Settings reference

This reference documents all Docker Desktop settings and configuration options. Use this to understand setting behavior across different configuration methods and platforms.

Each setting includes:

• Default and accepted values
• Platform compatibility
• Configuration methods (Docker Desktop GUI, Admin Console, admin-settings.json file, or CLI)
• Enterprise security recommendations where applicable

How to use this reference

Settings are organized to match the Docker Desktop GUI structure. Configuration methods are indicated with these labels:

• Desktop GUI: Configurable through Docker Desktop settings interface
• Admin Console: Configurable through the Docker Admin Console using Settings Management
• JSON file: Configurable through admin-settings.json using Settings Management
• CLI: Configurable through command-line tools

General settings

Start Docker Desktop when you sign in to your computer

• Description: Automatic startup of Docker Desktop when the user logs in to their computer.
• OS: All
• Use case: Ensure Docker Desktop is always available after system boot.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Open Docker Dashboard when Docker Desktop starts

• Description: Whether the Docker Dashboard opens automatically when Docker Desktop launches.
• OS: All
• Use case: Provide immediate access to containers, images, and volumes after startup.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Choose theme for Docker Desktop

• Description: Visual appearance of the Docker Desktop interface.
• OS: All
• Use case: Customize interface appearance to match user preferences or system theme.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Configure shell completions

• Description: How Docker CLI auto-completion integrates with the user's shell.
• OS: All
• Use case: Control whether Docker modifies shell configuration files for auto-completion.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Choose container terminal

• Description: Default terminal used when launching Docker CLI from Docker Desktop.
• OS: All
• Use case: Set preferred terminal application for Docker CLI interactions.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Enable Docker terminal

• Description: Access to Docker Desktop's integrated terminal feature. If the value is set to false, users can't use the Docker terminal to interact with the host machine and execute commands directly from Docker Desktop.
• OS: All
• Use case: Allow or restrict developer access to the built-in terminal for host system interaction.
• Configure this setting with:
  • General setting in Docker Desktop GUI
  • Settings Management: desktopTerminalEnabled setting in the admin-settings.json file

Note

In hardened environments, disable and lock this setting to limit host access.

Enable Docker Debug by default

• Description: Whether debug logging is turned on by default for Docker CLI commands.
• OS: All
• Use case: Provide verbose output for troubleshooting and support scenarios.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Include VM in Time Machine backup

• Description: Whether the Docker Desktop virtual machine is included in macOS Time Machine backups.
• OS: Mac only
• Use case: Balance backup completeness with backup size and performance.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Use containerd for pulling and storing images

• Description: Image storage backend used by Docker Desktop.
• OS: All
• Use case: Improve image handling performance and enable containerd-native features.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Choose Virtual Machine Manager

Docker VMM

Apple Virtualization framework

• Description: Use Apple Virtualization Framework to run Docker containers.
• OS: Mac only
• Use case: Improve VM performance on Apple Silicon.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Rosetta

• Description: Use Rosetta to emulate amd64 on Apple Silicon. If value is set to true, Docker Desktop turns on Rosetta to accelerate x86_64/amd64 binary emulation on Apple Silicon.
• OS: Mac only 13+
• Use case: Run Intel-based containers on Apple Silicon hosts.
• Configure this setting with:
  • General settings in Docker Desktop GUI
  • Settings Management:useVirtualizationFrameworkRosetta setting in the admin-settings.json file
  • Settings Management: Use Rosetta for x86_64/amd64 emulation on Apple Silicon setting in the Admin Console

Note

In hardened environments, disable and lock this setting so only ARM-native images are permitted.

Note

Rosetta requires enabling Apple Virtualization framework.

