From aca1285b6150f1f0006f6e1b420679e19c15d788 Mon Sep 17 00:00:00 2001
From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
Date: Mon, 14 Nov 2022 13:14:14 +0000
Subject: [PATCH] Eci patch 2 (#16152)

* correct outdated eci information

* move IAM into Hardened Desktop
---
 _data/toc.yaml                                |  2 ++
 assets/images/image-access.svg                |  1 +
 .../enhanced-container-isolation/index.md     |  2 +-
 desktop/hardened-desktop/index.md             | 23 +++++++++++++++----
 .../settings-management/index.md              |  4 ++--
 5 files changed, 24 insertions(+), 8 deletions(-)
 create mode 100644 assets/images/image-access.svg

diff --git a/_data/toc.yaml b/_data/toc.yaml
index 373157db3d..08b02756da 100644
--- a/_data/toc.yaml
+++ b/_data/toc.yaml
@@ -1297,6 +1297,8 @@ manuals:
             title: FAQs and known issues
         - path: /desktop/hardened-desktop/registry-access-management/
           title: Registry Access Management
+        - path: /docker-hub/image-access-management/
+          title: Image Access Management
     - sectiontitle: Dev Environments (Beta)
       section:
         - path: /desktop/dev-environments/
diff --git a/assets/images/image-access.svg b/assets/images/image-access.svg
new file mode 100644
index 0000000000..cb28526f87
--- /dev/null
+++ b/assets/images/image-access.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 0 24 24" width="24px" fill="#677285"><path d="M0 0h24v24H0V0z" fill="none"/><path d="M22 16V4c0-1.1-.9-2-2-2H8c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2zm-10.6-3.47l1.63 2.18 2.58-3.22c.2-.25.58-.25.78 0l2.96 3.7c.26.33.03.81-.39.81H9c-.41 0-.65-.47-.4-.8l2-2.67c.2-.26.6-.26.8 0zM2 7v13c0 1.1.9 2 2 2h13c.55 0 1-.45 1-1s-.45-1-1-1H5c-.55 0-1-.45-1-1V7c0-.55-.45-1-1-1s-1 .45-1 1z"/></svg>
\ No newline at end of file
diff --git a/desktop/hardened-desktop/enhanced-container-isolation/index.md b/desktop/hardened-desktop/enhanced-container-isolation/index.md
index 6756887301..fd45d6b0c2 100644
--- a/desktop/hardened-desktop/enhanced-container-isolation/index.md
+++ b/desktop/hardened-desktop/enhanced-container-isolation/index.md
@@ -31,7 +31,7 @@ Enhanced Container Isolation helps ensure strong container isolation and also lo
 
 ### What happens when Enhanced Container Isolation is enabled?
 
-When Enhanced Container Isolation is enabled using [Settings Management](../settings-management/index.md), the following features are enabled: 
+When Enhanced Container Isolation is turned on, the following features are enabled: 
 
 - All user containers are automatically run in Linux User Namespaces which ensures stronger isolation.
 - The root user in the container maps to an unprivileged user at VM level.
diff --git a/desktop/hardened-desktop/index.md b/desktop/hardened-desktop/index.md
index f0ce2b0ce4..3ab1563b36 100644
--- a/desktop/hardened-desktop/index.md
+++ b/desktop/hardened-desktop/index.md
@@ -1,7 +1,7 @@
 ---
 title: Hardened Desktop
 description: Overview of what Hardened Desktop is
-keywords: security, hardened desktop, enhanced container isolation, registry access management, admin controls, root access, admins, docker desktop
+keywords: security, hardened desktop, enhanced container isolation, registry access management, settings management root access, admins, docker desktop, image access management
 ---
 >Note
 >
@@ -17,13 +17,14 @@ Hardened Desktop includes:
 - Settings Management, which helps admins to confidently manage and control the usage of Docker Desktop within their organization.
 - Enhanced Container Isolation, a setting that instantly enhances security by preventing containers from running as root in Docker Desktop’s Linux VM and ensures that any configurations set using Settings Management, cannot be modified by containers.
 - Registry Access Management, which allows admins to control the registries developers can access.
+- Image Access Management, which gives admins control over which images developers can pull from Docker Hub.
 
