-based invitations are not currently supported for this role. To invite distributor members, use the Bulk create invites API endpoint.
 

content/manuals/docker-hub/service-accounts.md

@@ -16,7 +16,7 @@ weight: 50
 > subscription.
 >
 > Docker recommends transitioning to [Organization Access Tokens
-> (OATs)](/manuals/enterprise/security/access-tokens.md), which can provide similar
+> (OATs)](../security/for-admins/access-tokens.md), which can provide similar
 > functionality.
 
 A service account is a Docker ID used for automated management of container images or containerized applications. Service accounts are typically used in automated workflows, and don't share Docker IDs with the members in the organization. Common use cases for service accounts include mirroring content on Docker Hub, or tying in image pulls from your CI/CD process.

content/manuals/enterprise/enterprise-deployment/_index.md

@@ -1,11 +0,0 @@
----
-title: Deploy Docker Desktop 
-weight: 10
-description: If you're an IT admin, learn how to deploy Docker Desktop at scale
-keywords: msi, docker desktop, windows, installation, mac, pkg, enterprise 
-params:
-  sidebar:
-    group: Enterprise
----
-
-Docker Desktop supports scalable deployment options tailored for enterprise IT environments. Whether you're rolling out Docker across hundreds of developer workstations or enforcing consistent configuration through MDM solutions like Intune or Jamf, this section provides everything you need to install, configure, and manage Docker Desktop in a secure, repeatable way. Learn how to use MSI and PKG installers, configure default settings, control updates, and ensure compliance with your organization's policies—across Windows, macOS, and Linux systems.

content/manuals/enterprise/security/_index.md

@@ -1,9 +0,0 @@
----
-title: Security
-weight: 10
-build:
-  render: never
-params:
-  sidebar:
-    group: Enterprise
----

content/manuals/extensions/private-marketplace.md

@@ -13,7 +13,7 @@ aliases:
 
 Learn how to configure and set up a private marketplace with a curated list of extensions for your Docker Desktop users.
 
-Docker Extensions' private marketplace is designed specifically for organizations who don’t give developers root access to their machines. It makes use of [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md) so administrators have complete control over the private marketplace.
+Docker Extensions' private marketplace is designed specifically for organizations who don’t give developers root access to their machines. It makes use of [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md) so administrators have complete control over the private marketplace.
 
