From b00d7b8935cbff538e39fd621cffc8027aef14cb Mon Sep 17 00:00:00 2001
From: Ranbel Sun <ranbel@cloudflare.com>
Date: Wed, 4 Jun 2025 17:32:24 -0400
Subject: [PATCH 1/4] push mdm.xml with intune

---
 .../warp/deployment/mdm-deployment/index.mdx  |   2 +-
 .../mdm-deployment/partners/intune.mdx        | 106 +++++++++++++++---
 2 files changed, 89 insertions(+), 19 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/index.mdx
index e28316863f1df1..09e8a7f817447d 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/index.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/index.mdx
@@ -57,7 +57,7 @@ IdentifyingNumber                      Name            LocalPackage
 msiexec /x C:\WINDOWS\Installer\<WARP_RELEASE>.msi /quiet
 ```
 
-### Update the configuration
+### Update MDM parameters
 
 The on-disk configuration of the Windows client can be changed at any time by modifying or replacing the contents of `C:\ProgramData\Cloudflare\mdm.xml`. The format of this file is as follows:
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
index 3fbba26ddb419c..9c200373c4b8bb 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
@@ -10,30 +10,100 @@ This guide covers how to deploy the Cloudflare WARP client using Microsoft Intun
 
 ## Windows
 
-### Prerequisites
-
-[Download the `Cloudflare_WARP_<VERSION>.msi` installer](/cloudflare-one/connections/connect-devices/warp/download-warp/#windows).
-
-### Configure Intune for Windows
-
-1. Log in to your Microsoft Intune account.
-2. Go to **Apps** > **All Apps** > **Add**.
-3. In **App type**, select *Line-of-business app* from the drop-down menu. Select **Select**.
-4. Select **Select app package file** and upload the `Cloudflare_WARP_<VERSION>.msi` installer you downloaded previously.
-5. Select **OK**.
-6. In the **Name** field, we recommend entering the version number of the package being uploaded.
-7. In the **Publisher** field, we recommend entering `Cloudflare, Inc`.
-8. In the **Command-line arguments** field, enter a valid installation command. For example,
+### Deploy the WARP client
+
+To deploy WARP on Windows using Intune:
+
+1. [Download the `Cloudflare_WARP_<VERSION>.msi` installer](/cloudflare-one/connections/connect-devices/warp/download-warp/#windows).
+2. Log in to your Microsoft Intune account.
+3. Go to **Apps** > **All Apps** > **Add**.
+4. In **App type**, select *Line-of-business app* from the drop-down menu. Select **Select**.
+5. Select **Select app package file** and upload the `Cloudflare_WARP_<VERSION>.msi` installer you downloaded previously.
+6. Select **OK**.
+7. In the **Name** field, we recommend entering the version number of the package being uploaded.
+8. In the **Publisher** field, we recommend entering `Cloudflare, Inc`.
+9. In the **Command-line arguments** field, enter a valid installation command. For example,
    ```txt
    /qn ORGANIZATION="your-team-name" SUPPORT_URL="http://support.example.com"
    ```
-   Refer to [deployment parameters](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/) for a description of each argument.
-9. Select **Next**.
-10. Add the users or groups who require Cloudflare WARP and select **Next**.
-11. Review your configuration and select **Create**.
+   Refer to [deployment parameters](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/) for a description of each argument. You can change these parameters at any time by pushing a new [MDM file](#update-mdm-parameters).
+10. Select **Next**.
+11. Add the users or groups who require Cloudflare WARP and select **Next**.
+12. Review your configuration and select **Create**.
 
 Intune is now configured to deploy the WARP client.
 
+### Update MDM parameters
+
+You can use Intune to update [MDM parameters](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/) for the WARP client. On Windows, these parameters are stored on the local device in `C:\ProgramData\Cloudflare\mdm.xml`.
+
+To push a new `mdm.xml` file using Intune:
+
+1. Log in to your Microsoft Intune account.
+2. Go to **Devices** > **Scripts and remediations**.
+3. Select the **Platform scripts** tab and select **Add**.
+4. Select **Windows 10 and later**.
+5. Enter a name for the script (for example, `Deploy Cloudflare mdm.xml`).
+6. In **PowerShell script**, upload the following `.ps1` file. Be sure to modify the XML content with your desired [parameters](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/).
+
+		```powershell title="mdm-template.ps1"
+		# Define the path to the file
+		$filePath = "C:\ProgramData\Cloudflare\mdm.xml"
+
+		# Create the XML content as a string
+		$xmlContent = @"
+		<dict>
+			<key>multi_user</key>
+			<true/>
+			<key>pre_login</key>
+			<dict>
+				<key>organization</key>
+				<string>mycompany</string>
+				<key>auth_client_id</key>
+				<string>88bf3b6d86161464f6509f7219099e57.access</string>
+				<key>auth_client_secret</key>
+				<string>bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5</string>
+			</dict>
+			<key>configs</key>
+			<array>
+				<dict>
+					<key>organization</key>
+					<string>mycompany</string>
+					<key>display_name</key>
+					<string>Production environment</string>
+				</dict>
+				<dict>
+					<key>organization</key>
+					<string>test-org</string>
+					<key>display_name</key>
+					<string>Test environment</string>
+				</dict>
+			</array>
+		</dict>
+		"@
+
+		# Ensure the directory exists
+		$directory = Split-Path $filePath -parent
+		if (-not (Test-Path $directory)) {
+			New-Item -ItemType Directory -Path $directory | Out-Null
+		}
+
+		# Write the XML content to the file
+		try {
+			$xmlContent | Out-File -Encoding UTF8 -FilePath $filePath
+			Write-Host "mdm.xml file created successfully at: $filePath"
+		}
+		catch {
+			Write-Error "Failed to create mdm.xml file: $_"
+		}
+		```
+7. In **Assignments**, select the Windows devices that should receive the new `mdm.xml` file.
+8. When you are ready to deploy the script, select **Add**.
+
+Intune will now execute the Powershell script on the target devices. Once the new `mdm.xml` file is created, WARP will immediately start using the new configuration.
+
+If you would prefer to use Intune's Win32 App tool to run the Powershell script, refer to the [Intune documentation](https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-app-management).
+
 ## macOS
 
 Refer to the [generic instructions for macOS](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/#macos).

From 3e8e5217ec41a28f541a186ad705839d422bb0c0 Mon Sep 17 00:00:00 2001
From: Ranbel Sun <ranbel@cloudflare.com>
Date: Wed, 4 Jun 2025 17:35:22 -0400
Subject: [PATCH 2/4] overwrites the old file

---
 .../warp/deployment/mdm-deployment/partners/intune.mdx          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
index 9c200373c4b8bb..9a15af6808dfd5 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
@@ -100,7 +100,7 @@ To push a new `mdm.xml` file using Intune:
 7. In **Assignments**, select the Windows devices that should receive the new `mdm.xml` file.
 8. When you are ready to deploy the script, select **Add**.
 
-Intune will now execute the Powershell script on the target devices. Once the new `mdm.xml` file is created, WARP will immediately start using the new configuration.
+Intune will now execute the Powershell script on the target devices and overwrite the previous `mdm.xml` file. Once the new `mdm.xml` file is created, WARP will immediately start using the new configuration.
 
 If you would prefer to use Intune's Win32 App tool to run the Powershell script, refer to the [Intune documentation](https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-app-management).
 

From 9148827cb6c65517e16412d07af14cf538a764cb Mon Sep 17 00:00:00 2001
From: ranbel <101146722+ranbel@users.noreply.github.com>
Date: Mon, 16 Jun 2025 13:40:26 -0400
Subject: [PATCH 3/4] Apply suggestions from code review

Co-authored-by: Kate Tungusova <70746074+deadlypants1973@users.noreply.github.com>
---
 .../warp/deployment/mdm-deployment/partners/intune.mdx        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
index 9a15af6808dfd5..e9de780e4626be 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
@@ -98,11 +98,11 @@ To push a new `mdm.xml` file using Intune:
 		}
 		```
 7. In **Assignments**, select the Windows devices that should receive the new `mdm.xml` file.
-8. When you are ready to deploy the script, select **Add**.
+8. To deploy the script, select **Add**.
 
 Intune will now execute the Powershell script on the target devices and overwrite the previous `mdm.xml` file. Once the new `mdm.xml` file is created, WARP will immediately start using the new configuration.
 
-If you would prefer to use Intune's Win32 App tool to run the Powershell script, refer to the [Intune documentation](https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-app-management).
+If you prefer to use Intune's Win32 App tool to run the Powershell script, refer to the [Intune documentation](https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-app-management).
 
 ## macOS
 

From 8a372e2194e4d167277a1cd88d525d5527331338 Mon Sep 17 00:00:00 2001
From: ranbel <101146722+ranbel@users.noreply.github.com>
Date: Mon, 16 Jun 2025 13:42:48 -0400
Subject: [PATCH 4/4] Update intune.mdx

---
 .../warp/deployment/mdm-deployment/partners/intune.mdx         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
index e9de780e4626be..38adeb90f719da 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/intune.mdx
@@ -22,7 +22,8 @@ To deploy WARP on Windows using Intune:
 6. Select **OK**.
 7. In the **Name** field, we recommend entering the version number of the package being uploaded.
 8. In the **Publisher** field, we recommend entering `Cloudflare, Inc`.
-9. In the **Command-line arguments** field, enter a valid installation command. For example,
+9. In the **Command-line arguments** field, enter a valid installation command. 
+	 For example:
    ```txt
    /qn ORGANIZATION="your-team-name" SUPPORT_URL="http://support.example.com"
    ```