diff --git a/public/__redirects b/public/__redirects
index 1aaf7d55bb5d017..fbc138ffab4905e 100644
--- a/public/__redirects
+++ b/public/__redirects
@@ -2386,6 +2386,8 @@
 /cloudflare-one/identity/users/session-management/ /cloudflare-one/team-and-resources/users/session-management/ 301
 /cloudflare-one/identity/users/seat-management/ /cloudflare-one/team-and-resources/users/seat-management/ 301
 /cloudflare-one/identity/users/scim/ /cloudflare-one/team-and-resources/users/scim/ 301
+/cloudflare-one/applications/login-page/ /cloudflare-one/reusable-components/custom-pages/access-login-page/ 301
+/cloudflare-one/applications/block-page/ /cloudflare-one/reusable-components/custom-pages/access-block-page/ 301
 /cloudflare-one/connections/connect-devices/* /cloudflare-one/team-and-resources/devices/:splat 301
 /cloudflare-one/connections/connect-networks/* /cloudflare-one/networks/connectors/cloudflare-tunnel/:splat 301
 /cloudflare-one/policies/gateway/* /cloudflare-one/traffic-policies/:splat 301
@@ -2397,6 +2399,7 @@
 /cloudflare-one/identity/devices/service-providers/* /cloudflare-one/integrations/service-providers/:splat 301
 /cloudflare-one/applications/configure-apps/* /cloudflare-one/access-controls/applications/http-apps/:splat 301
 /cloudflare-one/applications/non-http/* /cloudflare-one/access-controls/applications/non-http/:splat 301
+/cloudflare-one/identity/devices/* /cloudflare-one/reusable-components/posture-checks/:splat 301
 
 # Learning paths
 
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls.mdx
index 4707624b1bd979b..0d65db2bebe9ca9 100644
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls.mdx
+++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls.mdx
@@ -24,7 +24,7 @@ However, if you want to update the Minimum TLS settings for all wildcard hostnam
 
 ## Enable mTLS
 
-Once you have [added a custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/), you can enable mTLS by using Cloudflare Access. Go to [Cloudflare Zero Trust](https://one.dash.cloudflare.com/) and [add mTLS authentication](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/) with a few clicks.
+Once you have [added a custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/), you can enable mTLS by using Cloudflare Access. Go to [Cloudflare Zero Trust](https://one.dash.cloudflare.com/) and [add mTLS authentication](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/) with a few clicks.
 
 :::note
 Currently, you cannot add mTLS policies for custom hostnames using [API Shield](/api-shield/security/mtls/).
diff --git a/src/content/docs/cloudflare-one/access-controls/applications/http-apps/mcp-servers/mcp-portals.mdx b/src/content/docs/cloudflare-one/access-controls/applications/http-apps/mcp-servers/mcp-portals.mdx
index 95d537ef3cf5dcb..13078aded81488e 100644
--- a/src/content/docs/cloudflare-one/access-controls/applications/http-apps/mcp-servers/mcp-portals.mdx
+++ b/src/content/docs/cloudflare-one/access-controls/applications/http-apps/mcp-servers/mcp-portals.mdx
@@ -107,7 +107,7 @@ Cloudflare Access automatically creates an Access application for each MCP serve
 3. To configure identity providers for the portal:
    1. Select the **Login methods** tab.
    2. Select the [identity providers](/cloudflare-one/integrations/identity-providers/) that you want to enable for your application.
-   3. (Recommended) If you plan to only allow access via a single identity provider, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
+   3. (Recommended) If you plan to only allow access via a single identity provider, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/reusable-components/custom-pages/access-login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
 4. To customize the block page:
    1. Select the **Experience settings** tab.
    2. <Render file="access/access-block-page" product="cloudflare-one" />
diff --git a/src/content/docs/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app.mdx b/src/content/docs/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app.mdx
index 4fd00718078c34c..611a6d0e175b4b5 100644
--- a/src/content/docs/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app.mdx
+++ b/src/content/docs/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app.mdx
@@ -40,7 +40,7 @@ This feature replaces the legacy [private network app type](/cloudflare-one/acce
 8.  Configure how users will authenticate:
 
         1. Select the [**Identity providers**](/cloudflare-one/integrations/identity-providers/) you want to enable for your application.
-        2. (Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
+        2. (Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/reusable-components/custom-pages/access-login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
         3. (Recommended) Turn on **WARP authentication identity** to allow users to authenticate to the application using their [WARP session identity](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/). We recommend turning this on if your application is not in the browser and cannot handle a `302` redirect.
 