 Docker plans to continue adding more security enhancements to the Hardened Desktop security model.
 
  <div class="component-container">
     <!--start row-->
     <div class="row">
-      <div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block">
+      <div class="col-xs-12 col-sm-12 col-md-12 col-lg-6 block">
         <div class="component">
             <div class="component-icon">
                  <a href="/desktop/hardened-desktop/settings-management/"><img src="/assets/images/lock.svg" alt="Hardened Desktop" width="70" height="70"></a>
@@ -32,7 +33,7 @@ Docker plans to continue adding more security enhancements to the Hardened Deskt
                 <p>Learn how Settings Management can secure your developers' workflows.</p>
          </div>
      </div>
-     <div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block">
+     <div class="col-xs-12 col-sm-12 col-md-12 col-lg-6 block">
         <div class="component">
             <div class="component-icon">
                 <a href="/desktop/hardened-desktop/enhanced-container-isolation"><img src="/assets/images/secure.svg" alt="Release notes" width="70" height="70"></a>
@@ -41,7 +42,11 @@ Docker plans to continue adding more security enhancements to the Hardened Deskt
                 <p>Understand how Enhanced Container Isolation can prevent container attacks. </p>
         </div>
     </div>
-    <div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block">
+    </div>
+</div>
+<div class="component-container">
+    <!--start row-->
+    <div class="col-xs-12 col-sm-12 col-md-12 col-lg-6 block">
         <div class="component">
             <div class="component-icon">
                  <a href="/desktop/hardened-desktop/registry-access-management/"><img src="/assets/images/registry.svg" alt="Hardened Desktop" width="70" height="70"></a>
@@ -50,6 +55,14 @@ Docker plans to continue adding more security enhancements to the Hardened Deskt
                 <p>Control the registries developers can access while using Docker Desktop.</p>
          </div>
      </div>
-    </div>
+     <div class="col-xs-12 col-sm-12 col-md-12 col-lg-6 block">
+        <div class="component">
+            <div class="component-icon">
+                 <a href="/docker-hub/image-access-management/"><img src="/assets/images/image-access.svg" alt="Hardened Desktop" width="70" height="70"></a>
+            </div>
+                <h2 id="hardened-desktop"><a href="/docker-hub/image-access-management/">Image Access Management</a></h2>
+                <p>Control the images developers can pull from Docker Hub.</p>
+         </div>
+     </div>
 </div>
 
diff --git a/desktop/hardened-desktop/settings-management/index.md b/desktop/hardened-desktop/settings-management/index.md
index f74e6a0fd4..7411f3236f 100644
--- a/desktop/hardened-desktop/settings-management/index.md
+++ b/desktop/hardened-desktop/settings-management/index.md
@@ -9,7 +9,7 @@ title: What is Settings Management?
 
 Settings Management is a feature that helps admins to control certain Docker Desktop settings on client machines within their organization. 
 
-With a few lines of JSON, admins can configure controls for Docker Desktop settings such as proxies and network settings. For an extra layer of security, admins can also use Settings Management to enable [Enhanced Container Isolation](../enhanced-container-isolation/index.md) which ensures that any configurations set with Settings Management cannot be modified by containers.
+With a few lines of JSON, admins can configure controls for Docker Desktop settings such as proxies and network settings. For an extra layer of security, admins can also use Settings Management to enable and lock in [Enhanced Container Isolation](../enhanced-container-isolation/index.md) which ensures that any configurations set with Settings Management cannot be modified by containers.
 
 It is available with [Docker Desktop 4.13.0 or later](../../release-notes.md).
 
@@ -29,7 +29,7 @@ Values that are set to `locked: true` within the `admin-settings.json` override
 
 Using the `admin-settings.json` file, admins can:
 
-- Enable [Enhanced Container Isolation](../enhanced-container-isolation/index.md) (currently incompatible with WSL)
+- Enable and lock in [Enhanced Container Isolation](../enhanced-container-isolation/index.md) (currently incompatible with WSL)
 - Configure HTTP proxies
 - Configure network settings
 - Enforce the use of WSL2 based engine or Hyper-V