The Cloudflare WARP client supports manual installs, deployment scripts, or advanced enterprise management tools, such as Microsoft Intune or Jamf.
To start using Cloudflare for Teams, ensure you perform the following steps prior to configuring the WARP client to connect to your Teams organization:
Configure a device enrollment policy to allow devices to enroll in your organization
- Visit your Teams dashboard and navigate to the Devices page to find the Device Settings button.
- Click the Device Settings button.
- Configure a rule to defines who should be allowed to enroll in your Gateway organization. In this example, only users with cloudflare.com email addresses who successfully authenticate during device enrollment through the WARP client will be able to enroll in the organization. This rule prevents outsider users from sending traffic through your account and will give your organization the ability to capture user profile logs and apply profile-specific rules.
Choose a location's DoH subdomain for DNS policy enforcement via the WARP client
- Your organization has a DoH subdomain for the entire account. You can create additional subdomains for specific locations or groups, if needed.
Obtain your Cloudflare for Teams auth domain
- Visit your Teams dashboard and navigate to the Authentication page under Access to find the Auth Domain configuration section.
- Configure a unique Auth Domain for your account. This domain will be used as your Gateway organization name in the WARP client during user and device enrollment. The Auth Domain represents your organization's Teams account and is used across both Access and Gateway.
Download the Cloudflare root certificate and install it on the device
If your organization plans to inspect HTTP traffic, you must download the Cloudflare for Teams certificate on any device being enrolled.
Install the WARP client and log in with Cloudflare for Teams
Configure clients to protect DNS and HTTP traffic
Cloudflare for Teams has three available modes that can be used with the client.
|Mode||Description||DNS Filtering||HTTP Filtering|
|DNS only||DoH-based filtering||Yes||No|
|DNS with WARP+||DoH-based filtering with encrypted WARP+ traffic||Yes||No|
|HTTP filtering||DoH-based filtering, HTTP filtering, and encrypted WARP+ traffic||Yes||Yes|