 ## Prerequisites
 
@@ -79,7 +79,7 @@ Each setting has a `value` that you can set, including a `locked` field that let
   }
   ```
 
-To find out more information about the `admin-settings.json` file, see [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md).
+To find out more information about the `admin-settings.json` file, see [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
 
 ## Step three: List allowed extensions
 
@@ -192,7 +192,7 @@ These files must be placed on developer's machines. Depending on your operating
 - Windows: `C:\ProgramData\DockerDesktop`
 - Linux: `/usr/share/docker-desktop`
 
-Make sure your developers are signed in to Docker Desktop in order for the private marketplace configuration to take effect. As an administrator, you should [enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md).
+Make sure your developers are signed in to Docker Desktop in order for the private marketplace configuration to take effect. As an administrator, you should [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md).
 
 ## Feedback
 

content/manuals/extensions/settings-feedback.md

@@ -26,7 +26,7 @@ Docker Extensions is switched on by default. To change your settings:
 >   - `~/Library/Group Containers/group.com.docker/settings-store.json` on Mac
 >   - `C:\Users\[USERNAME]\AppData\Roaming\Docker\settings-store.json` on Windows
 >
-> This can also be done with [Hardened Docker Desktop](/manuals/enterprise/security/hardened-desktop/_index.md)
+> This can also be done with [Hardened Docker Desktop](/manuals/security/for-admins/hardened-desktop/_index.md)
 
 ### Turn on or turn off extensions not available in the Marketplace
 

content/manuals/platform-release-notes.md

@@ -33,16 +33,16 @@ This page provides details on new features, enhancements, known issues, and bug
 ### New
 
 - Administrators can now:
-  - Enforce sign-in with [configuration profiles](/manuals/enterprise/security/enforce-sign-in/methods.md#configuration-profiles-method-mac-only) (Early Access).
+  - Enforce sign-in with [configuration profiles](/manuals/security/for-admins/enforce-sign-in/methods.md#configuration-profiles-method-mac-only) (Early Access).
   - Enforce sign-in for more than one organization at a time (Early Access).
-  - Deploy Docker Desktop for Mac in bulk with the [PKG installer](/manuals/enterprise/enterprise-deployment/pkg-install-and-configure.md) (Early Access).
-  - [Use Desktop Settings Management via the Docker Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md) (Early Access).
+  - Deploy Docker Desktop for Mac in bulk with the [PKG installer](/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md) (Early Access).
+  - [Use Desktop Settings Management via the Docker Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) (Early Access).
 
 ### Bug fixes and enhancements
 
 - Enhance Container Isolation (ECI) has been improved to:
-  - Permit admins to [turn off Docker socket mount restrictions](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/config.md#allowing-all-containers-to-mount-the-docker-socket).
-  - Support wildcard tags when using the [`allowedDerivedImages` setting](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/config.md#docker-socket-mount-permissions-for-derived-images).
+  - Permit admins to [turn off Docker socket mount restrictions](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md#allowing-all-containers-to-mount-the-docker-socket).
+  - Support wildcard tags when using the [`allowedDerivedImages` setting](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md#docker-socket-mount-permissions-for-derived-images).
 
 ## 2024-11-11
 
@@ -60,8 +60,8 @@ This page provides details on new features, enhancements, known issues, and bug
 
 ### New
 
-- Deploying Docker Desktop via the [MSI installer](/manuals/enterprise/enterprise-deployment/msi-install-and-configure.md) is now generally available.
-- Two new methods to [enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) (Windows registry key and `.plist` file) are now generally available.
+- Deploying Docker Desktop via the [MSI installer](/manuals/desktop/setup/install/enterprise-deployment/msi-install-and-configure.md) is now generally available.
+- Two new methods to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) (Windows registry key and `.plist` file) are now generally available.
 
 ## 2024-08-24
 

content/manuals/scout/release-notes/cli.md

@@ -410,7 +410,7 @@ Discarded in favor of [1.9.1](#191).
   instance by Docker Desktop there's no need anymore to re-index it on WSL2
   side.
 - Indexing is now blocked in the CLI if it has been disabled using
-  [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md) feature.
+  [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md) feature.
 
 - Fix a panic that would occur when analyzing a single-image `oci-dir` input
 - Improve local attestation support with the containerd image store

content/manuals/security/faqs/containers.md

@@ -29,7 +29,7 @@ However note the following:
   which containers they run with such privileges to avoid security breaches by
   malicious container images.
 
-* If [Enhanced Container Isolation (ECI)](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md)
+* If [Enhanced Container Isolation (ECI)](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md)
   mode is enabled, then each container runs within a dedicated Linux User
   Namespace inside the Docker Desktop VM, which means the container has no
   privileges within the Docker Desktop VM. Even when using the `--privileged`

content/manuals/security/faqs/general.md

@@ -36,7 +36,7 @@ By default, Docker uses tokens to manage sessions after a user signs in:
 - Docker Desktop signs you out after 90 days, or 30 days of inactivity.
 - Docker Hub and Docker Home sign you out after 24 hours.
 
-Docker also supports your IdP's default session timeout. You can configure this by setting a Docker session minutes SAML attribute. For more information, see [SSO attributes](/manuals/enterprise/security/provisioning/_index.md#sso-attributes).
+Docker also supports your IdP's default session timeout. You can configure this by setting a Docker session minutes SAML attribute. For more information, see [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes).
 
 ### How does Docker attribute downloads to us and what data is used to classify or verify the user is part of our organization?
 
@@ -89,4 +89,4 @@ Extensions are not covered as part of Docker’s Third-Party Risk Management Pro
 
 ### Can I disable private repos in my organization via a setting to make sure nobody is pushing images into Docker Hub?
 
-No. With [Registry Access Management](/manuals/enterprise/security/hardened-desktop/registry-access-management.md) (RAM), administrators can ensure that their developers using Docker Desktop only access allowed registries. This is done through the Registry Access Management dashboard in the Admin Console.
+No. With [Registry Access Management](/manuals/security/for-admins/hardened-desktop/registry-access-management.md) (RAM), administrators can ensure that their developers using Docker Desktop only access allowed registries. This is done through the Registry Access Management dashboard in the Admin Console.

content/manuals/security/faqs/single-sign-on/domain-faqs.md

@@ -19,7 +19,7 @@ You can do it one time to add the domain to a connection. If your organization e
 
 ### Is adding domain required to configure SSO? What domains should I be adding? And how do I add it?
 
-Adding and verifying a domain is required to enable and enforce SSO. See [Configure single sign-on](/manuals/enterprise/security/single-sign-on/configure.md) for more information. This should include all email domains users will use to access Docker. Public domains, for example `gmail.com` or `outlook.com`, are not permitted. Also, the email domain should be set as the primary email.
+Adding and verifying a domain is required to enable and enforce SSO. See [Configure single sign-on](/manuals/security/for-admins/single-sign-on/configure.md) for more information. This should include all email domains users will use to access Docker. Public domains, for example `gmail.com` or `outlook.com`, are not permitted. Also, the email domain should be set as the primary email.
 
 ### Is IdP-initiated authentication supported?
 

content/manuals/security/faqs/single-sign-on/enforcement-faqs.md

@@ -53,5 +53,5 @@ Enforcing SSO and enforcing sign-in to Docker Desktop are different features tha
 
 Enforcing SSO ensures that users sign in using their SSO credentials instead of their Docker ID. One of the benefits is that SSO enables you to better manage user credentials.
 
-Enforcing sign-in to Docker Desktop ensures that users always sign in to an account that's a member of your organization. The benefits are that your organization's security settings are always applied to the user's session and your users always receive the benefits of your subscription. For more details, see [Enforce sign-in for Desktop](/manuals/enterprise/security/enforce-sign-in/_index.md#enforcing-sign-in-versus-enforcing-single-sign-on-sso).
+Enforcing sign-in to Docker Desktop ensures that users always sign in to an account that's a member of your organization. The benefits are that your organization's security settings are always applied to the user's session and your users always receive the benefits of your subscription. For more details, see [Enforce sign-in for Desktop](../../../security/for-admins/enforce-sign-in/_index.md#enforcing-sign-in-versus-enforcing-single-sign-on-sso).
 

content/manuals/security/faqs/single-sign-on/faqs.md

@@ -27,7 +27,7 @@ Docker supports Service Provider Initiated (SP-initiated) SSO flow. This means u
 
 ### Where can I find detailed instructions on how to configure Docker SSO?
 
-You first need to establish an SSO connection with your identity provider, and the company email domain needs to be verified prior to establishing an SSO connection for your users. For detailed step-by-step instructions on how to configure Docker SSO, see [Single Sign-on](/manuals/enterprise/security/single-sign-on/configure.md).
+You first need to establish an SSO connection with your identity provider, and the company email domain needs to be verified prior to establishing an SSO connection for your users. For detailed step-by-step instructions on how to configure Docker SSO, see [Single Sign-on](../../../security/for-admins/single-sign-on/configure/_index.md).
 
 ### Does Docker SSO support multi-factor authentication (MFA)?
 
@@ -57,7 +57,7 @@ Directory.Read.All permission, which provides access to all users, groups, and
 other sensitive data in the directory. Due to potential security risks, Docker
 doesn't support this configuration. Instead, Docker recommends [configuring SCIM
 to enable group sync
-securely](/manuals/enterprise/security/provisioning/group-mapping.md#use-group-mapping-with-scim).
+securely](/security/for-admins/provisioning/group-mapping/#use-group-mapping-with-scim).
 
 ### Are there any firewall rules required for SSO configuration?
 
@@ -66,4 +66,4 @@ No. There are no specific firewall rules required for configuring SSO, as long a
 ### Does Docker use my IdP's default session timeout?
 
 Yes, Docker supports your IdP's default session timeout using a custom SAML attribute.
-Instead of relying on the standard `SessionNotOnOrAfter` element from the SAML spec, Docker uses a custom `dockerSessionMinutes` attribute to control session duration. See [SSO attributes](/manuals/enterprise/security/provisioning/_index.md#sso-attributes) for more information.
+Instead of relying on the standard `SessionNotOnOrAfter` element from the SAML spec, Docker uses a custom `dockerSessionMinutes` attribute to control session duration. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for more information.

content/manuals/security/faqs/single-sign-on/idp-faqs.md

@@ -15,7 +15,7 @@ Yes. Docker supports multiple IdP configurations. A domain can be associated wit
 
