Policies

ModelsExpand Collapse

DevicePolicyCertificates { enabled }

enabled: boolean

The current status of the device policy certificate provisioning feature for WARP clients.

FallbackDomain { suffix, description, dns_server }

suffix: string

The domain suffix to match when resolving locally.

description?: string

A description of the fallback domain, displayed in the client UI.

maxLength100

dns_server?: Array<string>

A list of IP addresses to handle domain resolution.

FallbackDomainPolicy = Array<FallbackDomain { suffix, description, dns_server } > | null

suffix: string

The domain suffix to match when resolving locally.

description?: string

A description of the fallback domain, displayed in the client UI.

maxLength100

dns_server?: Array<string>

A list of IP addresses to handle domain resolution.

SettingsPolicy { allow_mode_switch, allow_updates, allowed_to_leave, 25 more }

allow_mode_switch?: boolean

Whether to allow the user to switch WARP between modes.

allow_updates?: boolean

Whether to receive update notifications when a new version of the client is available.

allowed_to_leave?: boolean

Whether to allow devices to leave the organization.

auto_connect?: number

The amount of time in seconds to reconnect after having been disabled.

captive_portal?: number

Turn on the captive portal after the specified amount of time.

default?: boolean

Whether the policy is the default policy for an account.

description?: string

A description of the policy.

maxLength500

disable_auto_fallback?: boolean

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

enabled?: boolean

Whether the policy will be applied to matching devices.

exclude?: Array<SplitTunnelExclude>

List of routes excluded in the WARP client’s tunnel.

One of the following:

TeamsDevicesExcludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesExcludeSplitTunnelWithHost { host, description }

host: string

The domain name to exclude from the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

exclude_office_ips?: boolean

Whether to add Microsoft IPs to Split Tunnel exclusions.

fallback_domains?: Array<FallbackDomain { suffix, description, dns_server } >

suffix: string

The domain suffix to match when resolving locally.

description?: string

A description of the fallback domain, displayed in the client UI.

maxLength100

dns_server?: Array<string>

A list of IP addresses to handle domain resolution.

gateway_unique_id?: string

include?: Array<SplitTunnelInclude>

List of routes included in the WARP client’s tunnel.

One of the following:

TeamsDevicesIncludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesIncludeSplitTunnelWithHost { host, description }

host: string

The domain name to include in the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

lan_allow_minutes?: number

The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.

lan_allow_subnet_size?: number

The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.

match?: string

The wirefilter expression to match devices. Available values: “identity.email”, “identity.groups.id”, “identity.groups.name”, “identity.groups.email”, “identity.service_token_uuid”, “identity.saml_attributes”, “network”, “os.name”, “os.version”.

maxLength500

name?: string

The name of the device settings profile.

maxLength100

policy_id?: string

maxLength36

precedence?: number

The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.

register_interface_ip_with_dns?: boolean

Determines if the operating system will register WARP’s local interface IP with your on-premises DNS server.

sccm_vpn_boundary_support?: boolean

Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

service_mode_v2?: ServiceModeV2 { mode, port }

mode?: string

The mode to run the WARP client under.

port?: number

The port number when used with proxy mode.

support_url?: string

The URL to launch when the Send Feedback button is clicked.

switch_locked?: boolean

Whether to allow the user to turn off the WARP switch and disconnect the client.

target_tests?: Array<TargetTest>

id?: string

The id of the DEX test targeting this policy.

name?: string

The name of the DEX test targeting this policy.

tunnel_protocol?: string

Determines which tunnel protocol to use.

virtual_networks?: VirtualNetworks | null

Virtual network access settings for the device.

allowed: Array<string>

List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required.

default: string

The default virtual network ID. Must be included in the allowed list.

formatuuid

SplitTunnelExclude = TeamsDevicesExcludeSplitTunnelWithAddress { address, description } | TeamsDevicesExcludeSplitTunnelWithHost { host, description }

One of the following:

TeamsDevicesExcludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesExcludeSplitTunnelWithHost { host, description }

host: string

The domain name to exclude from the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

SplitTunnelInclude = TeamsDevicesIncludeSplitTunnelWithAddress { address, description } | TeamsDevicesIncludeSplitTunnelWithHost { host, description }

One of the following:

TeamsDevicesIncludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesIncludeSplitTunnelWithHost { host, description }

host: string

The domain name to include in the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

PoliciesDefault

Get the default device settings profile

client.zeroTrust.devices.policies.default.get(, ?): DefaultGetResponse { allow_mode_switch, allow_updates, allowed_to_leave, 18 more } | null

GET/accounts/{account_id}/devices/policy

Update the default device settings profile

client.zeroTrust.devices.policies.default.edit(, ?): DefaultEditResponse { allow_mode_switch, allow_updates, allowed_to_leave, 18 more } | null

