Docker Desktop 4.36: New Enterprise Administration Features, WSL 2, and ECI Enhancements

Key features of the Docker Desktop 4.36 release include:

• New administration features for Docker Business subscription:
  • Enforce sign-in with macOS configuration profiles (Early Access Program)
  • Enforce sign-in for more than one organization at a time (Early Access Program)
  • Deploy Docker Desktop for Mac in bulk with the PKG installer (Early Access Program)
  • Use Desktop Settings Management to manage and enforce defaults via Admin Console (Early Access Program)
  • Enhanced Container Isolation (ECI) improvements
• Additional improvements:
  • WSL 2 is now faster, more reliable, and has enhanced security with mono distribution

Docker Desktop 4.36 introduces powerful updates to simplify enterprise administration and enhance security. This release features streamlined macOS sign-in enforcement via configuration profiles, enabling IT administrators to deploy tamper-proof policies at scale, alongside a new PKG installer for efficient, consistent deployments. Enhancements like the unified WSL 2 mono distribution improve startup speeds and workflows, while updates to Enhanced Container Isolation (ECI) and Desktop Settings Management allow for greater flexibility and centralized policy enforcement. These innovations empower organizations to maintain compliance, boost productivity, and streamline Docker Desktop management across diverse enterprise environments.

Sign-in enforcement: Streamlined alternative for organizations for macOS

Recognizing the need for streamlined and secure ways to enforce sign-in protocols, Docker is introducing a new sign-in enforcement mechanism for macOS configuration profiles. This Early Access update delivers significant business benefits by enabling IT administrators to enforce sign-in policies quickly, ensuring compliance and maximizing the value of Docker subscriptions.

Key benefits

• Fast deployment and rollout: Configuration profiles can be rapidly deployed across a fleet of devices using Mobile Device Management (MDM) solutions, making it easy for IT admins to enforce sign-in requirements and other policies without manual intervention.
• Tamper-proof enforcement: Configuration profiles ensure that enforced policies, such as sign-in requirements, cannot be bypassed or disabled by users, providing a secure and reliable way to manage access to Docker Desktop (Figure 1).
• Support for multiple organizations: More than one organization can now be defined in the allowedOrgs field, offering flexibility for users who need access to Docker Desktop under multiple organizational accounts (Figure 2).

How it works

macOS configuration profiles are XML files that contain specific settings to control and manage macOS device behavior. These profiles allow IT administrators to:

• Restrict access to Docker Desktop unless the user is authenticated.
• Prevent users from disabling or bypassing sign-in enforcement.

By distributing these profiles through MDM solutions, IT admins can manage large device fleets efficiently and consistently enforce organizational policies.

[Link]Figure 1: macOS configuration profile in use. [Link]Figure 2: macOS configuration profile in use with multiple allowedOrgs visible.

Configuration profiles, along with the Windows Registry key, are the latest examples of how Docker helps streamline administration and management.

Enforce sign-in for multiple organizations

Docker now supports enforcing sign-in for more than one organization at a time, providing greater flexibility for users working across multiple teams or enterprises. The allowedOrgs field now accepts multiple strings, enabling IT admins to define more than one organization via any supported configuration method, including:

• registry.json
• Windows Registry key
• macOS plist
• macOS configuration profile

This enhancement makes it easier to enforce login policies across diverse organizational setups, streamlining access management while maintaining security (Figure 3).

Learn more about the various sign-in enforcement methods.

[Link]Figure 3: Docker Desktop when sign-in is enforced across multiple organizations. The blue highlights indicate the allowed company domains.

Deploy Docker Desktop for macOS in bulk with the PKG installer

Managing large-scale Docker Desktop deployments on macOS just got easier with the new PKG installer. Designed for enterprises and IT admins, the PKG installer offers significant advantages over the traditional DMG installer, streamlining the deployment process and enhancing security.

• Ease of use: Automate installations and reduce manual steps, minimizing user error and IT support requests.
• Consistency: Deliver a professional and predictable installation experience that meets enterprise standards.
• Streamlined deployment: Simplify software rollouts for macOS devices, saving time and resources during bulk installations.
• Enhanced security: Benefit from improved security measures that reduce the risk of tampering and ensure compliance with enterprise policies.

You can download the PKG installer via Admin Console > Security and Access > Deploy Docker Desktop > macOS. Options for both Intel and Arm architectures are also available for macOS and Windows, ensuring compatibility across devices.

Start deploying Docker Desktop more efficiently and securely today via the Admin Console (Figure 4).

[Link]Figure 4: Admin Console with PKG installer download options.