 9.  Select **Next**.
diff --git a/src/content/docs/cloudflare-one/access-controls/policies/index.mdx b/src/content/docs/cloudflare-one/access-controls/policies/index.mdx
index 8b64dcf64e423f0..aa9b75a135331f5 100644
--- a/src/content/docs/cloudflare-one/access-controls/policies/index.mdx
+++ b/src/content/docs/cloudflare-one/access-controls/policies/index.mdx
@@ -152,7 +152,7 @@ Non-identity attributes are polled continuously, meaning they are-evaluated with
 | Identity provider group  | Checks the user groups configured with your identity provider (IdP). This selector only displays if you use Microsoft Entra ID, GitHub, Google, Okta, or an IdP that provisions groups with [SCIM](/cloudflare-one/team-and-resources/users/scim/). | ✅               | ❌                               | ✅                       |
 | SAML Group               | Checks a SAML attribute name / value pair. This selector only displays if you use a [generic SAML](/cloudflare-one/integrations/identity-providers/generic-saml/) identity provider.                                                             | ✅               | ❌                               | ✅                       |
 | OIDC Claim               | Checks an OIDC claim name / value pair. This selector only displays if you use a [generic OIDC](/cloudflare-one/integrations/identity-providers/generic-oidc/) identity provider.                                                                | ✅               | ❌                               | ✅                       |
-| Device posture           | Checks [device posture signals](/cloudflare-one/identity/devices/) from the WARP client or a third-party service provider.                                                                                                                | ✅               | ✅                               | ❌                       |
+| Device posture           | Checks [device posture signals](/cloudflare-one/reusable-components/posture-checks/) from the WARP client or a third-party service provider.                                                                                                                | ✅               | ✅                               | ❌                       |
 | Warp                     | Checks that the device is connected to WARP, including the consumer version.                                                                                                                                                              | ✅               | ✅                               | ❌                       |
 | Gateway                  | Checks that the device is connected to your Zero Trust instance through the [WARP client](/cloudflare-one/team-and-resources/devices/warp/).                                                                                             | ✅               | ✅                               | ❌                       |
 
diff --git a/src/content/docs/cloudflare-one/api-terraform/index.mdx b/src/content/docs/cloudflare-one/api-terraform/index.mdx
index af1ac12afd7f9b0..e602b4e4cc29724 100644
--- a/src/content/docs/cloudflare-one/api-terraform/index.mdx
+++ b/src/content/docs/cloudflare-one/api-terraform/index.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: navigation
 title: API and Terraform
 sidebar:
-  order: 11
+  order: 15
 ---
 
 import { DirectoryListing, Render } from "~/components";
diff --git a/src/content/docs/cloudflare-one/applications/app-launcher.mdx b/src/content/docs/cloudflare-one/applications/app-launcher.mdx
index ff9d3b3ce62328f..198993a48dee3ea 100644
--- a/src/content/docs/cloudflare-one/applications/app-launcher.mdx
+++ b/src/content/docs/cloudflare-one/applications/app-launcher.mdx
@@ -8,7 +8,3 @@ sidebar:
 import { Render } from "~/components";
 
 <Render file="access/app-launcher" product="cloudflare-one" />
-
-## Tags
-
-<Render file="access/tags" product="cloudflare-one" />
diff --git a/src/content/docs/cloudflare-one/data-loss-prevention/dlp-policies/common-policies.mdx b/src/content/docs/cloudflare-one/data-loss-prevention/dlp-policies/common-policies.mdx
index 8843f6f73c06698..6bf0a59db0953a3 100644
--- a/src/content/docs/cloudflare-one/data-loss-prevention/dlp-policies/common-policies.mdx
+++ b/src/content/docs/cloudflare-one/data-loss-prevention/dlp-policies/common-policies.mdx
@@ -41,7 +41,7 @@ You can configure access on a per-user or group basis by adding [identity-based
 
 Many Android applications (such as Google Drive) use <GlossaryTooltip term="certificate pinning" link="/ssl/reference/certificate-pinning/">certificate pinning</GlossaryTooltip>, which is incompatible with Gateway inspection. If needed, you can create a [Do Not Inspect policy](/cloudflare-one/traffic-policies/http-policies/#do-not-inspect) so that the app can continue to function on Android:
 
-1. Set up an [OS version device posture check](/cloudflare-one/identity/devices/warp-client-checks/os-version/) that checks for the Android operating system.
+1. Set up an [OS version device posture check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version/) that checks for the Android operating system.
 
 2. Create the following HTTP policy in Gateway:
 
diff --git a/src/content/docs/cloudflare-one/faq/policies-faq.mdx b/src/content/docs/cloudflare-one/faq/policies-faq.mdx
index d4bdea3fda54536..09167dfae099836 100644
--- a/src/content/docs/cloudflare-one/faq/policies-faq.mdx
+++ b/src/content/docs/cloudflare-one/faq/policies-faq.mdx
@@ -59,7 +59,7 @@ If the domain is only blocked by a network policy, it may be because:
 
 ## When does Access return a Forbidden status page versus a login page?
 
-Access returns a Forbidden page with status codes `401`/`403` when it determines there is no way a user can pass a [policy](/cloudflare-one/access-controls/policies/). If Cloudflare can make a full policy determination that a user will not be able to log in, Access will return a Forbidden page instead of a [login page](/cloudflare-one/applications/login-page/).
+Access returns a Forbidden page with status codes `401`/`403` when it determines there is no way a user can pass a [policy](/cloudflare-one/access-controls/policies/). If Cloudflare can make a full policy determination that a user will not be able to log in, Access will return a Forbidden page instead of a [login page](/cloudflare-one/reusable-components/custom-pages/access-login-page/).
 
 For example, your application has a policy that requires a user to be in a [specific geolocation](/cloudflare-one/access-controls/policies/#allow) to log in.
 
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/index.mdx b/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/index.mdx
deleted file mode 100644
index e18c39e35c5d327..000000000000000
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/index.mdx
+++ /dev/null
@@ -1,33 +0,0 @@
----
-pcx_content_type: navigation
-title: WARP client checks
-sidebar:
-  order: 1
-
----
-
-These device posture checks are performed by the [Cloudflare WARP client](/cloudflare-one/team-and-resources/devices/warp/). To use this feature, you must [deploy the WARP client](/cloudflare-one/team-and-resources/devices/warp/deployment/) to your devices and enable the desired posture checks.
-
-## Supported WARP modes
-
-* Gateway with WARP
-* Secure Web Gateway without DNS filtering
-* Device Information Only
-
-## Supported operating systems
-
-| Device posture check                                                                          | macOS | Windows | Linux       | iOS | Android/ChromeOS |
-| --------------------------------------------------------------------------------------------- | ----- | ------- | ----------- | --- | ---------------- |
-| [Application check](/cloudflare-one/identity/devices/warp-client-checks/application-check/)   | ✅     | ✅       | ✅           | ❌   | ❌                |
-| [Carbon Black](/cloudflare-one/identity/devices/warp-client-checks/carbon-black/)             | ✅     | ✅       | ✅           | ❌   | ❌                |
-| [Client certificate](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/) | ✅     | ✅       | ✅           | ❌   | ❌                |
-| [Device serial numbers](/cloudflare-one/identity/devices/warp-client-checks/corp-device/)     | ✅     | ✅       | ✅           | ❌   | ❌                |
-| [Device UUID](/cloudflare-one/identity/devices/warp-client-checks/device-uuid/)               | ❌     | ❌       | ❌           | ✅   | ✅                |
-| [Disk encryption](/cloudflare-one/identity/devices/warp-client-checks/disk-encryption/)       | ✅     | ✅       | ✅           | ❌   | ❌                |
-| [Domain joined](/cloudflare-one/identity/devices/warp-client-checks/domain-joined/)           | ❌     | ✅       | ❌           | ❌   | ❌                |
-| [File check](/cloudflare-one/identity/devices/warp-client-checks/file-check/)                 | ✅     | ✅       | ✅           | ❌   | ❌                |
-| [Firewall](/cloudflare-one/identity/devices/warp-client-checks/firewall/)                     | ✅     | ✅       | ❌           | ❌   | ❌                |
-| [OS version](/cloudflare-one/identity/devices/warp-client-checks/os-version/)                 | ✅     | ✅       | ✅           | ✅   | ✅                |
-| [Require Gateway](/cloudflare-one/identity/devices/warp-client-checks/require-gateway/)       | ✅     | ✅       | ✅           | ✅   | ✅                |
-| [Require WARP](/cloudflare-one/identity/devices/warp-client-checks/require-warp/)             | ✅     | ✅       | ✅           | ✅   | ✅                |
-| [SentinelOne](/cloudflare-one/identity/devices/warp-client-checks/sentinel-one/)              | ✅     | ✅       | ✅           | ❌   | ❌                |
diff --git a/src/content/docs/cloudflare-one/insights/logs/posture-logs.mdx b/src/content/docs/cloudflare-one/insights/logs/posture-logs.mdx
index e9e0eebb15fd403..c6bf81eb36270d0 100644
--- a/src/content/docs/cloudflare-one/insights/logs/posture-logs.mdx
+++ b/src/content/docs/cloudflare-one/insights/logs/posture-logs.mdx
@@ -6,9 +6,9 @@ sidebar:
 
 ---
 
-Posture logs show the [device posture check](/cloudflare-one/identity/devices/) results reported by the WARP client.
+Posture logs show the [device posture check](/cloudflare-one/reusable-components/posture-checks/) results reported by the WARP client.
 
-To view device posture logs, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Logs** > **Posture**. Logs will only display if you have configured [device posture checks](/cloudflare-one/identity/devices/) for your Zero Trust organization.
+To view device posture logs, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Logs** > **Posture**. Logs will only display if you have configured [device posture checks](/cloudflare-one/reusable-components/posture-checks/) for your Zero Trust organization.
 
 Enterprise users can generate more detailed logs with [Logpush](/cloudflare-one/insights/logs/logpush/).
 