QEMU

Warning

QEMU has been deprecated in Docker Desktop versions 4.44 and later. For more information, see the blog announcement

Choose file sharing implementation

VirtioFS

• Description: Use VirtioFS for fast, native file sharing between host and containers. If value is set to true, VirtioFS is set as the file sharing mechanism. If both VirtioFS and gRPC are set to true, VirtioFS takes precedence.
• OS: Mac only 12.5+
• Use case: Achieve better file system performance and compatibility on modern macOS.
• Configure this setting with:
  • General settings in Docker Desktop GUI
  • Settings Management: useVirtualizationFrameworkVirtioFS setting in the admin-settings.json file
  • Settings Management: Use VirtioFS for file sharing setting in the Admin Console

Note

In hardened environments, enable and lock this setting for macOS 12.5 and later.

gRPC FUSE

• Description: Enable gRPC FUSE for macOS file sharing. If value is set to true, gRPC Fuse is set as the file sharing mechanism.
• OS: Mac only
• Use case: Alternative file sharing with improved performance over legacy osxfs.
• Configure this setting with:
  • General settings in Docker Desktop GUI
  • Settings Management: useGrpcfuse setting in the admin-settings.json file
  • Settings Management: Use gRPC FUSE for file sharing setting in the Admin Console

Note

In hardened environments, disable and lock this setting.

osxfs

• Description: Use the original osxfs file sharing driver for macOS. When set to true, Docker Desktop uses osxfs instead of VirtioFS or gRPC FUSE to mount host directories into containers.
• OS: Mac only
• Use case: Compatibility with legacy tooling that requires the original file sharing implementation.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Send usage statistics

• Description: Controls whether Docker Desktop collects and sends local usage statistics and crash reports to Docker. This setting affects telemetry gathered from the Docker Desktop application itself. It does not affect server-side telemetry collected via Docker Hub or other backend services, such as sign in timestamps, pulls, or builds.
• OS: All
• Use case: Help Docker improve the product based on usage patterns.
• Configure this setting with:
  • General settings in Docker Desktop GUI
  • Settings Management: analyticsEnabled setting in the admin-settings.json file
  • Settings Management: Send usage statistics setting in the Admin Console

Note

In hardened environments, disable and lock this setting. This allows you to control all your data flows and collect support logs via secure channels if needed.

Note

Organizations using the Insights Dashboard may need this setting enabled to ensure that developer activity is fully visible. If users opt out and the setting is not locked, their activity may be excluded from analytics views.

Use Enhanced Container Isolation

• Description: Advanced container security through Linux user namespaces and additional isolation.
• OS: All
• Use case: Prevent containers from modifying Docker Desktop VM configuration or accessing sensitive host areas.
• Configure this setting with:
  • General settings in Docker Desktop GUI
  • Settings Management: enhancedContainerIsolation setting in the admin-settings.json file
  • Settings Management: Enable enhanced container isolation setting in the Admin Console

Note

In hardened environments, disable and lock this setting. This allows you to control all your data flows and collect support logs via secure channels if needed.

Show CLI hints

• Description: Display of helpful CLI suggestions in the terminal when using Docker commands.
• OS: All
• Use case: Help users discover Docker CLI features through contextual tips.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Enable Scout image analysis

• Description: Docker Scout SBOM generation and vulnerability scanning for container images.
• OS: All
• Use case: Turn on vulnerability scanning and software bill of materials analysis.
• Configure this setting with:
  • General settings in Docker Desktop GUI
  • Settings Management: sbomIndexing setting in the admin-settings.json file
  • Settings Management: SBOM indexing settings in the Admin Console

Note

In hardened environments, enable and lock this setting to ensure compliance scanning is always available.

Enable background Scout SBOM indexing

• Description: Automatic SBOM indexing for images without requiring user interaction.
• OS: All
• Use case: Keep image metadata current by indexing during idle time or after image operations.
• Configure this setting with:
  • General settings in Docker Desktop GUI

Note

In hardened environments, enable and lock this setting for continuous security analysis.

