security: improve settings docs

content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md

@@ -83,6 +83,24 @@ When settings are enforced:
 
 This ensures consistent environments while maintaining a clear visual indication of which settings are managed by administrators.
 
+## View applied settings
+
+When administrators apply Settings Management policies, Docker Desktop grays out most enforced settings in the GUI.
+
+The Docker Desktop GUI doesn't currently display all centralized settings,
+particularly Enhanced Container Isolation (ECI) settings that administrators
+apply via the Admin Console.
+
+As a workaround, you can check the `settings-store.json` file to view all
+applied settings:
+
+  - Mac: `~/Library/Application Support/Docker/settings-store.json`
+  - Windows: `%APPDATA%\Docker\settings-store.json`
+  - Linux: `~/.docker/desktop/settings-store.json`
+
+The `settings-store.json` file contains all settings, including those that
+may not appear in the Docker Desktop GUI.
+
 ## Limitations
 
 Settings Management has the following limitations:

content/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md

@@ -81,6 +81,16 @@ For existing installations:
 
 Docker Desktop checks for policy updates when it launches and every 60 minutes while running.
 
+## Verify applied settings
+
+After you apply policies:
+
+- Docker Desktop displays most settings as greyed out
+- Some settings, particularly Enhanced Container Isolation configurations,
+may not appear in the GUI
+- You can verify all applied settings by checking the [`settings-store.json`
+file](/manuals/desktop/settings-and-maintenance/settings.md) on your system
+
 ## Manage existing policies
 
 From the **Desktop Settings Management** page in the Admin Console, use the **Actions** menu to:

content/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md

@@ -62,7 +62,36 @@ Settings where `locked` is set to `false` are ignored on existing installs if
 a user has already customized that value in `settings-store.json`,
 `settings.json`, or `daemon.json`.
 
-### Example configuration
+### Grouped settings
+
+Docker Desktop groups some settings together with a single toggle that controls
+the entire section. These include:
+
+- Enhanced Container Isolation (ECI): Uses a main toggle (`enhancedContainerIsolation`) that enables/disables the entire feature, with sub-settings for specific configurations
+- Kubernetes: Uses a main toggle (`kubernetes.enabled`) with sub-settings for cluster configuration
+- Docker Scout: Groups settings under the `scout` object
+
+When configuring grouped settings:
+
+1. Set the main toggle to enable the feature
+1. Configure sub-settings within that group
+1. When you lock the main toggle, users cannot modify any settings in that group
+
+Example for `enhancedContainerIsolation`:
+
+```json
+"enhancedContainerIsolation": {
+  "locked": true,  // This locks the entire ECI section
+  "value": true,   // This enables ECI
+  "dockerSocketMount": {  // These are sub-settings
+    "imageList": {
+      "images": ["docker.io/testcontainers/ryuk:*"]
+    }
+  }
+}
+```
+
+### Example `admin-settings.json` file
 
 The following sample is an `admin-settings.json` file with common enterprise settings configured. You can use this example as a template with the [`admin-settings.json` configurations](#admin-settingsjson-configurations):
 

content/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md

@@ -265,7 +265,7 @@ host directories into containers.
 usage statistics and crash reports to Docker. This setting affects telemetry
 gathered from the Docker Desktop application itself. It does not affect
 server-side telemetry collected via Docker Hub or other backend services, such
-as login timestamps, pulls, or builds.
+as sign in timestamps, pulls, or builds.
 - **OS:** {{< badge color=blue text="All" >}}
 - **Use case:** Help Docker improve the product based on usage patterns.
 - **Configure this setting with:**