PATCH/accounts/{account_id}/devices/policy

ModelsExpand Collapse

DefaultGetResponse { allow_mode_switch, allow_updates, allowed_to_leave, 18 more }

allow_mode_switch?: boolean

Whether to allow the user to switch WARP between modes.

allow_updates?: boolean

Whether to receive update notifications when a new version of the client is available.

allowed_to_leave?: boolean

Whether to allow devices to leave the organization.

auto_connect?: number

The amount of time in seconds to reconnect after having been disabled.

captive_portal?: number

Turn on the captive portal after the specified amount of time.

default?: boolean

Whether the policy will be applied to matching devices.

disable_auto_fallback?: boolean

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

enabled?: boolean

Whether the policy will be applied to matching devices.

exclude?: Array<SplitTunnelExclude>

List of routes excluded in the WARP client’s tunnel.

One of the following:

TeamsDevicesExcludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesExcludeSplitTunnelWithHost { host, description }

host: string

The domain name to exclude from the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

exclude_office_ips?: boolean

Whether to add Microsoft IPs to Split Tunnel exclusions.

fallback_domains?: Array<FallbackDomain { suffix, description, dns_server } >

suffix: string

The domain suffix to match when resolving locally.

description?: string

A description of the fallback domain, displayed in the client UI.

maxLength100

dns_server?: Array<string>

A list of IP addresses to handle domain resolution.

gateway_unique_id?: string

include?: Array<SplitTunnelInclude>

List of routes included in the WARP client’s tunnel.

One of the following:

TeamsDevicesIncludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesIncludeSplitTunnelWithHost { host, description }

host: string

The domain name to include in the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

policy_id?: string

maxLength36

register_interface_ip_with_dns?: boolean

Determines if the operating system will register WARP’s local interface IP with your on-premises DNS server.

sccm_vpn_boundary_support?: boolean

Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

service_mode_v2?: ServiceModeV2 { mode, port }

mode?: string

The mode to run the WARP client under.

port?: number

The port number when used with proxy mode.

support_url?: string

The URL to launch when the Send Feedback button is clicked.

switch_locked?: boolean

Whether to allow the user to turn off the WARP switch and disconnect the client.

tunnel_protocol?: string

Determines which tunnel protocol to use.

virtual_networks?: VirtualNetworks | null

Virtual network access settings for the device.

allowed: Array<string>

List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required.

default: string

The default virtual network ID. Must be included in the allowed list.

formatuuid

DefaultEditResponse { allow_mode_switch, allow_updates, allowed_to_leave, 18 more }

allow_mode_switch?: boolean

Whether to allow the user to switch WARP between modes.

allow_updates?: boolean

Whether to receive update notifications when a new version of the client is available.

allowed_to_leave?: boolean

Whether to allow devices to leave the organization.

auto_connect?: number

The amount of time in seconds to reconnect after having been disabled.

captive_portal?: number

Turn on the captive portal after the specified amount of time.

default?: boolean

Whether the policy will be applied to matching devices.

disable_auto_fallback?: boolean

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

enabled?: boolean

Whether the policy will be applied to matching devices.

exclude?: Array<SplitTunnelExclude>

List of routes excluded in the WARP client’s tunnel.

One of the following:

TeamsDevicesExcludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesExcludeSplitTunnelWithHost { host, description }

host: string

The domain name to exclude from the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

exclude_office_ips?: boolean

Whether to add Microsoft IPs to Split Tunnel exclusions.

fallback_domains?: Array<FallbackDomain { suffix, description, dns_server } >

suffix: string

The domain suffix to match when resolving locally.

description?: string

A description of the fallback domain, displayed in the client UI.

maxLength100

dns_server?: Array<string>

A list of IP addresses to handle domain resolution.

gateway_unique_id?: string

include?: Array<SplitTunnelInclude>

List of routes included in the WARP client’s tunnel.

One of the following:

TeamsDevicesIncludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesIncludeSplitTunnelWithHost { host, description }

host: string

The domain name to include in the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

policy_id?: string

maxLength36

register_interface_ip_with_dns?: boolean

Determines if the operating system will register WARP’s local interface IP with your on-premises DNS server.

sccm_vpn_boundary_support?: boolean

Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

service_mode_v2?: ServiceModeV2 { mode, port }

mode?: string

The mode to run the WARP client under.

port?: number

The port number when used with proxy mode.

support_url?: string

The URL to launch when the Send Feedback button is clicked.

switch_locked?: boolean

Whether to allow the user to turn off the WARP switch and disconnect the client.

tunnel_protocol?: string

Determines which tunnel protocol to use.

virtual_networks?: VirtualNetworks | null

Virtual network access settings for the device.

allowed: Array<string>

List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required.