Automatically check configuration

• Description: Regular verification that Docker Desktop configuration hasn't been modified by external applications.
• OS: All
• Use case: Track configuration versions for compatibility and change detection.
• Configure this setting with:
  • General settings in Docker Desktop GUI
  • Settings Management: configurationFileVersion setting in the admin-settings.json file

Resources settings

CPU limit

• Description: Number of CPU cores allocated to the Docker Desktop virtual machine.
• OS: All
• Use case: Balance Docker performance with host system resource availability.
• Configure this setting with:
  • Advanced Resources settings in Docker Desktop GUI

Memory limit

• Description: Amount of RAM (in MiB) allocated to the Docker Desktop virtual machine.
• OS: All
• Use case: Control memory allocation to optimize performance for both Docker and host applications.
• Configure this setting with:
  • Advanced Resources settings in Docker Desktop GUI

Swap

• Description: Amount of swap space (in MiB) available to the Docker virtual machine.
• OS: All
• Use case: Extend available memory for container workloads when physical RAM is limited.
• Configure this setting with:
  • Advanced Resources settings in Docker Desktop GUI

Disk usage limit

• Description: Maximum disk space (in MiB) allocated for Docker Desktop data.
• OS: All
• Use case: Prevent Docker from consuming excessive disk space on the host system.
• Configure this setting with:
  • Advanced Resources settings in Docker Desktop GUI

Disk image location

• Description: File system path where Docker Desktop stores virtual machine data.
• OS: All
• Use case: Move Docker data to custom storage locations for performance or space management.
• Configure this setting with:
  • Advanced Resources settings in Docker Desktop GUI

Enable Resource Saver

• Description: Automatic pausing of Docker Desktop when idle to conserve system resources.
• OS: All
• Use case: Reduce CPU and memory usage when Docker Desktop isn't actively being used.
• Configure this setting with:
  • Advanced Resources settings in Docker Desktop GUI

File sharing directories

• Description: Host directories that can be mounted into containers as volumes.
• OS: All
• Use case: Define which host directories containers can access for development workflows.
• Configure this setting with:
  • File sharing Resources settings in Docker Desktop GUI
  • Settings Management: filesharingAllowedDirectories setting in the admin-settings.json file
  • Settings Management: Allowed file sharing directories setting in the Admin Console

Note

In hardened environments, lock to an explicit allowlist and disable end-user edits.

Proxy exclude

• Description: Network addresses that containers should bypass when using proxy settings.
• OS: All
• Use case: Define proxy exceptions for internal services or specific domains.
• Configure this setting with:
  • Proxies Resources settings in Docker Desktop GUI
  • Settings Management: proxy setting with manual and exclude modes in the admin-settings.json file

Note

In hardened environments, disable and lock this setting to maintain strict proxy control.

Docker subnet

• Description: Overrides the network range used for vpnkit DHCP/DNS for *.docker.internal.
• OS: Mac only
• Use case: Customize the subnet used for Docker container networking.
• Configure this setting with:
  • Settings Management: vpnkitCIDR setting in the admin-settings.json file
  • Settings Management: VPN Kit CIDR setting in the Admin Console

Use kernel networking for UDP

• Description: Use the host’s kernel network stack for UDP traffic instead of Docker’s virtual network driver. This enables faster and more direct UDP communication, but may bypass some container isolation features.
• OS: All
• Use case: Improve performance for UDP-intensive applications like real-time media, DNS, or gaming.
• Configure this setting with:
  • Network Resources settings in Docker Desktop GUI

Enable host networking

• Description: Experimental support for containers to use the host network stack directly.
• OS: All
• Use case: Allow containers to bypass Docker's network isolation for specific scenarios.
• Configure this setting with:
  • Network Resources settings in Docker Desktop GUI

Networking mode

• Description: Default IP protocol used when Docker creates new networks.
• OS: Windows and Mac
• Use case: Align with network infrastructure that supports only IPv4 or IPv6.
• Configure this setting with:
  • Network Resources settings in Docker Desktop GUI
  • Settings Management: defaultNetworkingMode setting in the admin-settings.json file

For more information, see Networking.

