Update the default device settings profile

client.zeroTrust.devices.policies.default.edit(, ?): DefaultEditResponse { allow_mode_switch, allow_updates, allowed_to_leave, 19 more } | null

PATCH/accounts/{account_id}/devices/policy

Updates the default device settings profile for an account.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Zero Trust Write

ParametersExpand Collapse

params: DefaultEditParams { account_id, allow_mode_switch, allow_updates, 17 more }

account_id: string

Path param

allow_mode_switch?: boolean

Body param: Whether to allow the user to switch WARP between modes.

allow_updates?: boolean

Body param: Whether to receive update notifications when a new version of the client is available.

allowed_to_leave?: boolean

Body param: Whether to allow devices to leave the organization.

auto_connect?: number

Body param: The amount of time in seconds to reconnect after having been disabled.

captive_portal?: number

Body param: Turn on the captive portal after the specified amount of time.

disable_auto_fallback?: boolean

Body param: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

dns_search_suffixes?: Array<DNSSearchSuffix>

Body param: List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear.

suffix: string

The DNS search suffix to append when resolving short hostnames.

description?: string

A description of the DNS search suffix.

exclude?: Array<SplitTunnelExclude>

Body param: List of routes excluded in the WARP client’s tunnel. Both ‘exclude’ and ‘include’ cannot be set in the same request.

One of the following:

TeamsDevicesExcludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesExcludeSplitTunnelWithHost { host, description }

host: string

The domain name to exclude from the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

exclude_office_ips?: boolean

Body param: Whether to add Microsoft IPs to Split Tunnel exclusions.

include?: Array<SplitTunnelInclude>

Body param: List of routes included in the WARP client’s tunnel. Both ‘exclude’ and ‘include’ cannot be set in the same request.

One of the following:

TeamsDevicesIncludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesIncludeSplitTunnelWithHost { host, description }

host: string

The domain name to include in the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

lan_allow_minutes?: number

Body param: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.

lan_allow_subnet_size?: number

Body param: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.

register_interface_ip_with_dns?: boolean

Body param: Determines if the operating system will register WARP’s local interface IP with your on-premises DNS server.

sccm_vpn_boundary_support?: boolean

Body param: Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

service_mode_v2?: ServiceModeV2

Body param

mode?: string

The mode to run the WARP client under.

port?: number

The port number when used with proxy mode.

support_url?: string

Body param: The URL to launch when the Send Feedback button is clicked.

switch_locked?: boolean

Body param: Whether to allow the user to turn off the WARP switch and disconnect the client.

tunnel_protocol?: string

Body param: Determines which tunnel protocol to use.

virtual_networks?: VirtualNetworks | null

Body param: Virtual network access settings for the device.

allowed: Array<string>

List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required.

default: string

The default virtual network ID. Must be included in the allowed list.

formatuuid

ReturnsExpand Collapse

DefaultEditResponse { allow_mode_switch, allow_updates, allowed_to_leave, 19 more }

allow_mode_switch?: boolean

Whether to allow the user to switch WARP between modes.

allow_updates?: boolean

Whether to receive update notifications when a new version of the client is available.

allowed_to_leave?: boolean

Whether to allow devices to leave the organization.

auto_connect?: number

The amount of time in seconds to reconnect after having been disabled.

captive_portal?: number

Turn on the captive portal after the specified amount of time.

default?: boolean

Whether the policy will be applied to matching devices.

disable_auto_fallback?: boolean

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

dns_search_suffixes?: Array<DNSSearchSuffix>

List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear.

suffix: string

The DNS search suffix to append when resolving short hostnames.

description?: string

A description of the DNS search suffix.

enabled?: boolean

Whether the policy will be applied to matching devices.

exclude?: Array<SplitTunnelExclude>

List of routes excluded in the WARP client’s tunnel.

One of the following:

TeamsDevicesExcludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesExcludeSplitTunnelWithHost { host, description }

host: string

The domain name to exclude from the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

exclude_office_ips?: boolean

Whether to add Microsoft IPs to Split Tunnel exclusions.

fallback_domains?: Array<FallbackDomain { suffix, description, dns_server } >

suffix: string

The domain suffix to match when resolving locally.

description?: string

A description of the fallback domain, displayed in the client UI.

maxLength100

dns_server?: Array<string>

A list of IP addresses to handle domain resolution.

gateway_unique_id?: string

include?: Array<SplitTunnelInclude>

List of routes included in the WARP client’s tunnel.