 ### Is it possible to change my identity provider after configuring SSO?
 
-Yes. You must delete your existing IdP configuration in your Docker SSO connection and then [configure SSO using your new IdP](/manuals/enterprise/security/single-sign-on/connect.md). If you had already turned on enforcement, you should turn off enforcement before updating the provider SSO connection.
+Yes. You must delete your existing IdP configuration in your Docker SSO connection and then [configure SSO using your new IdP](/manuals/security/for-admins/single-sign-on/connect.md). If you had already turned on enforcement, you should turn off enforcement before updating the provider SSO connection.
 
 ### What information do I need from my identity provider to configure SSO?
 
@@ -27,7 +27,7 @@ To enable SSO in Docker, you need the following from your IdP:
 
 ### What happens if my existing certificate expires?
 
-If your existing certificate has expired, you may need to contact your identity provider to retrieve a new X.509 certificate. Then, you need to update the certificate in the [SSO configuration settings](/manuals/enterprise/security/single-sign-on/manage.md#manage-sso-connections) in Docker Hub or Docker Admin Console.
+If your existing certificate has expired, you may need to contact your identity provider to retrieve a new X.509 certificate. Then, you need to update the certificate in the [SSO configuration settings](/security/for-admins/single-sign-on/manage/#manage-sso-connections) in Docker Hub or Docker Admin Console.
 
 ### What happens if my IdP goes down when SSO is enabled?
 

content/manuals/security/faqs/single-sign-on/users-faqs.md

@@ -37,7 +37,7 @@ If users attempt to sign in through the CLI, they must authenticate using a pers
 
 ### Is it possible to force users of Docker Desktop to authenticate, and/or authenticate using their company’s domain?
 
-Yes. Admins can [force users to authenticate with Docker Desktop](/manuals/enterprise/security/enforce-sign-in/_index.md) using a registry key, `.plist` file, or `registry.json` file. 
+Yes. Admins can [force users to authenticate with Docker Desktop](../../for-admins/enforce-sign-in/_index.md) using a registry key, `.plist` file, or `registry.json` file. 
 
 Once SSO enforcement is set up on their Docker Business organization or company on Hub, when the user is forced to authenticate with Docker Desktop, the SSO enforcement will also force users to authenticate through SSO with their IdP (instead of authenticating using their username and password).
 
@@ -52,7 +52,7 @@ Yes, you can convert existing users to an SSO account. To convert users from a n
 - Each user has created a PAT to replace their passwords to allow them to sign in through Docker CLI.
 - Confirm that all CI/CD pipelines automation systems have replaced their passwords with PATs.
 
-For detailed prerequisites and instructions on how to enable SSO, see [Configure Single Sign-on](/manuals/enterprise/security/single-sign-on/configure.md).
+For detailed prerequisites and instructions on how to enable SSO, see [Configure Single Sign-on](../../../security/for-admins/single-sign-on/configure/_index.md).
 
 ### What impact can users expect once we start onboarding them to SSO accounts?
 
@@ -62,7 +62,7 @@ When SSO is enabled and enforced, your users just have to sign in using the veri
 
 Docker SSO provides Just-in-Time (JIT) provisioning by default, with an option to disable JIT. Users are provisioned when a user authenticates with SSO. If a user leaves the organization, administrators must sign in to Docker and manually [remove the user](../../../admin/organization/members.md#remove-a-member-or-invitee) from the organization.
 
-[SCIM](/manuals/enterprise/security/provisioning/scim.md) is available to provide full synchronization with users and groups. When you auto-provision users with SCIM, the recommended configuration is to disable JIT so that all auto-provisioning is handled by SCIM.
+[SCIM](../../../security/for-admins/provisioning/scim/) is available to provide full synchronization with users and groups. When you auto-provision users with SCIM, the recommended configuration is to disable JIT so that all auto-provisioning is handled by SCIM.
 
 Additionally, you can use the [Docker Hub API](/reference/api/hub/latest/) to complete this process.
 
@@ -70,9 +70,9 @@ Additionally, you can use the [Docker Hub API](/reference/api/hub/latest/) to co
 
 The option to disable JIT is available when you use the Admin Console and enable SCIM. If a user attempts to sign in to Docker using an email address that is a verified domain for your SSO connection, they need to be a member of the organization to access it, or have a pending invitation to the organization. Users who don't meet these criteria will encounter an `Access denied` error, and will need an administrator to invite them to the organization.
 
-See [SSO authentication with JIT provisioning disabled](/manuals/enterprise/security/provisioning/just-in-time.md#sso-authentication-with-jit-provisioning-disabled).
+See [SSO authentication with JIT provisioning disabled](/security/for-admins/provisioning/just-in-time/#sso-authentication-with-jit-provisioning-disabled).
 
-To auto-provision users without JIT provisioning, you can use [SCIM](/manuals/enterprise/security/provisioning/scim.md).
+To auto-provision users without JIT provisioning, you can use [SCIM](/security/for-admins/provisioning/scim/).
 
 ### What's the best way to provision the Docker subscription without SSO?
 

content/manuals/security/for-admins/_index.md

@@ -0,0 +1,6 @@
+---
+build:
+  render: never
+title: For admins
+weight: 10
+---

content/manuals/security/for-admins/access-tokens.md

@@ -4,8 +4,6 @@ description: Learn how to create and manage organization access tokens
   to securely push and pull images programmatically.
 keywords: docker hub, security, OAT, organization access token
 linkTitle: Organization access tokens
-aliases:
- - /security/for-admins/access-tokens/
 ---
 
 {{< summary-bar feature_name="OATs" >}}
@@ -13,7 +11,7 @@ aliases:
 > [!WARNING]
 >
 > Organization access tokens (OATs) are incompatible with Docker Desktop,
-> [Image Access Management (IAM)](/manuals/enterprise/security/hardened-desktop/image-access-management.md), and [Registry Access Management (RAM)](/manuals/enterprise/security/hardened-desktop/registry-access-management.md).
+> [Image Access Management (IAM)](/manuals/security/for-admins/hardened-desktop/image-access-management.md), and [Registry Access Management (RAM)](/manuals/security/for-admins/hardened-desktop/registry-access-management.md).
 >
 > If you use Docker Desktop, IAM, or RAM, you must use personal
 > access tokens instead.

content/manuals/security/for-admins/domain-management.md

@@ -3,8 +3,6 @@ description: Learn how to manage domains and users in the Admin Console
 keywords: domain management, security, identify users, manage users
 title: Domain management
 weight: 55
-aliases:
- - /security/for-admins/domain-management/
 ---
 
 {{< summary-bar feature_name="Domain management" >}}
@@ -125,7 +123,7 @@ email address associated with one of your verified domains.
 Although domain audit can't identify all Docker users,
 you can enforce sign-in to prevent unidentifiable users from accessing
 Docker Desktop in your environment. For more information,
-see [Enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md).
+see [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in.md).
 
 ### Audit your domain for uncaptured users
 

content/manuals/security/for-admins/enforce-sign-in/_index.md

@@ -8,7 +8,6 @@ tags: [admin]
 aliases:
  - /security/for-admins/configure-sign-in/
  - /docker-hub/configure-sign-in/
- - /security/for-admins/enforce-sign-in/
 weight: 30
 ---
 
@@ -19,7 +18,7 @@ in. When users don’t sign in as a member of your organization, they don’t
 receive the [benefits of your organization’s
 subscription](/manuals/subscription/details.md) and they can circumvent
 [Docker’s
-security features](/manuals/enterprise/security/hardened-desktop/_index.md) for
+security features](/manuals/security/for-admins/hardened-desktop/_index.md) for
 your organization.
 
 There are multiple methods for enforcing sign-in, depending on your companies'
@@ -52,7 +51,7 @@ CLI access is only impacted for organizations that enforce single sign-on.
 
 ## Enforcing sign-in versus enforcing single sign-on (SSO)
 
-[Enforcing SSO](/manuals/enterprise/security/single-sign-on/connect.md#optional-enforce-sso)
+[Enforcing SSO](/manuals/security/for-admins/single-sign-on/connect.md#optional-enforce-sso)
 and enforcing sign-in are different features. The following table provides a
 description and benefits when using each feature.
 
@@ -65,5 +64,5 @@ description and benefits when using each feature.
 
 ## What's next?
 
-- To enforce sign-in, review the [Methods](/manuals/enterprise/security/enforce-sign-in/methods.md) guide.
-- To enforce SSO, review the [Enforce SSO](/manuals/enterprise/security/single-sign-on/connect.md) steps.
+- To enforce sign-in, review the [Methods](/manuals/security/for-admins/enforce-sign-in/methods.md) guide.
+- To enforce SSO, review the [Enforce SSO](/manuals/security/for-admins/single-sign-on/connect.md) steps.

content/manuals/security/for-admins/enforce-sign-in/methods.md

@@ -4,8 +4,6 @@ keywords: authentication, registry.json, configure, enforce sign-in, docker desk
 title: Ways to enforce sign-in for Docker Desktop
 tags: [admin]
 linkTitle: Methods
-aliases:
- - /security/for-admins/enforce-sign-in/methods/
 ---
 
 {{< summary-bar feature_name="Enforce sign-in" >}}

content/manuals/security/for-admins/hardened-desktop/_index.md

@@ -8,28 +8,27 @@ keywords: security, hardened desktop, enhanced container isolation, registry acc
 tags: [admin]
 aliases:
  - /desktop/hardened-desktop/
- - /security/for-admins/hardened-desktop/
 grid:
   - title: "Settings Management"
     description: Learn how Settings Management can secure your developers' workflows.
     icon: shield_locked
-    link: /enterprise/security/hardened-desktop/settings-management/
+    link: /security/for-admins/hardened-desktop/settings-management/
   - title: "Enhanced Container Isolation"
     description: Understand how Enhanced Container Isolation can prevent container attacks.
     icon: "security"
-    link: /enterprise/security/hardened-desktop/enhanced-container-isolation/
+    link: /security/for-admins/hardened-desktop/enhanced-container-isolation/
   - title: "Registry Access Management"
     description: Control the registries developers can access while using Docker Desktop.
     icon: "home_storage"
-    link: /enterprise/security/hardened-desktop/registry-access-management/
+    link: /security/for-admins/hardened-desktop/registry-access-management/
   - title: "Image Access Management"
     description: Control the images developers can pull from Docker Hub.
     icon: "photo_library"
-    link: /enterprise/security/hardened-desktop/image-access-management/
+    link: /security/for-admins/hardened-desktop/image-access-management/
   - title: "Air-Gapped Containers"
     description: Restrict containers from accessing unwanted network resources.
     icon: "vpn_lock"
-    link: /enterprise/security/hardened-desktop/air-gapped-containers/
+    link: /security/for-admins/hardened-desktop/air-gapped-containers/
 weight: 60
 ---
 

content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md

@@ -5,7 +5,6 @@ keywords: air gapped, security, Docker Desktop, configuration, proxy, network
 aliases:
  - /desktop/hardened-desktop/settings-management/air-gapped-containers/
  - /desktop/hardened-desktop/air-gapped-containers/
- - /security/for-admins/hardened-desktop/air-gapped-containers/
 ---
 
 {{< summary-bar feature_name="Air-gapped containers" >}}
@@ -25,7 +24,7 @@ You can choose:
 
 ## Configuration
 
-Assuming [enforced sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) and [Settings Management](settings-management/_index.md) are enabled, add the new proxy configuration to the `admin-settings.json` file. For example:
+Assuming [enforced sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) and [Settings Management](settings-management/_index.md) are enabled, add the new proxy configuration to the `admin-settings.json` file. For example:
 