Inhibit DNS resolution for IPv4/IPv6

• Description: Filters unsupported DNS record types. Requires Docker Desktop version 4.43 and up.
• OS: Windows and Mac
• Use case: Control how Docker filters DNS records returned to containers, improving reliability in environments where only IPv4 or IPv6 is supported.
• Configure this setting with:
  • Network Resources settings in Docker Desktop GUI
  • Settings Management: dnsInhibition setting in the admin-settings.json file

For more information, see Networking.

Enable WSL engine

• Description: If the value is set to true, Docker Desktop uses the WSL2 based engine. This overrides anything that may have been set at installation using the --backend=<backend name> flag.
• OS: Windows only + WSL
• Use case: Run Linux containers on Windows using the WSL 2 backend for better performance.
• Configure this setting with:
  • WSL Integration Resources settings in Docker Desktop GUI
  • Settings Management: wslEngineEnabled setting in the admin-settings.json file
  • Settings Management: Windows Subsystem for Linux (WSL) Engine setting in the Admin Console

Note

In hardened environments, enable and lock this setting for improved security and performance.

Docker Engine settings

The Docker Engine settings let you configure low-level daemon settings through a raw JSON object. These settings are passed directly to the dockerd process that powers container management in Docker Desktop.

• Description: Customize the behavior of the Docker daemon using a structured JSON config passed directly to dockerd.
• OS: All
• Use case: Configure registry access, enable debug logging, or turn on experimental features.
• Configure this setting with:
  • Docker Engine settings in Docker Desktop GUI

Note

In hardened environments, provide a vetted configuration and lock it to prevent unauthorized daemon modifications.

Important

Values for this setting are passed as-is to the Docker daemon. Invalid or unsupported fields may prevent Docker Desktop from starting.

Builders settings

Builders settings lets you manage Buildx builder instances for advanced image-building scenarios, including multi-platform builds and custom backends.

• Description: Buildx builder instances for advanced image building scenarios.
• OS: All
• Use case: Set up cross-platform builds, remote builders, or custom build environments.
• Configure this setting with:
  • Builders settings in Docker Desktop GUI

Note

Builder definitions are structured as an array of objects, each describing a builder instance. Conflicting or unsupported configurations may cause build errors.

Kubernetes settings

Enable Kubernetes

• Description: Local Kubernetes cluster integration with Docker Desktop.
• OS: All
• Use case: Provide local Kubernetes development environment for testing and development.
• Configure this setting with:
  • Kubernetes settings in Docker Desktop GUI
  • Settings Management: kubernetes setting in the admin-settings.json file
  • Settings Management: Allow Kubernetes setting in the Admin Console

Note

In hardened environments, disable and lock this setting unless Kubernetes development is specifically required.

Important

When Kubernetes is enabled through Settings Management policies, only the kubeadm cluster provisioning method is supported. The kind provisioning method is not yet supported by Settings Management.

Choose cluster provisioning method

• Description: Kubernetes cluster topology and node configuration.
• OS: All
• Use case: Choose between single-node (kubeadm) or multi-node (kind)` cluster configurations for different development needs.
• Configure this setting with:
  • Kubernetes settings in Docker Desktop GUI

Kubernetes node count (kind provisioning)

• Description: Number of nodes in multi-node Kubernetes clusters.
• OS: All
• Use case: Scale cluster size for testing distributed applications or cluster features.
• Configure this setting with:
  • Kubernetes settings in Docker Desktop GUI

Kubernetes node version (kind provisioning)

• Description: Kubernetes version used for cluster nodes.
• OS: All
• Use case: Pin specific Kubernetes versions for consistency or compatibility requirements.
• Configure this setting with:
  • Kubernetes settings in Docker Desktop GUI

Show system containers

• Description: Visibility of Kubernetes system containers in Docker Desktop Dashboard.
• OS: All
• Use case: Allow developers to view and debug kube-system containers.
• Configure this setting with:
  • Kubernetes settings in Docker Desktop GUI

Note

In hardened environments, disable and lock this setting to reduce interface complexity.