One of the following:

TeamsDevicesIncludeSplitTunnelWithAddress { address, description }

address: string

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

TeamsDevicesIncludeSplitTunnelWithHost { host, description }

host: string

The domain name to include in the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

policy_id?: string

maxLength36

register_interface_ip_with_dns?: boolean

Determines if the operating system will register WARP’s local interface IP with your on-premises DNS server.

sccm_vpn_boundary_support?: boolean

Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

service_mode_v2?: ServiceModeV2 { mode, port }

mode?: string

The mode to run the WARP client under.

port?: number

The port number when used with proxy mode.

support_url?: string

The URL to launch when the Send Feedback button is clicked.

switch_locked?: boolean

Whether to allow the user to turn off the WARP switch and disconnect the client.

tunnel_protocol?: string

Determines which tunnel protocol to use.

virtual_networks?: VirtualNetworks | null

Virtual network access settings for the device.

allowed: Array<string>

List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required.

default: string

The default virtual network ID. Must be included in the allowed list.

formatuuid

Update the default device settings profile

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const response = await client.zeroTrust.devices.policies.default.edit({
  account_id: '699d98642c564d2e855e9661899b7252',
});

console.log(response.gateway_unique_id);

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "allow_mode_switch": true,
    "allow_updates": true,
    "allowed_to_leave": true,
    "auto_connect": 0,
    "captive_portal": 180,
    "default": true,
    "disable_auto_fallback": true,
    "dns_search_suffixes": [
      {
        "suffix": "internal.corp",
        "description": "Example internal domains"
      }
    ],
    "enabled": true,
    "exclude": [
      {
        "address": "192.0.2.0/24",
        "description": "Exclude testing domains from the tunnel"
      }
    ],
    "exclude_office_ips": true,
    "fallback_domains": [
      {
        "suffix": "example.com",
        "description": "Domain bypass for local development",
        "dns_server": [
          "1.1.1.1"
        ]
      }
    ],
    "gateway_unique_id": "699d98642c564d2e855e9661899b7252",
    "include": [
      {
        "address": "192.0.2.0/24",
        "description": "Include testing domains in the tunnel"
      }
    ],
    "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "register_interface_ip_with_dns": true,
    "sccm_vpn_boundary_support": false,
    "service_mode_v2": {
      "mode": "proxy",
      "port": 3000
    },
    "support_url": "https://1.1.1.1/help",
    "switch_locked": true,
    "tunnel_protocol": "wireguard",
    "virtual_networks": {
      "allowed": [
        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
      ],
      "default": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
    }
  },
  "success": true
}

Returns Examples

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "allow_mode_switch": true,
    "allow_updates": true,
    "allowed_to_leave": true,
    "auto_connect": 0,
    "captive_portal": 180,
    "default": true,
    "disable_auto_fallback": true,
    "dns_search_suffixes": [
      {
        "suffix": "internal.corp",
        "description": "Example internal domains"
      }
    ],
    "enabled": true,
    "exclude": [
      {
        "address": "192.0.2.0/24",
        "description": "Exclude testing domains from the tunnel"
      }
    ],
    "exclude_office_ips": true,
    "fallback_domains": [
      {
        "suffix": "example.com",
        "description": "Domain bypass for local development",
        "dns_server": [
          "1.1.1.1"
        ]
      }
    ],
    "gateway_unique_id": "699d98642c564d2e855e9661899b7252",
    "include": [
      {
        "address": "192.0.2.0/24",
        "description": "Include testing domains in the tunnel"
      }
    ],
    "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "register_interface_ip_with_dns": true,
    "sccm_vpn_boundary_support": false,
    "service_mode_v2": {
      "mode": "proxy",
      "port": 3000
    },
    "support_url": "https://1.1.1.1/help",
    "switch_locked": true,
    "tunnel_protocol": "wireguard",
    "virtual_networks": {
      "allowed": [
        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
      ],
      "default": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
    }
  },
  "success": true
}