 ```json
 {

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md

@@ -6,7 +6,6 @@ title: What is Enhanced Container Isolation?
 linkTitle: Enhanced Container Isolation
 aliases:
  - /desktop/hardened-desktop/enhanced-container-isolation/
- - /security/for-admins/hardened-desktop/enhanced-container-isolation/
 weight: 20
 ---
 
@@ -16,7 +15,7 @@ Enhanced Container Isolation (ECI) provides an additional layer of security to p
 
 It uses a variety of advanced techniques to harden container isolation, but without impacting developer productivity.
 
-Enhanced Container Isolation ensures stronger container isolation and also locks in any security configurations that have been created by administrators, for instance through [Registry Access Management policies](/manuals/enterprise/security/hardened-desktop/registry-access-management.md) or with [Settings Management](../settings-management/_index.md).
+Enhanced Container Isolation ensures stronger container isolation and also locks in any security configurations that have been created by administrators, for instance through [Registry Access Management policies](/manuals/security/for-admins/hardened-desktop/registry-access-management.md) or with [Settings Management](../settings-management/_index.md).
 
 > [!NOTE]
 >
@@ -76,11 +75,11 @@ To enable Enhanced Container Isolation as a developer:
 
 #### Prerequisite
 
-You first need to [enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since Settings Management requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in.
+You first need to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since Settings Management requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in.
 