Custom Kubernetes image repository

• Description: Registry used for Kubernetes control plane images instead of Docker Hub. This allows Docker Desktop to pull Kubernetes system images from a private registry or mirror instead of Docker Hub. This setting overrides the [registry[:port]/][namespace] portion of image names.
• OS: All
• Use case: Support air-gapped environments or when Docker Hub access is restricted.
• Configure this setting with:
  • Settings Management: KubernetesImagesRepository settings in the admin-settings.json file
  • Settings Management: Kubernetes Images Repository setting in the Admin Console

Note

Images must be mirrored from Docker Hub with matching tags. Required images depend on the cluster provisioning method.

Important

When using custom image repositories with Enhanced Container Isolation, add these images to the ECI allowlist: [imagesRepository]/desktop-cloud-provider-kind:* and [imagesRepository]/desktop-containerd-registry-mirror:*.

Software updates settings

Automatically check for updates

• Description: Whether Docker Desktop checks for and notifies about available updates. If the value is set to true, checking for updates and notifications about Docker Desktop updates are disabled.
• OS: All
• Use case: Control update notifications and automatic version checking.
• Configure this setting with:
  • Settings Management: disableUpdate setting in the admin-settings.json file
  • Settings Management: Disable update setting in the Admin Console

Note

In hardened environments, enable this setting and lock. This guarantees that only internally vetted versions are installed.

Always download updates

• Description: Automatic downloading of Docker Desktop updates when they become available.
• OS: All
• Use case: Manage bandwidth usage and control when updates are downloaded.
• Configure this setting with:
  • Software updates settings in Docker Desktop GUI
  • Settings Management: Disable updates setting in the Admin Console

Extensions settings

Enable Docker extensions

• Description: Access to Docker Extensions marketplace and installed extensions.
• OS: All
• Use case: Control whether users can install and run Docker Extensions.
• Configure this setting with:
  • Extensions settings in Docker Desktop GUI
  • Settings Management: extensionsEnabled setting in the admin-settings.json file
  • Settings Management: Allow Extensions setting in the Admin Console

Note

In hardened environments, disable and lock this setting. This prevents third-party or unvetted plugins from being installed.

Allow only extensions distributed through the Docker Marketplace

• Description: Restriction of Docker Extensions to only those available through the official marketplace.
• OS: All
• Use case: Prevent installation of third-party or locally developed extensions.
• Configure this setting with:
  • Extensions settings in Docker Desktop GUI

Show Docker Extensions system containers

• Description: Visibility of system containers used by Docker Extensions in the container list.
• OS: All
• Use case: Help developers troubleshoot extension issues by viewing underlying containers.
• Configure this setting with:
  • Extensions settings in Docker Desktop GUI

Beta features settings

Important

For Docker Desktop versions 4.41 and earlier, these settings were under the Experimental features tab on the Features in development page.

Enable Docker AI

• Description: Docker AI features including "Ask Gordon" functionality.
• OS: All
• Use case: Turn on AI-powered assistance and recommendations within Docker Desktop.
• Configure this setting with:
  • Beta settings in Docker Desktop GUI
  • Settings Management: enableDockerAI setting in the admin-settings.json file

Enable Docker Model Runner

• Description: Docker Model Runner functionality for running AI models in containers.
• OS: All
• Use case: Run and manage AI/ML models using Docker infrastructure.
• Configure this setting with:
  • Beta settings in Docker Desktop GUI
  • Settings Management: enableDockerAI setting in the admin-settings.json file

Enable host-side TCP support

• Description: TCP connectivity for Docker Model Runner services.
• OS: All
• Use case: Allow external applications to connect to Model Runner via TCP.
• Configure this setting with:
  • Beta settings in Docker Desktop GUI
  • Settings Management: enableDockerAI setting in the admin-settings.json file

Note

This setting requires Docker Model Runner setting to be enabled first.