@@ -36,8 +36,8 @@ Enterprise users can generate more detailed logs with [Logpush](/cloudflare-one/
 
 | Field               | Description                                                                                                                                                         |
 | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Name**            | Name of the [device posture check](/cloudflare-one/identity/devices).                                                                                               |
-| **Type**            | Type of [WARP client check](/cloudflare-one/identity/devices/warp-client-checks/) or [service provider check](/cloudflare-one/integrations/service-providers/). |
+| **Name**            | Name of the [device posture check](/cloudflare-one/reusable-components/posture-checks/).                                                                                               |
+| **Type**            | Type of [WARP client check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/) or [service provider check](/cloudflare-one/integrations/service-providers/). |
 | **Rule ID**         | UUID of the device posture check.                                                                                                                                   |
 | **Conditions met**  | Whether the device passed or failed the posture check criteria. Evaluates to `true` if the **Received values** match the **Expected values**.                       |
 | **Expected values** | Values required to pass the device posture check.                                                                                                                   |
diff --git a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/grpc.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/grpc.mdx
index 0e3021cf74a012f..86fed84f764c44f 100644
--- a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/grpc.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/grpc.mdx
@@ -46,7 +46,7 @@ To establish a secure, outbound-only connection to Cloudflare:
 
 ## 4. (Recommended) Create a Gateway policy
 
-You can configure [Gateway network policies](/cloudflare-one/traffic-policies/network-policies/) to either block or allow access to the gRPC server. The following example consists of two policies: the first allows gRPC connections from devices that pass [device posture checks](/cloudflare-one/identity/devices/), and the second blocks all other traffic. Make sure that the Allow policy has higher [priority](/cloudflare-one/traffic-policies/order-of-enforcement/#order-of-precedence).
+You can configure [Gateway network policies](/cloudflare-one/traffic-policies/network-policies/) to either block or allow access to the gRPC server. The following example consists of two policies: the first allows gRPC connections from devices that pass [device posture checks](/cloudflare-one/reusable-components/posture-checks/), and the second blocks all other traffic. Make sure that the Allow policy has higher [priority](/cloudflare-one/traffic-policies/order-of-enforcement/#order-of-precedence).
 
 ### 1. Allow secured devices
 
diff --git a/src/content/docs/cloudflare-one/applications/block-page.mdx b/src/content/docs/cloudflare-one/reusable-components/custom-pages/access-block-page.mdx
similarity index 76%
rename from src/content/docs/cloudflare-one/applications/block-page.mdx
rename to src/content/docs/cloudflare-one/reusable-components/custom-pages/access-block-page.mdx
index 04753d0cd54d139..8e934fdb770ebc5 100644
--- a/src/content/docs/cloudflare-one/applications/block-page.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/custom-pages/access-block-page.mdx
@@ -1,8 +1,8 @@
 ---
 pcx_content_type: how-to
-title: Block page
+title: Access custom block pages
 sidebar:
-  order: 8
+  order: 4
 ---
 
 import { Render } from "~/components";
diff --git a/src/content/docs/cloudflare-one/applications/login-page.mdx b/src/content/docs/cloudflare-one/reusable-components/custom-pages/access-login-page.mdx
similarity index 87%
rename from src/content/docs/cloudflare-one/applications/login-page.mdx
rename to src/content/docs/cloudflare-one/reusable-components/custom-pages/access-login-page.mdx
index 75293d9d6b4f2da..b3dd915ac8e2516 100644
--- a/src/content/docs/cloudflare-one/applications/login-page.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/custom-pages/access-login-page.mdx
@@ -1,8 +1,8 @@
 ---
 pcx_content_type: how-to
-title: Login page
+title: Access login page
 sidebar:
-  order: 7
+  order: 3
 ---
 
 import { Render } from "~/components";
diff --git a/src/content/docs/cloudflare-one/reusable-components/custom-pages/index.mdx b/src/content/docs/cloudflare-one/reusable-components/custom-pages/index.mdx
new file mode 100644
index 000000000000000..984ad5beb570a1c
--- /dev/null
+++ b/src/content/docs/cloudflare-one/reusable-components/custom-pages/index.mdx
@@ -0,0 +1,12 @@
+---
+pcx_content_type: navigation
+title: Custom pages
+sidebar:
+  order: 4
+  group:
+    hideIndex: true
+---
+
+import { DirectoryListing } from "~/components"
+
+<DirectoryListing />
diff --git a/src/content/docs/cloudflare-one/reusable-components/index.mdx b/src/content/docs/cloudflare-one/reusable-components/index.mdx
new file mode 100644
index 000000000000000..f1a96ce7b781438
--- /dev/null
+++ b/src/content/docs/cloudflare-one/reusable-components/index.mdx
@@ -0,0 +1,12 @@
+---
+pcx_content_type: navigation
+title: Reusable components
+sidebar:
+  order: 11
+  group:
+    hideIndex: true
+---
+
+import { DirectoryListing } from "~/components"
+
+<DirectoryListing />
diff --git a/src/content/docs/cloudflare-one/identity/devices/access-integrations/index.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/access-integrations/index.mdx
similarity index 64%
rename from src/content/docs/cloudflare-one/identity/devices/access-integrations/index.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/access-integrations/index.mdx
index 25c6f1626349524..10cf48f23204c05 100644
--- a/src/content/docs/cloudflare-one/identity/devices/access-integrations/index.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/access-integrations/index.mdx
@@ -10,5 +10,5 @@ These device posture checks can only be enforced for Cloudflare Access applicati
 | Device posture check                                                                            | macOS | Windows | Linux | iOS | Android/ChromeOS | [WARP mode](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/) |
 | ----------------------------------------------------------------------------------------------- | ----- | ------- | ----- | --- | ---------------- | ---------------------------------------------------------------------------------------- |
 | [Microsoft Entra ID Conditional Access](/cloudflare-one/tutorials/entra-id-conditional-access/) | ✅    | ✅      | ❌    | ❌  | ❌               | WARP not required                                                                        |
-| [Mutual TLS](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/)   | ✅    | ✅      | ✅    | ✅  | ✅               | WARP not required                                                                        |
-| [Tanium](/cloudflare-one/identity/devices/access-integrations/tanium/)                          | ✅    | ✅      | ✅    | ❌  | ❌               | Gateway with WARP, Secure Web Gateway without DNS filtering, or Device Information Only  |
+| [Mutual TLS](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/)   | ✅    | ✅      | ✅    | ✅  | ✅               | WARP not required                                                                        |
+| [Tanium](/cloudflare-one/reusable-components/posture-checks/access-integrations/tanium/)                          | ✅    | ✅      | ✅    | ❌  | ❌               | Gateway with WARP, Secure Web Gateway without DNS filtering, or Device Information Only  |
diff --git a/src/content/docs/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication.mdx
similarity index 100%
rename from src/content/docs/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication.mdx
diff --git a/src/content/docs/cloudflare-one/identity/devices/access-integrations/tanium.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/access-integrations/tanium.mdx
similarity index 97%
rename from src/content/docs/cloudflare-one/identity/devices/access-integrations/tanium.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/access-integrations/tanium.mdx
index 26d6e6cdfde0a4b..79effb3c7130724 100644
--- a/src/content/docs/cloudflare-one/identity/devices/access-integrations/tanium.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/access-integrations/tanium.mdx
@@ -30,7 +30,7 @@ The Tanium integration cannot be used with [Gateway device posture policies](/cl
   	product="cloudflare-one"
   	params={{
   		name: "Access integrations",
-  		link: "/cloudflare-one/identity/devices/access-integrations/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/access-integrations/",
   	}}
   />
 
diff --git a/src/content/docs/cloudflare-one/identity/devices/index.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/index.mdx
similarity index 83%
rename from src/content/docs/cloudflare-one/identity/devices/index.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/index.mdx
index 282f70254dc6752..fa11fdc103506ea 100644
--- a/src/content/docs/cloudflare-one/identity/devices/index.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/index.mdx
@@ -1,6 +1,6 @@
 ---
 pcx_content_type: how-to
-title: Device posture
+title: Posture checks
 sidebar:
   order: 4
 ---
@@ -13,9 +13,9 @@ With Cloudflare Zero Trust, you can configure Zero Trust policies that rely on a
 
 Setup instructions and requirements vary depending on the device posture attribute. Refer to the links below to view the setup guide for your provider.
 
-- [WARP client checks](/cloudflare-one/identity/devices/warp-client-checks/) are performed by the Cloudflare WARP client.
+- [WARP client checks](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/) are performed by the Cloudflare WARP client.
 - [Service-to-service checks](/cloudflare-one/integrations/service-providers/) are performed by third-party device posture providers.
-- [Access integration checks](/cloudflare-one/identity/devices/access-integrations/) are only configurable for Access applications. These attributes cannot be used in Gateway policies.
+- [Access integration checks](/cloudflare-one/reusable-components/posture-checks/access-integrations/) are only configurable for Access applications. These attributes cannot be used in Gateway policies.
 
 ## 2. Verify device posture checks
 
@@ -32,12 +32,12 @@ You can now use your device posture check in an [Access policy](/cloudflare-one/
 
 :::caution[Gateway policy limitation]
 
-Gateway does not support device posture checks for the [Tanium Access integration](/cloudflare-one/identity/devices/access-integrations/tanium/).
+Gateway does not support device posture checks for the [Tanium Access integration](/cloudflare-one/reusable-components/posture-checks/access-integrations/tanium/).
 :::
 
 ## 4. Ensure traffic is going through WARP
 
-[WARP client](/cloudflare-one/identity/devices/warp-client-checks/) and [service-to-service](/cloudflare-one/integrations/service-providers/) posture checks rely on traffic going through WARP to detect posture information for a device. In your [Split Tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/), ensure that the following domains are included in WARP:
+[WARP client](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/) and [service-to-service](/cloudflare-one/integrations/service-providers/) posture checks rely on traffic going through WARP to detect posture information for a device. In your [Split Tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/), ensure that the following domains are included in WARP:
 
 - The IdP used to authenticate to Cloudflare Zero Trust if posture check is part of an Access policy.
 - `<your-team-name>.cloudflareaccess.com` if posture check is part of an Access policy.
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/application-check.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/application-check.mdx
similarity index 98%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/application-check.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/application-check.mdx
index 549bbf0accdaa8f..11ab319554c4c20 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/application-check.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/application-check.mdx
@@ -16,7 +16,7 @@ The Application Check device posture attribute checks that a specific applicatio
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/carbon-black.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/carbon-black.mdx
similarity index 95%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/carbon-black.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/carbon-black.mdx
index 54d3eb34f622963..e6887f422692696 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/carbon-black.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/carbon-black.mdx
@@ -17,7 +17,7 @@ Cloudflare Zero Trust can check if [Carbon Black](https://www.carbonblack.com/)
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/client-certificate.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate.mdx
similarity index 98%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/client-certificate.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate.mdx
index 10ec0e1b04c9de3..b9b4ec561cb8338 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/client-certificate.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate.mdx
@@ -44,7 +44,7 @@ The Client Certificate device posture attribute checks if the device has a valid
 
 :::note
 
-To generate a sample root CA for testing, refer to [Generate mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#generate-mtls-certificates).
+To generate a sample root CA for testing, refer to [Generate mTLS certificates](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#generate-mtls-certificates).
 :::
 
 ## Configure the client certificate check
@@ -73,9 +73,9 @@ To generate a sample root CA for testing, refer to [Generate mTLS certificates](
         - User trust store
       </Details>
       <Details header="macOS">
-      
+
       - System keychain
-      
+
       </Details>
       <Details header="Linux">
       	- NSSDB (`/etc/pki/nssdb`) - To search a custom location, enter the
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/corp-device.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device.mdx
similarity index 93%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/corp-device.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device.mdx
index 2259325be4ed178..31743a2e6f32735 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/corp-device.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device.mdx
@@ -16,7 +16,7 @@ Cloudflare Zero Trust allows you to build Zero Trust rules based on device seria
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
@@ -71,4 +71,4 @@ You can use the following commands to check the serial number of your device. Th
 
 ### iOS, Android and ChromeOS
 
-Serial number checks are not supported on mobile devices. You can identify mobile devices by a [unique client ID](/cloudflare-one/identity/devices/warp-client-checks/device-uuid) instead of by serial number.
+Serial number checks are not supported on mobile devices. You can identify mobile devices by a [unique client ID](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid) instead of by serial number.
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/device-uuid.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid.mdx
similarity index 91%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/device-uuid.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid.mdx
index 10b77ef0fe02e54..51182bcbf9604f7 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/device-uuid.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid.mdx
@@ -16,7 +16,7 @@ Cloudflare Zero Trust allows you to build Zero Trust rules based on device UUIDs
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
@@ -64,6 +64,6 @@ Hyphens are automatically stripped from UUIDs. For example, the posture check wi
 
 5. Select **Save**.
 
-6. [Verify](/cloudflare-one/identity/devices/#2-verify-device-posture-checks) that the posture check is returning the expected results.
+6. [Verify](/cloudflare-one/reusable-components/posture-checks/#2-verify-device-posture-checks) that the posture check is returning the expected results.
 
 You can now create an Access or Gateway device posture policy that checks if the device presents a UUID on your list.
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/disk-encryption.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/disk-encryption.mdx
similarity index 97%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/disk-encryption.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/disk-encryption.mdx
index 264d257429e0820..73ce91ae1933203 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/disk-encryption.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/disk-encryption.mdx
@@ -19,7 +19,7 @@ The Disk Encryption device posture attribute ensures that disks are encrypted on
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/domain-joined.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/domain-joined.mdx
similarity index 94%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/domain-joined.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/domain-joined.mdx
index a3b0651fe651017..406b8dada7c2c0d 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/domain-joined.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/domain-joined.mdx
@@ -19,7 +19,7 @@ The Domain Joined device posture attribute ensures that a user is a member of a
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/file-check.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/file-check.mdx
similarity index 67%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/file-check.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/file-check.mdx
index 7b98f340a132d83..3a1f62ae76bea17 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/file-check.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/file-check.mdx
@@ -16,7 +16,7 @@ The File Check device posture attribute checks for the presence of a file on a d
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
@@ -32,8 +32,8 @@ The File Check device posture attribute checks for the presence of a file on a d
    1. **Name**: Enter a unique name for this device posture check.
    2. **Operating system**: Select your operating system.
    3. **File Path**: Enter a file path (for example, `c:\my folder\myfile.exe`).
-   4. **Signing certificate thumbprint (recommended)**: Enter the [thumbprint](/cloudflare-one/identity/devices/warp-client-checks/application-check/#determine-the-signing-thumbprint) of the publishing certificate used to sign the file. Adding this information will enable the check to ensure that the file was signed by the expected software developer.
-   5. **SHA-256 (optional)**: Enter the [SHA-256 value](/cloudflare-one/identity/devices/warp-client-checks/application-check/#determine-the-sha-256-value) of the file. This is used to ensure the integrity of the file on the device.
+   4. **Signing certificate thumbprint (recommended)**: Enter the [thumbprint](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/application-check/#determine-the-signing-thumbprint) of the publishing certificate used to sign the file. Adding this information will enable the check to ensure that the file was signed by the expected software developer.
+   5. **SHA-256 (optional)**: Enter the [SHA-256 value](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/application-check/#determine-the-sha-256-value) of the file. This is used to ensure the integrity of the file on the device.
 