Desktop Settings Management (Early Access)

Managing Docker Desktop settings at scale is now easier than ever with the new Desktop Settings Management, available in Early Access for Docker Business customers. Admins can centrally deploy and enforce settings policies for Docker Desktop directly from the cloud via the Admin Console, ensuring consistency and efficiency across their organization.

Here's what's available now:

• Admin Console policies: Configure and enforce default Docker Desktop settings from the Admin Console.
• Quick import: Import existing configurations from an admin-settings.json file for seamless migration.
• Export and share: Export policies as JSON files to easily share with security and compliance teams.
• Targeted testing: Roll out policies to a smaller group of users for testing before deploying globally.

What's next?

Although the Desktop Settings Management feature is in Early Access, we're actively building additional functionality to enhance it, such as compliance reporting and automated policy enforcement capabilities. Stay tuned for more!

This is just the beginning of a powerful new way to simplify Docker Desktop management and ensure organizational compliance. Try it out now and help shape the future of settings management: Admin Console > Security and Access > Desktop Settings Management (Figure 5).

[Link]Figure 5: Admin console with Desktop Settings Management.

Streamlining data workflow with WSL 2 mono distribution

Simplify the Windows Subsystem for Linux (WSL 2) setup by eliminating the need to maintain two separate Docker Desktop WSL distributions. This update streamlines the WSL 2 configuration by consolidating the previously required dual Docker Desktop WSL distributions into a single distribution, now available on both macOS and Windows operating systems.

The simplification of Docker Desktop's WSL 2 setup is designed to make the codebase easier to understand and maintain. This enhances the ability to handle failures more effectively and increases the startup speed of Docker Desktop on WSL 2, allowing users to begin their work more quickly.

The value of streamlining data workflows and relocating data to a different drive on macOS and Windows with the WSL 2 backend in Docker Desktop encompasses these key areas:

• Improved performance: By separating data and system files, I/O contention between system operations and data operations is reduced, leading to faster access and processing.
• Enhanced storage management: Separating data from the main system drives allows for more efficient use of space.
• Increased flexibility with cross-platform compatibility: Ensuring consistent data workflows across different operating systems (macOS and Windows), especially when using Docker Desktop with WSL 2.
• Enhanced Docker performance: Docker performs better when processing data on a drive optimized for such tasks, reducing latency and improving container performance.

By implementing these practices, organizations can achieve more efficient, flexible, and high-performing data workflows, leveraging Docker Desktop's capabilities on both macOS and Windows platforms.

Enhanced Container Isolation (ECI) improvements

• Allow any container to mount the Docker socket: Admins can now configure permissions to allow all containers to mount the Docker socket by adding * or *:* to the ECI Docker socket mount permission image list. This simplifies scenarios where broad access is required while maintaining security configuration through centralized control. Learn more in the advanced configuration documentation.
• Improved support for derived image permissions: The Docker socket mount permissions for derived images feature now supports wildcard tags (e.g., alpine:*), enabling admins to grant permissions for all versions of an image. Previously, specific tags like alpine:latest had to be listed, which was restrictive and required ongoing maintenance. Learn more about managing derived image permissions.

These enhancements reduce administrative overhead while maintaining a high level of security and control, making it easier to manage complex environments.

Upgrade now

The Docker Desktop 4.36 release introduces a suite of features designed to simplify enterprise administration, improve security, and enhance operational efficiency. From enabling centralized policy enforcement with Desktop Settings Management to streamlining deployments with the macOS PKG installer, Docker continues to empower IT administrators with the tools they need to manage Docker Desktop at scale.

The improvements in Enhanced Container Isolation (ECI) and WSL 2 workflows further demonstrate Docker's commitment to innovation, providing solutions that optimize performance, reduce complexity, and ensure compliance across diverse enterprise environments.

As businesses adopt increasingly complex development ecosystems, these updates highlight Docker's focus on meeting the unique needs of enterprise teams, helping them stay agile, secure, and productive. Whether you're managing access for multiple organizations, deploying tools across platforms, or leveraging enhanced image permissions, Docker Desktop 4.36 sets a new standard for enterprise administration.

Start exploring these powerful new features today and unlock the full potential of Docker Desktop for your organization.

Learn more

• Subscribe to the Docker Newsletter.
• Authenticate and update to receive your subscription level's newest Docker Desktop features.
• Learn about our sign-in enforcement options.
• Learn more about host networking support.
• New to Docker? Create an account.
• Have questions? The Docker community is here to help.

Public link

Please use the above public link if you want to share this noodl on another website.