default: string

The default virtual network ID. Must be included in the allowed list.

formatuuid

PoliciesDefaultExcludes

Get the Split Tunnel exclude list

client.zeroTrust.devices.policies.default.excludes.get(, ?): SinglePage<SplitTunnelExclude>

GET/accounts/{account_id}/devices/policy/exclude

Set the Split Tunnel exclude list

client.zeroTrust.devices.policies.default.excludes.update(, ?): SinglePage<SplitTunnelExclude>

PUT/accounts/{account_id}/devices/policy/exclude

PoliciesDefaultIncludes

Get the Split Tunnel include list

client.zeroTrust.devices.policies.default.includes.get(, ?): SinglePage<SplitTunnelInclude>

GET/accounts/{account_id}/devices/policy/include

Set the Split Tunnel include list

client.zeroTrust.devices.policies.default.includes.update(, ?): SinglePage<SplitTunnelInclude>

PUT/accounts/{account_id}/devices/policy/include

PoliciesDefaultFallback Domains

Get your Local Domain Fallback list

client.zeroTrust.devices.policies.default.fallbackDomains.get(, ?): SinglePage<FallbackDomain { suffix, description, dns_server } >

GET/accounts/{account_id}/devices/policy/fallback_domains

Set your Local Domain Fallback list

client.zeroTrust.devices.policies.default.fallbackDomains.update(, ?): SinglePage<FallbackDomain { suffix, description, dns_server } >

PUT/accounts/{account_id}/devices/policy/fallback_domains

PoliciesDefaultCertificates

Get device certificate provisioning status

client.zeroTrust.devices.policies.default.certificates.get(, ?): DevicePolicyCertificates { enabled } | null

GET/zones/{zone_id}/devices/policy/certificates

Update device certificate provisioning status

client.zeroTrust.devices.policies.default.certificates.edit(, ?): DevicePolicyCertificates { enabled } | null

PATCH/zones/{zone_id}/devices/policy/certificates

PoliciesCustom

List device settings profiles

client.zeroTrust.devices.policies.custom.list(, ?): SinglePage<SettingsPolicy { allow_mode_switch, allow_updates, allowed_to_leave, 25 more } >

GET/accounts/{account_id}/devices/policies

Get device settings profile by ID

client.zeroTrust.devices.policies.custom.get(, , ?): SettingsPolicy { allow_mode_switch, allow_updates, allowed_to_leave, 25 more } | null

GET/accounts/{account_id}/devices/policy/{policy_id}

Create a device settings profile

client.zeroTrust.devices.policies.custom.create(, ?): SettingsPolicy { allow_mode_switch, allow_updates, allowed_to_leave, 25 more } | null

POST/accounts/{account_id}/devices/policy

Update a device settings profile

client.zeroTrust.devices.policies.custom.edit(, , ?): SettingsPolicy { allow_mode_switch, allow_updates, allowed_to_leave, 25 more } | null

PATCH/accounts/{account_id}/devices/policy/{policy_id}

Delete a device settings profile

client.zeroTrust.devices.policies.custom.delete(, , ?): SinglePage<SettingsPolicy { allow_mode_switch, allow_updates, allowed_to_leave, 25 more } >

DELETE/accounts/{account_id}/devices/policy/{policy_id}

PoliciesCustomExcludes

Get the Split Tunnel exclude list for a device settings profile

client.zeroTrust.devices.policies.custom.excludes.get(, , ?): SinglePage<SplitTunnelExclude>

GET/accounts/{account_id}/devices/policy/{policy_id}/exclude

Set the Split Tunnel exclude list for a device settings profile

client.zeroTrust.devices.policies.custom.excludes.update(, , ?): SinglePage<SplitTunnelExclude>

PUT/accounts/{account_id}/devices/policy/{policy_id}/exclude

PoliciesCustomIncludes

Get the Split Tunnel include list for a device settings profile

client.zeroTrust.devices.policies.custom.includes.get(, , ?): SinglePage<SplitTunnelInclude>

GET/accounts/{account_id}/devices/policy/{policy_id}/include

Set the Split Tunnel include list for a device settings profile

client.zeroTrust.devices.policies.custom.includes.update(, , ?): SinglePage<SplitTunnelInclude>

PUT/accounts/{account_id}/devices/policy/{policy_id}/include

PoliciesCustomFallback Domains

Get the Local Domain Fallback list for a device settings profile

client.zeroTrust.devices.policies.custom.fallbackDomains.get(, , ?): SinglePage<FallbackDomain { suffix, description, dns_server } >

GET/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains

Set the Local Domain Fallback list for a device settings profile

client.zeroTrust.devices.policies.custom.fallbackDomains.update(, , ?): SinglePage<FallbackDomain { suffix, description, dns_server } >

PUT/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains