Cloudflare Docs
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Device serial numbers

Feature availability
Operating SystemsWARP mode requiredZero Trust plans
macOS, Windows, LinuxWARP with GatewayAll plans

Cloudflare Zero Trust allows you to build Zero Trust rules based on device serial numbers. You can create these rules so that access to applications is granted only to users connecting from company devices.

To create rules based on device serial numbers you’ll need to create a list of numbers using the Lists functionality in the Zero Trust Dashboard.

  1. On the Zero Trust dashboard, navigate to My Team > Lists.

  2. Click Create manual list or Upload CSV. For larger teams, it is recommended to upload a CSV or use Cloudflare’s API endpoint.

  3. Give your list a descriptive name, as this name will appear when configuring your Access policies.

    Create List

  4. Set List Type to Serial Number.

  5. Input the serial numbers of the devices your team manages, or upload your CSV file.

    Add Serial Number

  6. Click Save.

Once saved, the serial number list will appear in your list view.


Now you can create or update an existing Access policy to require that any device requesting access belongs to your list of serial numbers.

To do that:

  1. Navigate to Access > Applications.

  2. To add to an existing application, choose the specific resource from the Applications page in the Access section of the sidebar.

  3. Click Edit.

  4. Select the Rules tab and edit an existing rule. To add a new rule, click Add a Rule.

  5. Add a Require rule and choose Device Posture - Serial Number List from the drop-down menu.

  6. Choose the list of devices to require and click Save rule.

Once saved, any device attempting to reach the application will need to connect from a device that uses Cloudflare WARP and presents a serial number in the list created.

Determine the serial number

Operating systems display version numbers in different ways. This section covers how to retrieve the version number in each OS, in a format matching what the OS Version posture check expects.

On macOS

  1. Open a terminal window.
  2. Use the system_profiler command to check for the value of SPHardwareDataTypeng and retrieve the serial number.
    system_profiler SPHardwareDataTypeng

On Windows

  1. Open a Powershell window.
  2. Use the Get-CimInstance command to get the SerialNumber property of the Win32_BIOS class.
    Get-CimInstance Win32_BIOS

On Linux

  1. Open a Terminal Window
  2. Use the dmidecode command to get the version property system-serial-number.
    sudo dmidecode -s system-serial-number