cloudflare · haleycode · May 7, 2025 · May 7, 2025
@@ -30,7 +30,7 @@ Cloudflare supports WARP client versions for at least one year from release. Aft
 
 #### Managed devices
 
-JAMF, InTune, and other MDM tools perform software updates by installing a new binary file. If you deployed WARP using a [device management tool](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/), the update procedure will look exactly the same as your initial installation. To update WARP, simply push the [latest binary file](/cloudflare-one/connections/connect-devices/warp/download-warp/) with the same deployment parameters. End users will not be signed out of their client, and they will not have to manually engage with the update.
+JAMF, Intune, and other MDM tools perform software updates by installing a new binary file. If you deployed WARP using a [device management tool](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/), the update procedure will look exactly the same as your initial installation. To update WARP, simply push the [latest binary file](/cloudflare-one/connections/connect-devices/warp/download-warp/) with the same deployment parameters. End users will not be signed out of their client, and they will not have to manually engage with the update.
 
 #### Unmanaged devices
 

@@ -42,5 +42,5 @@ If you already have a certificate that you use for other inspection or trust pur
 - If you are using WARP Connector to connect devices to Cloudflare, those devices will not be able to leverage HTTP policies that require decrypting TLS unless they have a certificate that matches either your uploaded certificate or the Cloudflare root certificate. It is more likely that your network infrastructure already has your own device certificates deployed, so using the existing PKI infrastructure for inspection will reduce the number of steps needed to deploy Zero Trust.
 
 :::note[MDM deployments]
-Many customers [deploy WARP](/learning-paths/replace-vpn/connect-devices/) onto devices in production using an MDM tool like JAMF or InTune. Cloudflare has the ability to deploy a root certificate along with the device, but this could be more consistently and holistically configured within the MDM, where other certificates are presumably managed, trusted, and stored.
+Many customers [deploy WARP](/learning-paths/replace-vpn/connect-devices/) onto devices in production using an MDM tool like JAMF or Intune. Cloudflare has the ability to deploy a root certificate along with the device, but this could be more consistently and holistically configured within the MDM, where other certificates are presumably managed, trusted, and stored.
 :::
@@ -50,7 +50,7 @@ Cloudflare's [Zero Trust Network Access](https://www.cloudflare.com/zero-trust/p
 Microsoft and Cloudflare can be integrated in the following ways.
 
 - Using Microsoft [Entra ID](https://learn.microsoft.com/en-us/entra/fundamentals/whatis) for authentication to all Cloudflare protected resources
-- Leveraging Microsoft [InTune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune) device posture in Cloudflare policies to ensure only managed, trusted devices have access to protected resources
+- Leveraging Microsoft [Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune) device posture in Cloudflare policies to ensure only managed, trusted devices have access to protected resources
 - Using Cloudflare [CASB](/cloudflare-one/applications/casb/) to inspect your [Microsoft 365](https://www.microsoft.com/en-us/microsoft-365/what-is-microsoft-365) tenants and alert on security findings for incorrectly configured accounts and shared files containing sensitive data
 - Using Cloudflare's [Secure Web Gateway](/cloudflare-one/policies/gateway/) to control access to Microsoft SaaS applications such as Outlook, OneDrive and Teams
 - Using Cloudflare's [Email Security](/email-security/) service to increase protection of email from phishing attacks and business email compromise.
@@ -65,9 +65,9 @@ Cloudflare's integration with Entra ID allows you to leverage your identities in
 
 ![Figure 1: Microsoft Entra ID integrates with Cloudflare for ZTNA access to SaaS and self hosted applications.](~/assets/images/reference-architecture/cloudflare-sase-with-microsoft/cloudflare-sase-with-microsoft-fig1.svg "Figure 1: Microsoft Entra ID integrates with Cloudflare for ZTNA access to SaaS and self hosted applications.")
 
-### Microsoft InTune with Cloudflare
+### Microsoft Intune with Cloudflare
 
-Cloudflare is able to enforce access policies that include information about device posture. InTune can be integrated into Cloudflare so that information about InTune managed and protected devices can be used to enforce access control to Cloudflare protected resources.
+Cloudflare is able to enforce access policies that include information about device posture. Intune can be integrated into Cloudflare so that information about Intune managed and protected devices can be used to enforce access control to Cloudflare protected resources.
 