 #### Setup
 
-[Create and configure the `admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md) and specify:
+[Create and configure the `admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) and specify:
 
 ```json
 {
@@ -113,7 +112,7 @@ For this to take effect:
 
 > [!TIP]
 >
-> You can now also configure these settings in the [Docker Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md).
+> You can now also configure these settings in the [Docker Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md).
 
 When Enhanced Container Isolation is enabled, users see:
 - **Use Enhanced Container Isolation** toggled on in **Settings** > **General**.

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md

@@ -5,7 +5,6 @@ linkTitle: Advanced configuration
 keywords: enhanced container isolation, Docker Desktop, Docker socket, bind mount, configuration
 aliases:
  - /desktop/hardened-desktop/enhanced-container-isolation/config/
- - /security/for-admins/hardened-desktop/enhanced-container-isolation/config/
 weight: 30
 ---
 
@@ -64,7 +63,7 @@ This can be done via the Docker Socket mount permissions section in the
 
 > [!TIP]
 >
-> You can now also configure these settings in the [Docker Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md).
+> You can now also configure these settings in the [Docker Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md).
 
 As shown above, there are two configurations for bind-mounting the Docker
 socket into containers: the `imageList` and the `commandList`. These are

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/faq.md

@@ -6,7 +6,6 @@ keywords: enhanced container isolation, security, faq, sysbox, Docker Desktop
 toc_max: 2
 aliases:
  - /desktop/hardened-desktop/enhanced-container-isolation/faq/
- - /security/for-admins/hardened-desktop/enhanced-container-isolation/faq/
 weight: 40
 ---
 

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits.md

@@ -4,7 +4,6 @@ title: Key features and benefits
 keywords: set up, enhanced container isolation, rootless, security, features, Docker Desktop
 aliases:
  - /desktop/hardened-desktop/enhanced-container-isolation/features-benefits/
- - /security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits/
 weight: 20
 ---
 

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/how-eci-works.md

@@ -4,7 +4,6 @@ title: How does it work?
 keywords: set up, enhanced container isolation, rootless, security
 aliases:
  - /desktop/hardened-desktop/enhanced-container-isolation/how-eci-works/
- - /security/for-admins/hardened-desktop/enhanced-container-isolation/how-eci-works/
 weight: 10
 ---
 

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/limitations.md

@@ -4,8 +4,6 @@ description: Limitations of Enhanced Container Isolation
 keywords: enhanced container isolation, security, sysbox, known issues, Docker Desktop
 toc_max: 2
 weight: 50
-aliases:
- - /security/for-admins/hardened-desktop/enhanced-container-isolation/limitations/
 ---
 
 ### ECI support for WSL
@@ -87,7 +85,7 @@ containers come from trusted entities to avoid issues.
 
 ### Docker Debug containers are not yet protected
 
-[Docker Debug](/reference/cli/docker/debug.md) containers
+[Docker Debug](https://docs.docker.com/reference/cli/docker/debug/) containers
 are not yet protected by ECI. 
 
 ### Native Windows containers are not supported

content/manuals/security/for-admins/hardened-desktop/image-access-management.md

@@ -8,7 +8,6 @@ aliases:
  - /desktop/hardened-desktop/image-access-management/
  - /admin/organization/image-access/
  - /security/for-admins/image-access-management/
- - /security/for-admins/hardened-desktop/image-access-management/
 weight: 40
 ---
 
@@ -20,7 +19,7 @@ For example, a developer, who is part of an organization, building a new contain
 
 ## Prerequisites
 
-You first need to [enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since Image Access Management requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in.
+You first need to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since Image Access Management requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in.
 
 > [!IMPORTANT]
 >

content/manuals/security/for-admins/hardened-desktop/registry-access-management.md

@@ -8,7 +8,6 @@ aliases:
  - /admin/organization/registry-access/
  - /docker-hub/registry-access-management/
  - /security/for-admins/registry-access-management/
- - /security/for-admins/hardened-desktop/registry-access-management/
 weight: 30
 ---
 

content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md

@@ -7,7 +7,6 @@ title: What is Settings Management?
 linkTitle: Settings Management
 aliases:
  - /desktop/hardened-desktop/settings-management/
- - /security/for-admins/hardened-desktop/settings-management/
 weight: 10
 ---
 
@@ -31,9 +30,9 @@ This feature is available with a Docker Business subscription.
 
 Administrators can define settings using one of the following methods:
 
-- [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md): Create and assign settings policies through the
+- [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md): Create and assign settings policies through the
 Docker Admin Console.
-- [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md): Place a configuration file on the
+- [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md): Place a configuration file on the
 user's machine to enforce settings.
 
 Enforced settings override user-defined configurations and can't be modified
@@ -44,15 +43,15 @@ by developers.
 Settings Management supports a broad range of Docker Desktop features,
 including proxies, network configurations, and container isolation.
 
-For a full list of settings you can enforce, see the [Settings reference](/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md).
+For a full list of settings you can enforce, see the [Settings reference](/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md).
 
 ## Set up Settings Management
 
-1. [Enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) to
+1. [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to
 ensure all developers authenticate with your organization.
 2. Choose a configuration method:
     - Use the `--admin-settings` installer flag on [macOS](/manuals/desktop/setup/install/mac-install.md#install-from-the-command-line) or [Windows](/manuals/desktop/setup/install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json`.
-    - Manually create and configure the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md).
+    - Manually create and configure the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md).
     - Create a settings policy in the [Docker Admin Console](configure-admin-console.md).
 
 After configuration, developers receive the enforced setting when they:

content/manuals/security/for-admins/hardened-desktop/settings-management/compliance-reporting.md

@@ -9,8 +9,6 @@ params:
     badge:
       color: violet
       text: EA
-aliases:
- - /security/for-admins/hardened-desktop/settings-management/compliance-reporting/
 ---
 
 {{< summary-bar feature_name="Compliance reporting" >}}

content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md

@@ -4,8 +4,6 @@ keywords: admin, controls, rootless, enhanced container isolation
 title: Configure Settings Management with the Admin Console
 linkTitle: Use the Admin Console
 weight: 20
-aliases:
- - /security/for-admins/hardened-desktop/settings-management/configure-admin-console/
 ---
 
 {{< summary-bar feature_name="Admin Console" >}}
@@ -17,8 +15,8 @@ and secure Docker Desktop environments across your organization.
 ## Prerequisites
 
 - [Install Docker Desktop 4.37.1 or later](/manuals/desktop/release-notes.md).
-- [Verify your domain](/manuals/enterprise/security/single-sign-on/configure.md#step-one-add-and-verify-your-domain).
-- [Enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) to
+- [Verify your domain](/manuals/security/for-admins/single-sign-on/configure.md#step-one-add-and-verify-your-domain).
+- [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to
 ensure users authenticate to your organization.
 - A Docker Business subscription is required.
 

content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md

@@ -7,7 +7,6 @@ weight: 10
 aliases:
  - /desktop/hardened-desktop/settings-management/configure/
  - /security/for-admins/hardened-desktop/settings-management/configure/
- - /security/for-admins/hardened-desktop/settings-management/configure-json-file/
 ---
 
 {{< summary-bar feature_name="Hardened Docker Desktop" >}}
@@ -18,7 +17,7 @@ Desktop environments in your organization.
 
 ## Prerequisites
 
-- [Enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) to
+- [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to
 ensure all users authenticate with your organization.
 - A Docker Business subscription is required.
 
@@ -75,7 +74,7 @@ a user has already customized that value in `settings-store.json`,
 > [!NOTE]
 >
 > Some settings are platform-specific or require a minimum Docker Desktop
-version. See the [Settings reference](/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md) for details.
+version. See the [Settings reference](/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md) for details.
 
 ### Example settings file
 

content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md

@@ -3,8 +3,6 @@ description: Reference for all settings and features that are configured with Se
 keywords: admin, controls, settings management, reference
 title: Settings reference
 linkTitle: Settings reference
-aliases: 
- - /security/for-admins/hardened-desktop/settings-management/settings-reference/
 ---
 
 This reference lists all Docker Desktop settings, including where they are configured, which operating systems they apply to, and whether they're available in the Docker Desktop GUI, the Docker Admin Console, or the `admin-settings.json` file. Settings are grouped to match the structure of the Docker Desktop interface.
@@ -96,7 +94,7 @@ with the host machine and execute commands directly from Docker Desktop.
 - **Use case:** Allow or restrict developer access to the built-in terminal.
 - **Configure this setting with:**
     - **General** setting in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `desktopTerminalEnabled` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `desktopTerminalEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 ### Enable Docker Debug by default
 
@@ -174,8 +172,8 @@ images are permitted.
 
 - **Configure this setting with:**
     - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management:`useVirtualizationFrameworkRosetta` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **Use Rosetta for x86_64/amd64 emulation on Apple Silicon** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management:`useVirtualizationFrameworkRosetta` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **Use Rosetta for x86_64/amd64 emulation on Apple Silicon** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 > [!NOTE]
 >
@@ -209,8 +207,8 @@ later.
 
 - **Configure this setting with:**
     - **General settings** in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `useVirtualizationFrameworkVirtioFS` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **Use VirtioFS for file sharing** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `useVirtualizationFrameworkVirtioFS` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **Use VirtioFS for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 #### gRPC FUSE
 
@@ -229,8 +227,8 @@ later.
 
 - **Configure this setting with:**
     - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `useGrpcfuse` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **Use gRPC FUSE for file sharing** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `useGrpcfuse` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **Use gRPC FUSE for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 #### osxfs
 
@@ -270,8 +268,8 @@ if needed.
 
 - **Configure this setting with:**
     - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `analyticsEnabled` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **Send usage statistics** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `analyticsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **Send usage statistics** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 > [!NOTE]
 >
@@ -298,8 +296,8 @@ host areas.
 
 - **Configure this setting with:**
     - **General settings** in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `enhancedContainerIsolation` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **Enable enhanced container isolation** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `enhancedContainerIsolation` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **Enable enhanced container isolation** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 ### Show CLI hints
 
@@ -330,8 +328,8 @@ always built to satisfy compliance scans.
 
 - **Configure this setting with:**
     - **General settings** in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `sbomIndexing` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **SBOM indexing** settings in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `sbomIndexing` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **SBOM indexing** settings in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 ### Enable background Scout SBOM indexing
 
@@ -361,7 +359,7 @@ always built to satisfy compliance scans.
 - **Use case:** Track versions for compatibility
 - **Configure this setting with:**
     - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `configurationFileVersion` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `configurationFileVersion` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 ## Resources
 
@@ -455,8 +453,8 @@ edits.
 
 - **Configure this setting with:**
     - **File sharing** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `filesharingAllowedDirectories` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **Allowed file sharing directories** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `filesharingAllowedDirectories` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **Allowed file sharing directories** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 ### Proxy exclude
 
@@ -475,7 +473,7 @@ settings.
 
 - **Configure this setting with:**
     - **Proxies** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `proxy` setting with `manual` and `exclude` modes in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `proxy` setting with `manual` and `exclude` modes in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 ### Docker subnet
 
@@ -488,8 +486,8 @@ settings.
 - **OS:** {{< badge color=blue text="Mac only" >}}
 - **Use case:** Customize the subnet used for Docker container networking.
 - **Configure this setting with:**
-    - Settings Management: `vpnkitCIDR` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **VPN Kit CIDR** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `vpnkitCIDR` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **VPN Kit CIDR** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 ### Use kernel networking for UDP
 
@@ -526,7 +524,7 @@ settings.
 - **Use case:** Choose the default IP protocol used when Docker creates new networks.
 - **Configure this setting with:**
     - **Network** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `defaultNetworkingMode` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `defaultNetworkingMode` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 For more information, see [Networking](/manuals/desktop/features/networking.md#networking-mode-and-dns-behaviour-for-mac-and-windows).
 
@@ -542,7 +540,7 @@ version 4.43 and up.
 - **Use case:** Control how Docker filters DNS records returned to containers, improving reliability in environments where only IPv4 or IPv6 is supported.
 - **Configure this setting with:**
     - **Network** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `dnsInhibition` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `dnsInhibition` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 For more information, see [Networking](/manuals/desktop/features/networking.md#networking-mode-and-dns-behaviour-for-mac-and-windows).
 
@@ -564,8 +562,8 @@ using the `--backend=<backend name>` flag.
 
 - **Configure this setting with:**
     - **WSL Integration** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `wslEngineEnabled` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **Windows Subsystem for Linux (WSL) Engine** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `wslEngineEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **Windows Subsystem for Linux (WSL) Engine** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 ## Docker Engine
 
@@ -632,8 +630,8 @@ method is not yet supported by Settings Management.
 
 - **Configure this setting with:**
     - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `kubernetes` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **Allow Kubernetes** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `kubernetes` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **Allow Kubernetes** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 ### Choose cluster provisioning method
 
@@ -712,9 +710,9 @@ of required images and detailed setup instructions.
 
 - **Configure this setting with**:
     - Settings Management: `KubernetesImagesRepository` settings in the
-    [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
     - Settings Management: **Kubernetes Images Repository** setting in the
-    [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 > [!IMPORTANT]
 >
@@ -743,8 +741,8 @@ Desktop updates are disabled.
 only internally vetted versions are installed.
 
 - **Configure this setting with:**
-    - Settings Management: `disableUpdate` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **Disable update** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `disableUpdate` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **Disable update** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 ### Always download updates
 
@@ -757,7 +755,7 @@ only internally vetted versions are installed.
 - **Use case:** Manage auto update behavior.
 - **Configure this setting with:**
     - **Software updates** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: **Disable updates** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: **Disable updates** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 ## Extensions
 
@@ -779,8 +777,8 @@ third-party or unvetted plugins from being installed.
 
 - **Configure this setting with:**
     - **Extensions** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `extensionsEnabled` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **Allow Extensions** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `extensionsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **Allow Extensions** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 ### Allow only extensions distributed through the Docker Marketplace
 
@@ -823,7 +821,7 @@ third-party or unvetted plugins from being installed.
 - **Use case:** Enable or disable AI features like "Ask Gordon".
 - **Configure this setting with:**
     - **Beta** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 ### Enable Docker Model Runner
 
@@ -836,7 +834,7 @@ third-party or unvetted plugins from being installed.
 - **Use case:** Enable or disable Docker Model Runner features.
 - **Configure this setting with:**
     - **Beta** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 #### Enable host-side TCP support
 
@@ -849,7 +847,7 @@ third-party or unvetted plugins from being installed.
 - **Use case:** Enable or disable Docker Model Runner features.
 - **Configure this setting with:**
     - **Beta** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
     
 > [!NOTE]
 >
@@ -866,7 +864,7 @@ third-party or unvetted plugins from being installed.
 - **Use case:** Connect to the Model Runner via TCP.
 - **Configure this setting with:**
     - **Beta features** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `enableInferenceTCP` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `enableInferenceTCP` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 ##### CORS Allowed Origins
 
@@ -879,7 +877,7 @@ third-party or unvetted plugins from being installed.
 - **Use case:** Integration with a web app.
 - **Configure this setting with:**
     - **Beta features** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `enableInferenceCORS` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `enableInferenceCORS` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 ### Enable Docker MCP Toolkit
 
@@ -891,7 +889,7 @@ third-party or unvetted plugins from being installed.
 - **OS:** {{< badge color=blue text="All" >}}
 - **Configure this setting with:**
     - **Beta** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `enableDockerMCPToolkit` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `enableDockerMCPToolkit` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
     
 
 ### Enable Wasm
@@ -1019,7 +1017,7 @@ you relax this in a controlled way. See ECI Configuration for more info.
 Docker-in-Docker or containerized CI agents.
 - **Configure this setting with:**
     - **Advanced** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `dockerSocketMount` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `dockerSocketMount` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 ### Allow privileged port mapping
 
@@ -1053,7 +1051,7 @@ The following settings aren’t shown in the Docker Desktop GUI. You can only co
 to come from your secure, scanned registry.
 
 - **Configure this setting with:**
-    - Settings Management: `blockDockerLoad` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `blockDockerLoad` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 ### Expose Docker API on TCP 2375
 
@@ -1071,7 +1069,7 @@ to come from your secure, scanned registry.
 Docker API is only reachable via the secure internal socket.
 
 - **Configure this setting with:**
-    - Settings Management: `exposeDockerAPIOnTCP2375` in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `exposeDockerAPIOnTCP2375` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 ### Air-gapped container proxy
 
@@ -1083,7 +1081,7 @@ Docker API is only reachable via the secure internal socket.
 - **OS:** {{< badge color=blue text="All" >}}
 - **Use case:** Redirect or block container networking to comply with offline or secured network environments.
 - **Configure this setting with:**
-    - Settings Management: `containersProxy` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `containersProxy` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 #### Example
 
@@ -1109,7 +1107,7 @@ Docker socket access control (ECI exceptions)
 - **OS:** {{< badge color=blue text="All" >}}
 - **Use case:** Support tools like Testcontainers or LocalStack that need Docker socket access while maintaining secure defaults.
 - Configure this setting with:
-    - Settings Management: `enhancedContainerIsolation` > `dockerSocketMount` in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `enhancedContainerIsolation` > `dockerSocketMount` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 #### Example
 
@@ -1147,7 +1145,7 @@ Docker socket access control (ECI exceptions)
 > In hardened environments, disable and lock this setting.
 
 - **Configure this setting with:**
-    - Settings Management: `allowBetaFeatures` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `allowBetaFeatures` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 ### Docker daemon options (Linux or Windows)
 
@@ -1165,7 +1163,7 @@ Docker socket access control (ECI exceptions)
 overrides are possible.
 
 - **Configure this setting with:**
-    - Settings Management: `linuxVM.dockerDaemonOptions` or `windowsContainers.dockerDaemonOptions` in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `linuxVM.dockerDaemonOptions` or `windowsContainers.dockerDaemonOptions` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
 
 ### VPNKit CIDR
 
@@ -1182,8 +1180,8 @@ overrides are possible.
 > In hardened environments, lock to an approved, non-conflicting CIDR.
 
 - **Configure this setting with:**
-    - Settings Management: `vpnkitCIDR` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **VPN Kit CIDR** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
+    - Settings Management: `vpnkitCIDR` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **VPN Kit CIDR** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 ### Enable Kerberos and NTLM authentication
 
