From f4a4be63f73603a3dcd328f1c39bd36f31db5aeb Mon Sep 17 00:00:00 2001
From: Stephanie Aurelio <133041642+stephaurelio@users.noreply.github.com>
Date: Thu, 16 Nov 2023 14:01:08 -0800
Subject: [PATCH] update ram caveat list (#18701)

---
 content/security/for-admins/registry-access-management.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/security/for-admins/registry-access-management.md b/content/security/for-admins/registry-access-management.md
index c890b9089a2..82f065c81e4 100644
--- a/content/security/for-admins/registry-access-management.md
+++ b/content/security/for-admins/registry-access-management.md
@@ -49,9 +49,9 @@ The new Registry Access Management policy takes effect after the developer succe
 
 ## Caveats
 
-There are certain limitations when using Registry Access Management; they are as follows:
+There are certain limitations when using Registry Access Management:
 
-- Windows image pulls, and image builds are not restricted
+- Windows image pulls and image builds are not restricted by default. For Registry Access Management to take effect on Windows Container mode, you must allow the Windows Docker daemon to use Docker Desktop's internal proxy by selecting the [Use proxy for Windows Docker daemon](../../desktop/settings/windows.md/#proxies) setting.
 - Builds such as `docker buildx` using a Kubernetes driver are not restricted
 - Builds such as `docker buildx` using a custom docker-container driver are not restricted
 - Blocking is DNS-based; you must use a registry's access control mechanisms to distinguish between “push” and “pull”