 - With a device connected using our [agent](/cloudflare-one/connections/connect-devices/warp/), Cloudflare's ZTNA service can leverage the enhanced telemetry and context provided by Intune regarding a user's device posture and compliance state.
 - Intune provides detailed information about the security status and configuration of user devices, enabling more informed access control decisions.
@@ -104,7 +104,7 @@ It is also possible to configure cloud email security to scan [Microsoft 365 inb
 
 ## Summary
 
-By leveraging Cloudflare and its integrations with Microsoft, organizations can establish a Zero Trust security posture that goes beyond the limitations of traditional network security models. With Cloudflare's Zero Trust Network Access (ZTNA), organizations can replace self hosted VPNs and enforce conditional access based on user identity and device posture. The integration with Microsoft Entra ID allows for authentication and access control, while Microsoft InTune provides device posture information. Additionally, Cloudflare's CASB offers visibility into the security of Microsoft 365 configuration, the Secure Web Gateway inspects and filters traffic to Microsoft 365, and Email Security protects against phishing attacks, ensuring a secure and compliant environment. This approach enables faster and more secure access to applications, while providing granular control over user access based on identity and device posture.
+By leveraging Cloudflare and its integrations with Microsoft, organizations can establish a Zero Trust security posture that goes beyond the limitations of traditional network security models. With Cloudflare's Zero Trust Network Access (ZTNA), organizations can replace self hosted VPNs and enforce conditional access based on user identity and device posture. The integration with Microsoft Entra ID allows for authentication and access control, while Microsoft Intune provides device posture information. Additionally, Cloudflare's CASB offers visibility into the security of Microsoft 365 configuration, the Secure Web Gateway inspects and filters traffic to Microsoft 365, and Email Security protects against phishing attacks, ensuring a secure and compliant environment. This approach enables faster and more secure access to applications, while providing granular control over user access based on identity and device posture.
 
 ![Figure 4: A summary of Cloudflare SASE and Microsoft integrations.](~/assets/images/reference-architecture/cloudflare-sase-with-microsoft/cloudflare-sase-with-microsoft-fig4.svg "Figure 4: A summary of Cloudflare SASE and Microsoft integrations")
 

@@ -146,7 +146,7 @@ Companies use device posture to prove that a connection is coming from a trusted
 
 As your security organization grows and you begin to implement data loss prevention (DLP) strategies and tools, this becomes doubly important. If your users can theoretically access sensitive data without applying a burden of proof to the device used for access, users may be able to (intentionally or inadvertently) circumvent your security tooling and create the risk of exfiltration, or at a minimum, blind spots for your visibility and auditability.
 
-Common device posture strategies usually rely on a combination of an endpoint management tool (like JAMF, InTune, etc.), a corporate certificate, and security tooling like EDR software that might sit on the device. Some of this tooling can fingerprint your devices in a way that can be externally validated where supported. In order to achieve Zero Trust access controls with device posture validation, an endpoint agent from the Zero Trust vendor typically needs to be deployed on the devices. Then, it is used to 'independently' verify a claim from a third party vendor before applying that device state to be used in a policy. When evaluating vendors, it is important to evaluate their ability to poll for state relatively frequently, so that they are adhering to the Zero Trust policy philosophy for “continuous evaluation” of state.
+Common device posture strategies usually rely on a combination of an endpoint management tool (like JAMF, Intune, etc.), a corporate certificate, and security tooling like EDR software that might sit on the device. Some of this tooling can fingerprint your devices in a way that can be externally validated where supported. In order to achieve Zero Trust access controls with device posture validation, an endpoint agent from the Zero Trust vendor typically needs to be deployed on the devices. Then, it is used to 'independently' verify a claim from a third party vendor before applying that device state to be used in a policy. When evaluating vendors, it is important to evaluate their ability to poll for state relatively frequently, so that they are adhering to the Zero Trust policy philosophy for “continuous evaluation” of state.
 
 #### Where does Cloudflare fit in?
 

@@ -49,7 +49,7 @@ The above diagram shows the variety of ways in which traffic can on-ramp to Clou
 7. Traffic egresses Cloudflare with a specific IP. The SaaS application is configured to allow all traffic coming from that address.
 
 :::note[XDR platform integrations]
-When integrating with an XDR platform such as Crowdstrike, Sentinel One or Microsoft InTune, device posture is also available for any authenticated user because Cloudflare matches the identity with the user in the XDR system and device posture information is evaluated.
+When integrating with an XDR platform such as Crowdstrike, Sentinel One or Microsoft Intune, device posture is also available for any authenticated user because Cloudflare matches the identity with the user in the XDR system and device posture information is evaluated.
 :::
 
 ## Example policy