@@ -1195,4 +1193,4 @@ overrides are possible.
 - **OS:** {{< badge color=blue text="All" >}}
 - **Use case:** Allow users to authenticate with enterprise proxy servers that require Kerberos or NTLM.
 - **Configure this setting with:**
-    - Settings Management: `proxy.enableKerberosNtlm` in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: `proxy.enableKerberosNtlm` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)

content/manuals/security/for-admins/provisioning/_index.md

@@ -4,8 +4,6 @@ keywords: provision users, provisioning, JIT, SCIM, group mapping, sso, docker h
 title: Provision users
 linkTitle: Provision
 weight: 20
-aliases:
- - /security/for-admins/provisioning/
 ---
 
 {{< summary-bar feature_name="SSO" >}}
@@ -60,6 +58,6 @@ If your organization uses SAML for SSO, Docker retrieves these attributes from t
 ## What's next?
 
 Review the provisioning method guides for steps on configuring provisioning methods:
-- [JIT](just-in-time.md)
-- [SCIM](scim.md)
-- [Group mapping](group-mapping.md)
+- [JIT](/manuals/security/for-admins/provisioning/just-in-time.md)
+- [SCIM](/manuals/security/for-admins/provisioning/scim.md)
+- [Group mapping](/manuals/security/for-admins/provisioning/group-mapping.md)

content/manuals/security/for-admins/provisioning/group-mapping.md

@@ -7,7 +7,6 @@ aliases:
 - /admin/organization/security-settings/group-mapping/
 - /docker-hub/group-mapping/
 - /security/for-admins/group-mapping/
-- /security/for-admins/provisioning/group-mapping/
 weight: 40
 ---
 

content/manuals/security/for-admins/provisioning/just-in-time.md

@@ -3,8 +3,6 @@ description: Learn how Just-in-Time provisioning works with your SSO connection.
 keywords: user provisioning, just-in-time provisioning, JIT, autoprovision, Docker Hub, Docker Admin, admin, security
 title: Just-in-Time provisioning
 linkTitle: Just-in-Time
-aliases: 
- - /security/for-admins/provisioning/just-in-time/
 ---
 
 {{< summary-bar feature_name="SSO" >}}
@@ -32,7 +30,7 @@ When a user signs in with SSO and your SSO configuration has JIT provisioning en
 
 The following graphic provides an overview of SSO authentication with JIT enabled:
 
-   ![JIT provisioning enabled](../images/jit-enabled-flow.svg)
+   ![JIT provisioning enabled](../../images/jit-enabled-flow.svg)
 
 ## SSO authentication with JIT provisioning disabled
 
@@ -48,11 +46,11 @@ When JIT provisioning is disabled in your SSO connection, the following actions
    - Invitation found: If the user is a member of the organization or has a pending invitation, sign-in is successful, and the invitation is automatically accepted.
    - No invitation found: If the user is not a member of the organization and has no pending invitation, the sign-in fails, and an `Access denied` error appears. The user must contact an administrator to be invited to the organization.
 
-With JIT disabled, group mapping is only available if you have [SCIM enabled](scim/#enable-scim-in-docker). If SCIM is not enabled, users won't be auto-provisioned to groups.
+With JIT disabled, group mapping is only available if you have [SCIM enabled](/security/for-admins/provisioning/scim/#enable-scim-in-docker). If SCIM is not enabled, users won't be auto-provisioned to groups.
 
 The following graphic provides an overview of SSO authentication with JIT disabled:
 
-![JIT provisioning disabled](../images/jit-disabled-flow.svg)
+![JIT provisioning disabled](../../images/jit-disabled-flow.svg)
 
 ## Disable JIT provisioning
 

content/manuals/security/for-admins/provisioning/scim.md

@@ -6,7 +6,6 @@ description: Learn how System for Cross-domain Identity Management works and how
 aliases:
   - /security/for-admins/scim/
   - /docker-hub/scim/
-  - /security/for-admins/provisioning/scim/
 weight: 30
 ---
 
@@ -70,11 +69,11 @@ set by SCIM. To avoid conflicts, make sure your JIT attribute values match your
 SCIM values.
 >
 > Alternatively, you can disable JIT provisioning to rely solely on SCIM.
-For details, see [Just-in-Time](just-in-time.md).
+For details, see [Just-in-Time](/manuals/security/for-admins/provisioning/just-in-time.md).
 
 ## Prerequisites
 
-- You've [set up SSO](../single-sign-on/_index.md)
+- You've [set up SSO](/manuals/security/for-admins/single-sign-on/_index.md)
 with Docker and verified your domain.
 - You have access to your identity provider's administrator portal with
 permission to create and manage applications.
@@ -192,7 +191,7 @@ Next, [set up role mapping](#set-up-role-mapping).
 
 ## Set up role mapping
 
-You can assign [Docker roles](../roles-and-permissions.md) to
+You can assign [Docker roles](/security/for-admins/roles-and-permissions/) to
 users by adding optional SCIM attributes in your IdP. These attributes override
 default role and team values set in your SSO configuration.
 
@@ -206,9 +205,9 @@ The following table lists the supported optional user-level attributes:
 
 | Attribute | Possible values    | Notes          |
 | --------- | ------------------ | -------------- |
-| `dockerRole` | `member`, `editor`, or `owner` | If not set, the user defaults to the `member` role. Setting this attribute overrides the default.<br><br>For role definitions, see [Roles and permissions](../roles-and-permissions.md). |
+| `dockerRole` | `member`, `editor`, or `owner` | If not set, the user defaults to the `member` role. Setting this attribute overrides the default.<br><br>For role definitions, see [Roles and permissions](manuals/security/for-admins/roles-and-permissions.md). |
 | `dockerOrg` | Docker `organizationName` (e.g., `moby`) | Overrides the default organization configured in your SSO connection.<br><br>If unset, the user is provisioned to the default organization. If `dockerOrg` and `dockerTeam` are both set, the user is provisioned to the team within the specified organization. |
-| `dockerTeam` | Docker `teamName` (e.g., `developers`) | Provisions the user to the specified team in the default or specified organization. If the team doesn't exist, it is automatically created.<br><br>You can still use [group mapping](group-mapping.md) to assign users to multiple teams across organizations. |
+| `dockerTeam` | Docker `teamName` (e.g., `developers`) | Provisions the user to the specified team in the default or specified organization. If the team doesn't exist, it is automatically created.<br><br>You can still use [group mapping](/security/for-admins/provisioning/group-mapping/) to assign users to multiple teams across organizations. |
 
 The external namespace used for these attributes is: `urn:ietf:params:scim:schemas:extension:docker:2.0:User`.
 This value is required in your IdP when creating custom SCIM attributes for Docker.

content/manuals/security/for-admins/roles-and-permissions.md

@@ -4,7 +4,6 @@ keywords: members, teams, organization, company, roles, access, docker hub, admi
 title: Roles and permissions
 aliases:
 - /docker-hub/roles-and-permissions/
-- /security/for-admins/roles-and-permissions/
 weight: 40
 ---
 

content/manuals/security/for-admins/single-sign-on/_index.md

@@ -7,13 +7,12 @@ aliases:
 - /single-sign-on/
 - /admin/company/settings/sso/
 - /admin/organization/security-settings/sso-management/
-- /security/for-admins/single-sign-on/
 weight: 10
 ---
 
 {{< summary-bar feature_name="SSO" >}}
 
-Single sign-on (SSO) lets users access Docker by authenticating using their identity providers (IdPs). SSO is available for a whole company, and all associated organizations within that company, or an individual organization that has a Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](/manuals/subscription/change.md).
+Single sign-on (SSO) lets users access Docker by authenticating using their identity providers (IdPs). SSO is available for a whole company, and all associated organizations within that company, or an individual organization that has a Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](/subscription/upgrade/).
 
 ## How SSO works
 
@@ -26,13 +25,13 @@ The following diagram shows how SSO operates and is managed in Docker Hub and Do
 ## How to set it up
 
 SSO is configured using the following steps:
-1. [Configure SSO](configure.md) by creating and verifying a domain in Docker.
-2. [Create your SSO connection](connect.md) in Docker and your IdP.
+1. [Configure SSO](../single-sign-on/configure.md) by creating and verifying a domain in Docker.
+2. [Create your SSO connection](../single-sign-on/connect.md) in Docker and your IdP.
 3. Cross-connect Docker and your IdP.
 4. Test your connection.
 5. Provision users.
 6. Optional. [Enforce sign-in](../enforce-sign-in/_index.md).
-7. [Manage your SSO configuration](manage.md).
+7. [Manage your SSO configuration](../single-sign-on/manage.md).
 
 Once your SSO configuration is complete, a first-time user can sign in to Docker Hub or Docker Desktop using their company's domain email address. Once they sign in, they are added to your company, assigned to an organization, and if necessary, assigned to a team.
 
@@ -41,12 +40,12 @@ Once your SSO configuration is complete, a first-time user can sign in to Docker
 Before configuring SSO, ensure you meet the following prerequisites:
 * Notify your company about the new SSO sign in procedures.
 * Verify that all users have Docker Desktop version 4.4.2 or later installed.
-* If your organization is planning to [enforce SSO](/manuals/enterprise/security/single-sign-on/connect.md#optional-enforce-sso), members using the Docker CLI are required to [create a Personal Access Token (PAT)](/docker-hub/access-tokens/). The PAT will be used instead of their username and password. Docker plans to deprecate signing in to the CLI with a password in the future, so using a PAT will be required to prevent issues with authentication. For more details see the [security announcement](/manuals/security/security-announcements.md#deprecation-of-password-logins-on-cli-when-sso-enforced).
+* If your organization is planning to [enforce SSO](/manuals/security/for-admins/single-sign-on/connect.md#optional-enforce-sso), members using the Docker CLI are required to [create a Personal Access Token (PAT)](/docker-hub/access-tokens/). The PAT will be used instead of their username and password. Docker plans to deprecate signing in to the CLI with a password in the future, so using a PAT will be required to prevent issues with authentication. For more details see the [security announcement](/security/security-announcements/#deprecation-of-password-logins-on-cli-when-sso-enforced).
 * Ensure all your Docker users have a valid user on your IdP with the same email address as their Unique Primary Identifier (UPN).
 * Confirm that all CI/CD pipelines have replaced their passwords with PATs.
 * For your service accounts, add your additional domains or enable it in your IdP.
 
 ## What's next?
 
-- Start [configuring SSO](configure.md) in Docker
-- Explore the [FAQs](/manuals/security/faqs/_index.md)
+- Start [configuring SSO](../../for-admins/single-sign-on/configure.md) in Docker
+- Explore the [FAQs](../../../security/faqs/single-sign-on/faqs.md)

content/manuals/security/for-admins/single-sign-on/configure.md

@@ -10,7 +10,6 @@ aliases:
   - /single-sign-on/configure/
   - /admin/company/settings/sso-configuration/
   - /admin/organization/security-settings/sso-configuration/
-  - /security/for-admins/single-sign-on/configure/
 ---
 
 {{< summary-bar feature_name="SSO" >}}
@@ -103,4 +102,4 @@ The following videos walk through verifying your domain to create your SSO conne
 
 ## What's next?
 
-[Connect Docker and your IdP](connect.md).
+[Connect Docker and your IdP](../single-sign-on/connect.md).

content/manuals/security/for-admins/single-sign-on/connect.md

@@ -3,8 +3,6 @@ description: Learn how to complete your single-sign on connection and next steps
 keywords: configure, sso, docker hub, hub, docker admin, admin, security
 title: Create an SSO connection
 linkTitle: Connect
-aliases:
- - /security/for-admins/single-sign-on/connect/
 ---
 
 {{< summary-bar feature_name="SSO" >}}
@@ -21,7 +19,7 @@ Make sure you have completed the following before you begin:
 
 - Your domain is verified
 - You have an account set up with an IdP
-- You have completed the steps in the [Configure single sign-on](configure.md) guide
+- You have completed the steps in the [Configure single sign-on](../single-sign-on/configure.md) guide
 
