Add plist config

Author: maxvp

src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx

@@ -180,7 +180,16 @@ Gateway uses Rust to evaluate regular expressions. The Rust implementation is sl
 
 ### Selector prerequisites
 
-The [Application](#application), [Content Categories](#content-categories), [Domain](#domain), and [Host](#host) selectors are only available for traffic onboarded to Gateway with [WARP](/cloudflare-one/connections/connect-devices/warp/), [PAC files](/cloudflare-one/connections/connect-devices/agentless/pac-files/), or [Browser Isolation](/cloudflare-one/policies/browser-isolation/). These selectors are not compatible with traffic onboarded to Gateway with [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/), [Magic WAN](/magic-wan/zero-trust/cloudflare-gateway/), or [WARP-to-WARP](/cloudflare-one/connections/connect-networks/private-net/warp-to-warp/).
+The [Application](#application), [Content Categories](#content-categories), [Domain](#domain), and [Host](#host) selectors are only available for traffic on-ramped to Gateway with the following methods:
+
+| On-ramp method                                                                             | Compatibility |
+| ------------------------------------------------------------------------------------------ | ------------- |
+| [WARP](/cloudflare-one/connections/connect-devices/warp/)                                  | ✅            |
+| [PAC files](/cloudflare-one/connections/connect-devices/agentless/pac-files/)              | ✅            |
+| [Browser Isolation](/cloudflare-one/policies/browser-isolation/)                           | ✅            |
+| [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/) | ❌            |
+| [Magic WAN](/magic-wan/zero-trust/cloudflare-gateway/)                                     | ❌            |
+| [WARP-to-WARP](/cloudflare-one/connections/connect-networks/private-net/warp-to-warp/)     | ❌            |
 
 To turn on the selectors for your account, use the [Patch Zero Trust account configuration](/api/resources/zero_trust/subresources/gateway/subresources/configurations/methods/edit/) endpoint. For example:
 
@@ -200,7 +209,17 @@ curl --request PATCH \
 
 Additionally, to use these selectors to filter traffic onboarded with WARP, you need to:
 
-1. Ensure you have deployed [WARP beta version 2025.4.589.1](/cloudflare-one/connections/connect-devices/warp/download-warp/beta-releases/) or later on your users' devices.
+1. Ensure you have deployed [WARP version 2025.4.929.0](/cloudflare-one/connections/connect-devices/warp/download-warp/beta-releases/) or later on your users' desktop devices. If you need to apply your policies to mobile devices or devices running a version of WARP prior to 2025.4.929.0, add and deploy the following key-value pair to your devices' [WARP configuration file](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/) (`mdm.xml` on Windows and Linux or `com.cloudflare.warp.plist` on macOS):
+
+   ```diff lang="xml"
+   <array>
+   	<dict>
+   +		<key>doh_in_tunnel</key>
+   +		<true/>
+   	</dict>
+   </array>
+   ```
+
 2. In your WARP [device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/), configure your [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) depending on the mode:
 
    <Tabs> <TabItem label="Exclude IPs and domains">