turn off WARP auth for RDP

Author: ranbel

src/content/docs/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser.mdx

@@ -123,6 +123,7 @@ Ensure that only **Allow** or **Block** policies are present. **Bypass** and **S
 19. Select **Save**.
 
 ## 5. (Recommended) Modify order of precedence in Gateway
+
 <Render file="access/modify-gateway-policy-precedence" product="cloudflare-one" params={{ selector: "Access Infrastructure Target", protocol: "rdp" }} />
 
 ## 6. Connect as a user
@@ -216,7 +217,7 @@ Cloudflare will not configure user identifiers on the RDP target. Any user ident
 ## Known limitations
 
 - **TLS certificate verification**: Cloudflare uses TLS to connect to the RDP target but does not verify the origin TLS certificate.
-- **WARP authentication**: Users cannot authenticate to RDP targets using their [WARP session identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/#configure-warp-sessions-in-access).
+- **WARP authentication**: Since browser-based RDP traffic does not go through the WARP client, users cannot use their [WARP session identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/#configure-warp-sessions-in-access) to authenticate.
 - **Audio over RDP**: Users cannot use their microphone and speaker to interact with the remote machine.
 - **Clipboard controls**: Admins do not have the ability to restrict copy/paste actions between the remote machine and the user's local clipboard.
 - **File transfers**: Users cannot copy/paste files from their local machine to the remote machine and vice versa.

src/content/partials/cloudflare-one/access/modify-gateway-policy-precedence.mdx

@@ -4,13 +4,26 @@ params:
   - protocol
 ---
 
-By default, Cloudflare will evaluate Access application policies after evaluating all Gateway network policies. To evaluate Access applications before or after specific Gateway policies, create the following [Gateway network policy](/cloudflare-one/policies/gateway/network-policies/):
+By default, Cloudflare will evaluate Access application policies after evaluating all Gateway network policies. To evaluate Access applications before or after specific Gateway policies:
 
-| Selector                     | Operator | Value     | Action |
-| ---------------------------- | -------- | --------- | ------ |
-| {props.selector}             | is       | _Present_ | Allow  |
+<ol>
+<li>
+Create the following [Gateway network policy](/cloudflare-one/policies/gateway/network-policies/):
+
+	| Selector                     | Operator | Value     | Action |
+	| ---------------------------- | -------- | --------- | ------ |
+	| {props.selector}             | is       | _Present_ | Allow  |
+</li>
+
+{ props.protocol === "rdp" && (<> <li> Ensure that <strong>Enforce WARP client session duration</strong> is turned off, otherwise users will be blocked from accessing RDP targets. </li> </>)}
+
+<li>
+Update the policy's [order of precedence](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence) using the dashboard or API.
+</li>
+
+</ol>
+This Gateway policy will apply to all Access for Infrastructure targets, including RDP and SSH.
 
- { props.protocol === "rdp" && (<> Make sure that <strong>Enforce WARP client session duration</strong> is turned off, since RDP targets do not support WARP authentication. </>)} You can move this policy in the Gateway policy builder to change its [order of precedence](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence).
 
 :::note
 Users must pass the policies in your Access application before they are granted access. The Gateway Allow policy is strictly for routing and connectivity purposes.