Port

• Description: Specific port used for Model Runner TCP connections.
• OS: All
• Use case: Customize the port for Model Runner TCP connectivity.
• Configure this setting with:
  • Beta features settings in Docker Desktop GUI
  • Settings Management: enableInferenceTCP setting in the admin-settings.json file

CORS Allowed Origins

• Description: Cross-origin resource sharing settings for Model Runner web integration.
• OS: All
• Use case: Allow web applications to connect to Model Runner services.
• Configure this setting with:
  • Beta features settings in Docker Desktop GUI
  • Settings Management: enableInferenceCORS setting in the admin-settings.json file

Enable Docker MCP Toolkit

• Description: Enable Docker MCP Toolkit in Docker Desktop.
• OS: All
• Use case: Turn on MCP toolkit features for AI model development workflows.
• Configure this setting with:
  • Beta settings in Docker Desktop GUI
  • Settings Management: enableDockerMCPToolkit setting in the admin-settings.json file

Enable Wasm

• Description: Enable Wasm to run Wasm workloads.
• OS: All
• Use case: Run WebAssembly applications and modules within Docker containers.
• Configure this setting with:
  • Beta settings in Docker Desktop GUI

Enable Compose Bridge

• Description: Enable Compose Bridge.
• OS: All
• Use case: Turn on enhanced Compose features and integrations.
• Configure this setting with:
  • Beta settings in Docker Desktop GUI

Notifications settings

Status updates on tasks and processes

• Description: General informational messages displayed within Docker Desktop.
• OS: All
• Use case: Control visibility of operational status messages and process updates.
• Configure this setting with:
  • Notifications settings in Docker Desktop GUI

Recommendations from Docker

• Description: Promotional content and feature recommendations displayed in Docker Desktop.
• OS: All
• Use case: Manage exposure to Docker marketing content and feature promotions.
• Configure this setting with:
  • Notifications settings in Docker Desktop GUI

Docker announcements

• Description: General announcements and news displayed within Docker Desktop.
• OS: All
• Use case: Control visibility of Docker-wide announcements and important updates.
• Configure this setting with:
  • Notifications settings in Docker Desktop GUI

Docker surveys

• Description: Survey invitations and feedback requests displayed to users.
• OS: All
• Use case: Manage user participation in Docker product feedback and research.
• Configure this setting with:
  • Notifications settings in Docker Desktop GUI

Docker Scout Notification pop-ups

• Description: In-application notifications from Docker Scout vulnerability scanning.
• OS: All
• Use case: Control visibility of vulnerability scan results and security recommendations.
• Configure this setting with:
  • Notifications settings in Docker Desktop GUI

Docker Scout OS notifications

• Description: Operating system-level notifications from Docker Scout.
• OS: All
• Use case: Receive Scout security alerts through the system notification center.
• Configure this setting with:
  • Notifications settings in Docker Desktop GUI

Advanced settings

Configure installation of Docker CLI

• Description: File system location where Docker CLI binaries are installed.
• OS: All
• Use case: Customize CLI installation location for compliance or tooling integration requirements.
• Configure this setting with:
  • Advanced settings in Docker Desktop GUI

Allow the default Docker socket to be used

• Description: By default, enhanced container isolation blocks bind-mounting the Docker Engine socket into containers (e.g., docker run -v /var/run/docker.sock:/var/run/docker.sock ...). This lets you relax this in a controlled way. See ECI Configuration for more info.
• OS: All
• Use case: Support Docker-in-Docker scenarios, CI agents, or tools like Testcontainers while maintaining Enhanced Container Isolation.
• Configure this setting with:
  • Advanced settings in Docker Desktop GUI
  • Settings Management: dockerSocketMount setting in the admin-settings.json file

Allow privileged port mapping

• Description: Permission to bind container ports to privileged ports (1-1024) on the host.
• OS: Mac only
• Use case: Allow containers to use standard service ports like HTTP (80) or HTTPS (443).
• Configure this setting with:
  • Advanced settings in Docker Desktop GUI

Settings not available in Docker Desktop

The following settings aren’t shown in the Docker Desktop GUI. You can only configure them using Settings Management with the Admin Console or the admin-settings.json file.