 5. Select **Save**.
 
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/firewall.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/firewall.mdx
similarity index 95%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/firewall.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/firewall.mdx
index 412a58c10b41178..537a2ff8f470a68 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/firewall.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/firewall.mdx
@@ -19,7 +19,7 @@ The Firewall device posture attribute ensures that a firewall is running on a de
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
diff --git a/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/index.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/index.mdx
new file mode 100644
index 000000000000000..4ebe78397f841b9
--- /dev/null
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/index.mdx
@@ -0,0 +1,33 @@
+---
+pcx_content_type: navigation
+title: WARP client checks
+sidebar:
+  order: 1
+
+---
+
+These device posture checks are performed by the [Cloudflare WARP client](/cloudflare-one/team-and-resources/devices/warp/). To use this feature, you must [deploy the WARP client](/cloudflare-one/team-and-resources/devices/warp/deployment/) to your devices and enable the desired posture checks.
+
+## Supported WARP modes
+
+* Gateway with WARP
+* Secure Web Gateway without DNS filtering
+* Device Information Only
+
+## Supported operating systems
+
+| Device posture check                                                                          | macOS | Windows | Linux       | iOS | Android/ChromeOS |
+| --------------------------------------------------------------------------------------------- | ----- | ------- | ----------- | --- | ---------------- |
+| [Application check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/application-check/)   | ✅     | ✅       | ✅           | ❌   | ❌                |
+| [Carbon Black](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/carbon-black/)             | ✅     | ✅       | ✅           | ❌   | ❌                |
+| [Client certificate](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/) | ✅     | ✅       | ✅           | ❌   | ❌                |
+| [Device serial numbers](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device/)     | ✅     | ✅       | ✅           | ❌   | ❌                |
+| [Device UUID](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid/)               | ❌     | ❌       | ❌           | ✅   | ✅                |
+| [Disk encryption](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/disk-encryption/)       | ✅     | ✅       | ✅           | ❌   | ❌                |
+| [Domain joined](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/domain-joined/)           | ❌     | ✅       | ❌           | ❌   | ❌                |
+| [File check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/file-check/)                 | ✅     | ✅       | ✅           | ❌   | ❌                |
+| [Firewall](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/firewall/)                     | ✅     | ✅       | ❌           | ❌   | ❌                |
+| [OS version](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version/)                 | ✅     | ✅       | ✅           | ✅   | ✅                |
+| [Require Gateway](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-gateway/)       | ✅     | ✅       | ✅           | ✅   | ✅                |
+| [Require WARP](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp/)             | ✅     | ✅       | ✅           | ✅   | ✅                |
+| [SentinelOne](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/sentinel-one/)              | ✅     | ✅       | ✅           | ❌   | ❌                |
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/os-version.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version.mdx
similarity index 98%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/os-version.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version.mdx
index b06664786244888..3c51d0691249ca5 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/os-version.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version.mdx
@@ -16,7 +16,7 @@ The OS Version device posture attribute checks whether the version of a device's
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/require-gateway.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-gateway.mdx
similarity index 71%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/require-gateway.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-gateway.mdx
index 0828e4ea9d74252..f75d69f5ae0ac61 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/require-gateway.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-gateway.mdx
@@ -10,7 +10,7 @@ head:
 
 import { Render } from "~/components";
 
-With Require Gateway, you can allow access to your applications only to devices enrolled in your Zero Trust organization. Unlike [Require WARP](/cloudflare-one/identity/devices/warp-client-checks/require-warp/), which will check for any WARP instance (including the consumer version), Require Gateway will only allow requests coming from devices whose traffic is filtered by your organization's Cloudflare Gateway configuration. This policy is best used when you want to protect company-owned assets by only allowing access to employees.
+With Require Gateway, you can allow access to your applications only to devices enrolled in your Zero Trust organization. Unlike [Require WARP](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp/), which will check for any WARP instance (including the consumer version), Require Gateway will only allow requests coming from devices whose traffic is filtered by your organization's Cloudflare Gateway configuration. This policy is best used when you want to protect company-owned assets by only allowing access to employees.
 
