edits to scenarios

deadlypants1973 · deadlypants1973 · commit b536cd5b7314 · 2025-02-20T12:55:47.000Z
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx
@@ -27,32 +27,24 @@ WARP settings define the WARP client modes and permissions available to end user
 
 :::note
 
-To enable **Admin override**, you must have first enabled the [**Lock WARP switch**](#lock-warp-switch).
+To use **Admin override**, you must first have enabled the [**Lock WARP switch**](#lock-warp-switch).
 
 :::
 
-When **Admin override** is turned on, end users can turn off the WARP client using an override code provided by an admin.
-
-To enable **Admin override**:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**.
-2. Toggle **Admin override** on.
-3. (Optional) Set the **Timeout** to your desired time. **Timeout** is set to 1 hour by default.
+When the [**Lock WARP switch**](#lock-warp-switch) is enabled, users cannot turn the WARP client off on their device. Enabling **Admin override** gives users the ability to turn off the WARP client using an override code provided by an admin.
 
 **Admin override** allows end users to momentarily turn off WARP with an override code to work around a temporary network issue (for example, an incompatible public Wi-Fi, or a firewall at a customer site blocking the connection).
 
-As admin, you can set a **Timeout** to define how long a user can toggle on or off the WARP switch after entering the override code. Cloudflare generates a new override code every hour that the admin can access and send to end users. The override code's validity adheres to fixed-hour time blocks and aims to be generous to the end user. For example, if admin generates a code with a **Timeout** of one hour at 9:00 AM and the end user inputs the override code in their device at 9:59AM, the user will be able to toggle WARP on and off until 10:59AM (a one hour duration.)
+As admin, you can set a **Timeout** to define how long a user can toggle the WARP switch on or off after entering the override code. Cloudflare generates a new override code every hour that an admin can send to end users. The override code's validity adheres to fixed-hour time blocks and aims to be generous to the end user.
 
-However, if admin generates an override code at 9:00 AM that has a one hour Timeout and the user attempts to enter it at 10:00 AM, the override code will not work.
+:::caution[Troubleshooting]
 
-If an admin generated an override code at 9:00 AM and set a **Timeout** to three hours, a user who enters the override code at 9:59 AM would be able to toggle WARP off for three hours (until 12:59 PM). A user who enters the same override code at 10AM would only be able to toggle WARP off for two hours (until 12 PM) because the 9:00 AM hour block would be counted as used.
+To learn more about override code timeouts and how Cloudflare calculates an override code's valid duration, refer to [Troubleshooting](/cloudflare-one/faq/troubleshooting/#i-entered-an-override-code-for-warp-that-was-supposed-to-be-valid-for-3-hours-but-the-override-code-expired-faster-than-i-expected).
 
-To learn more about override code timeouts and how Cloudflare calculates an override code's validity, refer to Troubleshooting.
+If [**Auto connect**](#auto-connect) is enabled, WARP will turn on even when using a **Admin override**. Refer to [Troubleshooting](/cloudflare-one/faq/troubleshooting/#i-disabled-warp-using-an-override-code-but-warp-turned-on-by-itself-before-my-override-code-expired) for more details.
 
 :::
 
-Be aware that if [**Auto connect**](#auto-connect) is enabled, WARP will turn on according to the value set by **Auto connect** even when an override code has been entered by the user. To prevent WARP from auto connecting, temporarily disable **Auto connect** or temporarily set a longer **Timeout** for **Auto connect**.
-
 #### Retrieve the override code
 
 To retrieve the one-time code for a user:
@@ -181,13 +173,6 @@ For more details on WireGuard versus MASQUE, refer to our [blog post](https://bl
 
 Allows the user to turn off the WARP switch and disconnect the client.
 
-To enable the Lock WARP switch:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**.
-2. Find the profile you would like to enable the Lock WARP switch for and select the three dot icon next to the profile.
-3. Select **Configure**.
-4. Under **Configure settings**, toggle the **Lock WARP switch** on.
-
 **Value:**
 
 - `Disabled`: (default) The user is able to turn the WARP switch on or off at their discretion. When the WARP switch is off, the user will not have the ability to reach sites protected by Access that leverage certain device posture checks.
diff --git a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
@@ -270,4 +270,30 @@ Turning off TLS decryption should be a temporary measure. TLS decryption should
 
 ## I entered an override code for WARP that was supposed to be valid for 3 hours but the override code expired faster than I expected.
 
+[Admin override](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#admin-override) codes are time-sensitive and adhere to fixed-hour time blocks. An override code's validity is attached to the hour it was generated in. Override codes cannot be reused after their timeout has expired. When an override code timeout has expired, the user must receive a new override code from the admin. Refer to the following scenarios.
+
+### Scenario one: Admin generates an override code at 9:00 AM with a timeout of one hour.
+
+If admin generates an override code with a timeout of one hour at **9:00 AM** and the user inputs the override code in their device at **9:59 AM**, the user will be able to toggle WARP on and off until **10:59 AM** (a one hour duration.)
+
+However, if the user attempts to enter the override code at **10:00 AM**, the override code will not work. The override code will not work because the override code was generated at **9:00 AM** and its one hour validity was counted as used in the 9:00 AM to 10:00 AM hour.
+
+### Scenario two: Admin generates an override code at 9:30 AM with timeout of three hours.
+
+If admin generates an override code with a timeout of three hours at **9:30 AM** and the user inputs the override code in their device at **9:59 AM**, the user will be able to toggle WARP on and off until **12:59 PM** (a three hour duration.)
+
+However, if the user attempts to enter the override code at **10:00 AM**, the override code will only be valid until **12:00 PM** (a two hour duration). The override code was generated at **9:30 AM** and one hour of its total three hour validity was counted as used in the 9:00 AM to 10:00 AM hour.
+
+### Scenariot three: Admin generates an override code at 12:30 PM with a timeout of 24 hours.
+
+If admin generates an override code with a timeout of 24 hours at **12:00 PM** and the user inputs the override code in their device at **12:59 PM** the same day, the user will be able to toggle WARP on and off until **12:59 PM** the next day (a 24 hour duration.)
+
+However, if the user attempts to enter the override code at **1:00 PM** the same day, the override code will only be valid until **11:00 AM** the next day (a 23 hour duration). The override code was generated at **12:00 PM** and one hour of its total 24 hour validity was counted as used in the 12:00 PM to 1:00 PM hour.
+
+If the user attempts to enter the override code at **12:59 PM** the next day, the override code will only be valid until **1:59 PM** (a one hour duration). The override code was generated at **12:00 PM** and 23 hours of its total 24 hour validity were counted as used from 12:00 PM to 11:00 AM the next day (a 23 hour duration).
+
 ## I disabled WARP using an override code but WARP turned on by itself before my override code expired.
+
+If you are using an [Admin override](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#admin-override) code with [Auto connect](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#auto-connect) enabled, WARP will turn on automatically according to the Timeout set for **Auto connect** even when an override code has been entered by the user.
+
+To prevent WARP from auto connecting while using an admin override code, temporarily disable **Auto connect** or temporarily set a longer **Timeout** for **Auto connect**.