Block docker load

• Description: Prevent users from loading local Docker images using the docker load command.
• OS: All
• Use case: Enforce image provenance by requiring all images to come from registries.
• Configure this setting with:
  • Settings Management: blockDockerLoad setting in the admin-settings.json file

Note

In hardened environments, enable and lock this setting. This forces all images to come from your secure, scanned registry.

Expose Docker API on TCP 2375

• Description: Exposes the Docker API over an unauthenticated TCP socket on port 2375. Only recommended for isolated and protected environments.
• OS: Windows only
• Use case: Support legacy integrations that require TCP API access.
• Configure this setting with:
  • Settings Management: exposeDockerAPIOnTCP2375 in the admin-settings.json file

Note

In hardened environments, disable and lock this setting. This ensures the Docker API is only reachable via the secure internal socket.

Air-gapped container proxy

• Description: HTTP/HTTPS proxy configuration for containers in air-gapped environments.
• OS: All
• Use case: Provide controlled network access for containers in offline or restricted network environments.
• Configure this setting with:
  • Settings Management: containersProxy setting in the admin-settings.json file

Example

"containersProxy": {   "locked": true,   "mode": "manual",   "http": "",   "https": "",   "exclude": [],   "pac": "",   "transparentPorts": "" }

Docker socket access control (ECI exceptions)

• Description: Specific images and commands allowed to use the Docker socket when Enhanced Container Isolation is active.
• OS: All
• Use case: Support tools like Testcontainers, LocalStack, or CI systems that need Docker socket access while maintaining security.
• Configure this setting with:
  • Settings Management: enhancedContainerIsolation > dockerSocketMount in the admin-settings.json file

Example

"enhancedContainerIsolation": {   "locked": true,   "value": true,   "dockerSocketMount": {     "imageList": {       "images": [         "docker.io/localstack/localstack:*",         "docker.io/testcontainers/ryuk:*"       ]     },     "commandList": {       "type": "deny",       "commands": ["push"]     }   } }

Allow beta features

• Description: Access to Docker Desktop features in public beta.
• OS: All
• Use case: Provide early access to features in development for testing and feedback.
• Configure this setting with:
  • Settings Management: allowBetaFeatures setting in the admin-settings.json file

Note

In hardened environments, disable and lock this setting.

Docker daemon options (Linux or Windows)

• Description: Override the Docker daemon configuration used in Linux or Windows containers.
• OS: All
• Use case: Configure advanced daemon options without modifying local configuration files.
• Configure this setting with:
  • Settings Management: linuxVM.dockerDaemonOptions or windowsContainers.dockerDaemonOptions in the admin-settings.json file

Note

In hardened environments, provide a vetted JSON config and lock it so no overrides are possible.

VPNKit CIDR

• Description: Network subnet used for Docker Desktop's internal VPNKit DHCP/DNS services.
• OS: Mac only
• Use case: Prevent IP address conflicts in environments with overlapping network subnets.
• Configure this setting with:
  • Settings Management: vpnkitCIDR setting in the admin-settings.json file
  • Settings Management: VPN Kit CIDR setting in the Admin Console

Note

In hardened environments, lock to an approved, non-conflicting CIDR.

Enable Kerberos and NTLM authentication

• Description: Enterprise proxy authentication support for Kerberos and NTLM protocols.
• OS: All
• Use case: Support enterprise proxy servers that require Kerberos or NTLM authentication.
• Configure this setting with:
  • Settings Management: proxy.enableKerberosNtlm in the admin-settings.json file