Skip to content

Managed deployment

Organizations can deploy WARP automatically to their fleet of devices in a single operation. The WARP client is compatible with the vast majority of managed deployment workflows, including mobility management solutions such as Intune or JAMF, or by executing an .msi file on desktop machines.

This page provides generic instructions for an automated deployment. If you want to deploy the WARP client manually, refer to the instructions for manual deployment.

Prerequisites

Visit the Download page to review system requirements and download the installer for your operating system.

Windows

The WARP Client for Windows allows for an automated install via tools like Intune, AD, or any script or management tool that can execute a .msi file.

Install WARP

To install the WARP client, run the following command:

Terminal window
msiexec /i "Cloudflare_WARP_<VERSION>.msi" /qn ORGANIZATION="your-team-name" SUPPORT_URL="http://support.example.com"

Refer to deployment parameters for a description of each argument.

Uninstall WARP

To uninstall the WARP client:

  1. First, locate the .msi package with the following PowerShell command:
PowerShell
Get-WmiObject Win32_Product | Where-Object { $_.Name -match "WARP" } | Sort-Object -Property Name | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize
IdentifyingNumber Name LocalPackage
----------------- ---- ------------
{5RA4DJWK-13D8-2NSX-QRF8-UANLODWD6D90} Cloudflare WARP C:\WINDOWS\Installer\3f476db.msi
  1. You can then use the LocalPackage output in the uninstall command. For example,
PowerShell
msiexec /x C:\WINDOWS\Installer\<WARP_RELEASE>.msi /quiet

Update the configuration

The on-disk configuration of the Windows client can be changed at any time by modifying or replacing the contents of C:\ProgramData\Cloudflare\mdm.xml. The format of this file is as follows:

<dict>
<key>organization</key>
<string>your-team-name</string>
<key>onboarding</key>
<false/>
</dict>

Changes to this file are processed immediately by the WARP client.

Authenticate in embedded browser

By default WARP will use the user’s default browser to perform registration. You can override the default setting to instead authenticate users in an embedded browser. The embedded browser will work around any protocol handler issues that may prevent the default browser from launching.

To use an embedded browser:

  1. Download and install WebView2 by following the Microsoft instructions.
  2. Add a registry key with the following command:
    REG ADD HKLM\SOFTWARE\Cloudflare\CloudflareWARP /f /v UseWebView2 /t REG_SZ /d y

The WARP client will now launch WebView2 when the user is registering their device with Zero Trust.

macOS

The Cloudflare WARP macOS client allows for an automated install via tools like Jamf, Intune, Kandji, or JumpCloud or any script or management tool that can place a com.cloudflare.warp.plist file in /Library/Managed Preferences on a supported macOS device. Additionally this plist can be wrapped in a .mobileconfig.

Create plist file

  1. Download an example com.cloudflare.warp.plist file.

  2. Modify the file with your desired deployment arguments.

  3. (Optional) If you want to manually place the file in /Library/Managed Preferences (rather than use a management tool), convert the plist into binary format:

Terminal window
plutil -convert binary1 com.cloudflare.warp.plist

The plist must be pushed by an MDM tool in order to persist after reboot. Manually-placed files will be automatically deleted by the OS.

Create mobileconfig file

  1. Download an example .mobileconfig file.

  2. Run uuidgen from your macOS Terminal. This will generate a value for PayloadUUID, which you can use to replace the default value used for PayloadUUID.

  3. Modify the file with your desired deployment arguments.

Linux

The WARP Client for Linux allows for an automated install via the presence of an mdm.xml file in /var/lib/cloudflare-warp.

The format of /var/lib/cloudflare-warp/mdm.xml is as follows:

<dict>
<key>organization</key>
<string>your-team-name</string>
</dict>

Refer to deployment parameters for a list of accepted arguments.

iOS

The Cloudflare WARP iOS client, known in the App Store as Cloudflare One Agent, allows for an automated install via tools like Jamf, Intune, or SimpleMDM.

To proceed with the installation, here is an example of the XML code you will need:

<dict>
<key>organization</key>
<string>your-team-name</string>
<key>auto_connect</key>
<integer>1</integer>
<key>switch_locked</key>
<false />
<key>service_mode</key>
<string>warp</string>
<key>support_url</key>
<string>https://support.example.com</string>
</dict>

Refer to deployment parameters for a description of each argument.

Android

The Cloudflare WARP Android client, known in the Google Play store as Cloudflare One Agent, allows for an automated install via tools like Intune, Google Endpoint Manager, and others.

To proceed with the installation, here is an example of the XML code you will need:

<key>organization</key>
<string>your-team-name</string>
<key>enable</key>
<true />
<key>gateway_unique_id</key>
<string>your_gateway_doh_subdomain</string>
<key>service_mode</key>
<string>warp</string>
<key>support_url</key>
<string>https://support.example.com</string>

If your MDM tool does not support XML, you may need to convert the XML to JSON. Here is an example below:

{
"organization": "your-team-name",
"gateway_unique_id": "your_gateway_doh_subdomain",
"onboarding": true,
"switch_locked": true,
"auto_connect": 0,
"service_mode": "warp",
"support_url": "https://support.example.com"
}

Refer to deployment parameters for a description of each value.