add protocol launcher instructions

Author: ranbel

src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/protocol-handler.mdx

@@ -6,7 +6,7 @@ sidebar:
   label: Automated WARP registration
 ---
 
-import { Render, GlossaryTooltip } from "~/components";
+import { Render, GlossaryTooltip, Tabs, TabItem } from "~/components";
 
 Administrators can automate WARP registration on managed devices and minimize the number of clicks required from an end user.
 
@@ -23,7 +23,7 @@ This guide covers how to eliminate steps 1, 2 and 4 from your WARP deployment.
 If you are looking to eliminate all user interaction, you can [enroll devices using service tokens](/cloudflare-one/connections/connect-devices/warp/deployment/device-enrollment/#check-for-service-token). Because users are not required to log in to an identity provider, identity-based policies and logging will not be available on these devices.
 :::
 
-## Turn off onboarding screen
+## Turn off onboarding screens
 
 To skip the Terms and Conditions screens that are usually presented to users, set the [`onboarding` parameter](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/) to `false` in your [MDM deployment file](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/). Here is an example `mdm.xml` file:
 
@@ -42,17 +42,137 @@ If you are only using one identity provider for device enrollment, turn on **Ins
 
 ## Allow browser to launch WARP
 
-You can pre-configure your browser to automatically launch the Cloudflare WARP application from your <GlossaryTooltip term="team domain">Zero Trust team domain</GlossaryTooltip>. This will allow the user to skip the **Open Cloudflare WARP.app** popup that is shown after a successful login.
+You can configure your browser to automatically launch the Cloudflare WARP application after a successful login and skip the **Open Cloudflare WARP.app** popup.
 
 ![Browser popup requesting permission to open WARP](~/assets/images/cloudflare-one/connections/warp-protocol-handler.png)
 
-### Windows
+### Chromium-based browsers
+
+Chromium-based browsers such as Google Chrome and Microsoft Edge have a policy setting called [AutoLaunchProtocolsFromOrigins](https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#autolaunchprotocolsfromorigins). This setting takes in two parameters: a protocol for the browser to launch and the origins that are allowed to launch it. For the browser to launch WARP, you need to set the protocol to `com.cloudflare.warp` and the origin to your <GlossaryTooltip term="team domain">Zero Trust team domain</GlossaryTooltip> (`https://<your-team-name>.cloudflareaccess.com`).
+
+<Tabs>
+<TabItem label="Windows">
+On Windows, you can configure `AutoLaunchProtocolsFromOrigins` by adding a new registry key.
+
+To add the registry key manually:
+1. Open Registry Editor as Administrator.
+2. Navigate to the policies folder for your browser:
+	 - Google Chrome: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome`
+	 - Microsoft Edge: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge`
+	:::note
+	You may need to create the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome` folder if it does not already exist.
+	:::
+3. Create a new string value:
+	- **Value Name**: `AutoLaunchProtocolsFromOrigins`
+	- **Value Data**: `[{"allowed_origins": ["https://<your-team-name>.cloudflareaccess.com/"], "protocol": "com.cloudflare.warp"}]`
+
+	Be sure to replace `<team-name>` with your actual <GlossaryTooltip term="team name">Zero Trust team name</GlossaryTooltip>.
+
+Instead of using the Registry Editor, the registry key can also be created using a Group Policy Object (GPO), PowerShell script, or with an MDM tool such as [Intune](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune/#update-mdm-parameters).
+
+</TabItem>
+<TabItem label="macOS">
+
+On macOS, you can configure `AutoLaunchProtocolsFromOrigins` by deploying a property list (plist) file for the browser. The exact instructions will vary depending on your [MDM tool](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/). The general procedure is as follows:
+
+1. Create a new plist file with the following name (case sensitive):
+	- Google Chrome: `com.google.Chrome.plist`
+	- Microsoft Edge: `com.microsoft.Edge.plist`
+
+2. Using a text editor, add the following content to your plist:
+
+	```xml
+	<key>AutoLaunchProtocolsFromOrigins</key>
+	<array>
+		<dict>
+			<key>allowed_origins</key>
+			<array>
+				<string>https://your-team-name.cloudflareaccess.com</string>
+			</array>
+			<key>protocol</key>
+			<string>com.cloudflare.warp</string>
+		</dict>
+	</array>
+	```
+
+3. Some MDM tools require converting the `.plist` to a `.mobileconfig` before pushing it to a device. You can use a [file converter](https://github.com/timsutton/mcxToProfile) or modify the following example `com.google.Chrome.mobileconfig`:
+
+		```xml
+		<?xml version="1.0" encoding="UTF-8"?>
+		<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+		<plist version="1.0">
+		<dict>
+				<key>PayloadIdentifier</key>
+				<string>com.google.chrome</string>
+				<key>PayloadRemovalDisallowed</key>
+				<true/>
+				<key>PayloadScope</key>
+				<string>System</string>
+				<key>PayloadType</key>
+				<string>Configuration</string>
+				<key>PayloadUUID</key>
+				<string>8FCBDCA7-87B3-4610-A01A-B0FE4C5B57C8</string>
+				<key>PayloadOrganization</key>
+				<string></string>
+				<key>PayloadVersion</key>
+				<integer>1</integer>
+				<key>PayloadDisplayName</key>
+				<string>Google Chrome Policy</string>
+				<key>PayloadContent</key>
+				<array>
+						<dict>
+								<key>PayloadType</key>
+								<string>com.apple.ManagedClient.preferences</string>
+								<key>PayloadVersion</key>
+								<integer>1</integer>
+								<key>PayloadIdentifier</key>
+								<string>com.normandale</string>
+								<key>PayloadUUID</key>
+								<string>8FCBDCA7-87B3-4610-A01A-B0FE4C5B57C8</string>
+								<key>PayloadEnabled</key>
+								<true/>
+								<key>PayloadDisplayName</key>
+								<string>Custom: (com.google.Chrome)</string>
+								<key>PayloadContent</key>
+								<dict>
+										<key>com.google.Chrome</key>
+										<dict>
+												<key>Forced</key>
+												<array>
+														<dict>
+																<key>mcx_preference_settings</key>
+																<dict>
+																		<key>AutoLaunchProtocolsFromOrigins</key>
+																		<array>
+																		<dict>
+																		<key>allowed_origins</key>
+																		<array>
+																		<string>https://your-team-name.cloudflareaccess.com</string>
+																		</array>
+																		<key>protocol</key>
+																		<string>com.cloudflare.warp</string>
+																		</dict>
+																		</array>
+																</dict>
+														</dict>
+												</array>
+										</dict>
+								</dict>
+						</dict>
+				</array>
+		</dict>
+		</plist>
+		```
+4. Upload the `.plist` or `.mobileconfig` file to your preferred MDM tool.
+5. Deploy the configuration profile to your devices.
+
+For more information on configuring browser policies on macOS, refer to the [Google Chrome](https://support.google.com/chrome/a/answer/9020077?hl=en&ref_topic=7650028&sjid=15337530832025656704-NA) or [Microsoft Edge]((https://learn.microsoft.com/en-us/deployedge/configure-microsoft-edge-on-mac)) documentation.
+
+</TabItem>
+</Tabs>
 
 
 
-### macOS
-
-