 ## Step one: Create an SSO connection in Docker
 
@@ -83,7 +81,7 @@ The user interface for your IdP may differ slightly from the following steps. Re
     - Name ID format: `EmailAddress`
     - Application username: `Email`
     - Update application on: `Create and update`
-1. Optional. Add SAML attributes. See [SSO attributes](/manuals/enterprise/security/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
+1. Optional. Add SAML attributes. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
 1. Select **Next**.
 1. Select the **This is an internal app that we have created** checkbox.
 1. Select **Finish**.
@@ -100,7 +98,7 @@ The user interface for your IdP may differ slightly from the following steps. Re
 1. Enter the following values from Docker into their corresponding Azure fields:
     - Docker Entity ID: **Identifier**
     - Docker ACS URL: **Reply URL**
-1. Optional. Add SAML attributes. See [SSO attributes](/manuals/enterprise/security/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
+1. Optional. Add SAML attributes. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
 1. Save configuration.
 1. From the **SAML Signing Certificate** section, download your **Certificate (Base64)**.
 
@@ -235,7 +233,7 @@ Your users must now sign in to Docker with SSO.
 
 > [!NOTE]
 >
-> When SSO is enforced, [users can't use passwords to access the Docker CLI](/manuals/security/security-announcements.md#deprecation-of-password-logins-on-cli-when-sso-enforced). Users must use a [personal access token](/manuals/enterprise/security/access-tokens.md) (PAT) for authentication to access the Docker CLI.
+> When SSO is enforced, [users can't use passwords to access the Docker CLI](/security/security-announcements/#deprecation-of-password-logins-on-cli-when-sso-enforced). Users must use a [personal access token](/manuals/security/for-admins/access-tokens.md) (PAT) for authentication to access the Docker CLI.
 
 ## More resources
 
@@ -247,6 +245,6 @@ The following videos demonstrate how to enforce SSO.
 
 ## What's next
 
-- [Provision users](/manuals/enterprise/security/provisioning/_index.md)
+- [Provision users](/manuals/security/for-admins/provisioning/_index.md)
 - [Enforce sign-in](../enforce-sign-in/_index.md)
-- [Create access tokens](/manuals/enterprise/security/access-tokens.md)
+- [Create access tokens](/manuals/security/for-admins/access-tokens.md)

content/manuals/security/for-admins/single-sign-on/manage.md

@@ -6,7 +6,6 @@ linkTitle: Manage
 aliases:
 - /admin/company/settings/sso-management/
 - /single-sign-on/manage/
-- /security/for-admins/single-sign-on/manage/
 ---
 
 {{< summary-bar feature_name="SSO" >}}
@@ -57,14 +56,14 @@ aliases:
 
 > [!IMPORTANT]
 >
-> SSO has Just-In-Time (JIT) Provisioning enabled by default unless you have [disabled it](../provisioning/just-in-time/#sso-authentication-with-jit-provisioning-disabled). This means your users are auto-provisioned to your organization.
+> SSO has Just-In-Time (JIT) Provisioning enabled by default unless you have [disabled it](/security/for-admins/provisioning/just-in-time/#sso-authentication-with-jit-provisioning-disabled). This means your users are auto-provisioned to your organization.
 >
 > You can change this on a per-app basis. To prevent auto-provisioning users, you can create a security group in your IdP and configure the SSO app to authenticate and authorize only those users that are in the security group. Follow the instructions provided by your IdP:
 >
 > - [Okta](https://help.okta.com/en-us/Content/Topics/Security/policies/configure-app-signon-policies.htm)
 > - [Entra ID (formerly Azure AD)](https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users)
 >
-> Alternatively, see the [Provisioning overview](../provisioning/_index.md) guide.
+> Alternatively, see the [Provisioning overview](/manuals/security/for-admins/provisioning/_index.md) guide.
 
 
 ### Add guest users when SSO is enabled
@@ -89,7 +88,7 @@ your organization.
 
 ## Manage provisioning
 
-Users are provisioned with Just-in-Time (JIT) provisioning by default. If you enable SCIM, you can disable JIT. For more information, see the [Provisioning overview](../provisioning/_index.md) guide.
+Users are provisioned with Just-in-Time (JIT) provisioning by default. If you enable SCIM, you can disable JIT. For more information, see the [Provisioning overview](/manuals/security/for-admins/provisioning/_index.md) guide.
 
 ## What's next?
 

content/manuals/security/security-announcements.md

@@ -44,7 +44,7 @@ We strongly encourage you to update to Docker Desktop [4.34.2](/manuals/desktop/
 
 _Last updated July, 2024_
 
-When [SSO enforcement](/manuals/enterprise/security/single-sign-on/connect.md) was first introduced, Docker provided a grace period to continue to let passwords be used on the Docker CLI when authenticating to Docker Hub. This was allowed so organizations could more easily use SSO enforcement. It is recommended that administrators configuring SSO encourage users using the CLI [to switch over to Personal Access Tokens](/manuals/enterprise/security/single-sign-on/_index.md#prerequisites) in anticipation of this grace period ending.
+When [SSO enforcement](/manuals/security/for-admins/single-sign-on/connect.md) was first introduced, Docker provided a grace period to continue to let passwords be used on the Docker CLI when authenticating to Docker Hub. This was allowed so organizations could more easily use SSO enforcement. It is recommended that administrators configuring SSO encourage users using the CLI [to switch over to Personal Access Tokens](/security/for-admins/single-sign-on/#prerequisites) in anticipation of this grace period ending.
 
 On September 16, 2024 the grace period will end and passwords will no longer be able to authenticate to Docker Hub via the Docker CLI when SSO is enforced. Affected users are required to switch over to using PATs to continue signing in.
 
@@ -91,9 +91,9 @@ If you are unable to update to an unaffected version promptly, follow these best
 
 * Only use trusted Docker images (such as [Docker Official Images](../docker-hub/image-library/trusted-content.md#docker-official-images)).
 * Don’t build Docker images from untrusted sources or untrusted Dockerfiles.
-* If you are a Docker Business customer using Docker Desktop and unable to update to v4.27.1, make sure to enable [Hardened Docker Desktop](/manuals/enterprise/security/hardened-desktop/_index.md) features such as:
-  * [Enhanced Container Isolation](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md), which mitigates the impact of CVE-2024-21626 in the case of running containers from malicious images.
-  * [Image Access Management](/manuals/enterprise/security/hardened-desktop/image-access-management.md), and [Registry Access Management](/manuals/enterprise/security/hardened-desktop/registry-access-management.md), which give organizations control over which images and repositories their users can access.
+* If you are a Docker Business customer using Docker Desktop and unable to update to v4.27.1, make sure to enable [Hardened Docker Desktop](/manuals/security/for-admins/hardened-desktop/_index.md) features such as:
+  * [Enhanced Container Isolation](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md), which mitigates the impact of CVE-2024-21626 in the case of running containers from malicious images.
+  * [Image Access Management](for-admins/hardened-desktop/image-access-management.md), and [Registry Access Management](/manuals/security/for-admins/hardened-desktop/registry-access-management.md), which give organizations control over which images and repositories their users can access.
 * For CVE-2024-23650, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, avoid using BuildKit frontend from an untrusted source. A frontend image is usually specified as the #syntax line on your Dockerfile, or with `--frontend` flag when using the `buildctl build` command.
 * To mitigate CVE-2024-24557, make sure to either use BuildKit or disable caching when building images. From the CLI this can be done via the `DOCKER_BUILDKIT=1` environment variable (default for Moby >= v23.0 if the buildx plugin is installed) or the `--no-cache flag`. If you are using the HTTP API directly or through a client, the same can be done by setting `nocache` to `true` or `version` to `2` for the [/build API endpoint](https://docs.docker.com/reference/api/engine/version/v1.44/#tag/Image/operation/ImageBuild).
 

content/manuals/security/troubleshoot/troubleshoot-sso.md

@@ -112,7 +112,7 @@ If you have SCIM enabled, troubleshoot your SCIM connection using the following
 1. Navigate back to the **SSO and SCIM** page of the Admin Console and verify your SCIM configuration:
     - Ensure that the SCIM Base URL and API Token in your IdP match those provided in the Docker Admin Console.
     - Verify that SCIM is enabled in both Docker and your IdP.
-1. Ensure that the attributes being synced from your IdP match Docker's [supported attributes](/manuals/enterprise/security/provisioning/scim.md#supported-attributes) for SCIM.
+1. Ensure that the attributes being synced from your IdP match Docker's [supported attributes](/manuals/security/for-admins/provisioning/scim.md#supported-attributes) for SCIM.
 1. Test user provisioning by trying to provision a test user through your IdP and verify if they appear in Docker.
 
 ## IdP-initiated sign in is not enabled for connection
@@ -184,7 +184,7 @@ Ensure that the IdP SSO connection is returning the correct UPN value in the ass
 
 **Add and verify all domains**
 
-Add and verify all domains and subdomains used as UPN by your IdP and associate them with your Docker SSO connection. For details, see [Configure single sign-on](/manuals/enterprise/security/single-sign-on/configure.md).
+Add and verify all domains and subdomains used as UPN by your IdP and associate them with your Docker SSO connection. For details, see [Configure single sign-on](/manuals/security/for-admins/single-sign-on/configure.md).
 
 ## Unable to find session
 

content/manuals/subscription/details.md

@@ -118,12 +118,12 @@ rollover month to month.
 - No Docker Hub image pull rate limits.
 
 In addition, you gain access to enterprise-grade features, such as:
-- [Hardened Docker Desktop](/manuals/enterprise/security/hardened-desktop/_index.md)
+- [Hardened Docker Desktop](../security/for-admins/hardened-desktop/_index.md)
 - [Image Access
-  Management](/manuals/enterprise/security/hardened-desktop/image-access-management.md)
+  Management](../security/for-admins/hardened-desktop/image-access-management.md)
   which lets admins control what content developers can access
 - [Registry Access
-  Management](/manuals/enterprise/security/hardened-desktop/registry-access-management.md)
+  Management](../security/for-admins/hardened-desktop/registry-access-management.md)
   which lets admins control what registries developers can access
 - [Company layer](/admin/company/) to manage multiple organizations and settings
 - [Single sign-on](/security/for-admins/single-sign-on/)
@@ -240,9 +240,9 @@ use of Docker components including Docker Desktop and Docker Hub.
 
 Legacy Docker Business includes:
 - Everything included in legacy Docker Team
-- [Hardened Docker Desktop](/manuals/enterprise/security/hardened-desktop/_index.md)
-- [Image Access Management](/manuals/enterprise/security/hardened-desktop/image-access-management.md) which lets admins control what content developers can access
-- [Registry Access Management](/manuals/enterprise/security/hardened-desktop/registry-access-management.md) which lets admins control what registries developers can access
+- [Hardened Docker Desktop](../security/for-admins/hardened-desktop/_index.md)
+- [Image Access Management](../security/for-admins/hardened-desktop/image-access-management.md) which lets admins control what content developers can access
+- [Registry Access Management](../security/for-admins/hardened-desktop/registry-access-management.md) which lets admins control what registries developers can access
 - [Company layer](/admin/company/) to manage multiple organizations and settings
 - [Single Sign-On](/security/for-admins/single-sign-on/)
 - [System for Cross-domain Identity Management](/security/for-admins/provisioning/scim/) and more.