 ## Prerequisites
 
@@ -19,7 +19,7 @@ With Require Gateway, you can allow access to your applications only to devices
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/require-warp.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp.mdx
similarity index 94%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/require-warp.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp.mdx
index 9b69e34f5638f6a..528533f4cc841a6 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/require-warp.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp.mdx
@@ -25,7 +25,7 @@ Cloudflare Zero Trust enables you to restrict access to your applications to dev
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/sentinel-one.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/sentinel-one.mdx
similarity index 96%
rename from src/content/docs/cloudflare-one/identity/devices/warp-client-checks/sentinel-one.mdx
rename to src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/sentinel-one.mdx
index 46e554f8445dff7..1a7ed0426d4b067 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/sentinel-one.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/sentinel-one.mdx
@@ -20,7 +20,7 @@ Cloudflare Zero Trust can check if [SentinelOne](https://www.sentinelone.com/) i
   	product="cloudflare-one"
   	params={{
   		name: "WARP Client Checks",
-  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
   	}}
   />
 
diff --git a/src/content/docs/cloudflare-one/reusable-components/tags.mdx b/src/content/docs/cloudflare-one/reusable-components/tags.mdx
new file mode 100644
index 000000000000000..b9330837773c4f5
--- /dev/null
+++ b/src/content/docs/cloudflare-one/reusable-components/tags.mdx
@@ -0,0 +1,11 @@
+---
+pcx_content_type: how-to
+title: Tags
+sidebar:
+  order: 2
+---
+
+import { Render } from "~/components";
+
+<Render file="access/tags" product="cloudflare-one" />
+
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx
index 6c010e49aeab9ea..d6dc9ae89a15a97 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx
@@ -177,7 +177,7 @@ Windows offers two locations to install the certificate, each impacting which us
 The root certificate is now installed and ready to be used.
 
 :::caution
-If your certificate is installed in the **Local Machine Store**, the [device posture check](/cloudflare-one/identity/devices/warp-client-checks/) looking for a certificate will fail. Install the certificate in the **Current User Store** to ensure a successful posture device check.
+If your certificate is installed in the **Local Machine Store**, the [device posture check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/) looking for a certificate will fail. Install the certificate in the **Current User Store** to ensure a successful posture device check.
 :::
 
 ### Linux
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles.mdx
index 72895aee4bc6305..2386a5ddd2771f2 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles.mdx
@@ -186,7 +186,7 @@ Apply a device profile based on the operating system of the device.
 
 ### Operating system version
 
-Apply a device profile based on the [OS version](/cloudflare-one/identity/devices/warp-client-checks/os-version/#determine-the-os-version) of the device.
+Apply a device profile based on the [OS version](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version/#determine-the-os-version) of the device.
 
 | UI name                  | API example               |
 | ------------------------ | ------------------------- |
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels.mdx
index e4606ede02ef593..1d50b410a56b2ed 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels.mdx
@@ -34,7 +34,7 @@ Do not exclude a site from Split Tunnels if you want to see the traffic in your
 
 ## Routes for Split Tunnels Include mode
 
-Many Cloudflare Zero Trust services rely on traffic going through WARP, such as [device posture checks](/cloudflare-one/identity/devices/) and [WARP session durations](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/). If you are using Split Tunnels in Include mode, you will need to manually add Cloudflare Zero Trust domains and IPs in order for these features to function.
+Many Cloudflare Zero Trust services rely on traffic going through WARP, such as [device posture checks](/cloudflare-one/reusable-components/posture-checks/) and [WARP session durations](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/). If you are using Split Tunnels in Include mode, you will need to manually add Cloudflare Zero Trust domains and IPs in order for these features to function.
 
 ### Cloudflare Zero Trust domains
 
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/device-information-only.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/device-information-only.mdx
index 999a426f216d7eb..248f5f382efe4a5 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/device-information-only.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/device-information-only.mdx
@@ -118,7 +118,7 @@ To block traffic from devices that do not have a valid client certificate:
    | Hostname | equals | `app.mycompany.com` | | |
 5. Select **Deploy**.
 
-Device Information Only mode is now enabled on the device. To start enforcing device posture, set up a [WARP client check](/cloudflare-one/identity/devices/warp-client-checks/) and add a _Require_ device posture rule to your [Access policy](/cloudflare-one/access-controls/policies/). When the device connects to the Access application for the first time, the browser will ask to use the client certificate installed by WARP.
+Device Information Only mode is now enabled on the device. To start enforcing device posture, set up a [WARP client check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/) and add a _Require_ device posture rule to your [Access policy](/cloudflare-one/access-controls/policies/). When the device connects to the Access application for the first time, the browser will ask to use the client certificate installed by WARP.
 
 <Width size="large">
 	![Browser prompts for client
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/index.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/index.mdx
index 77251121c7822f4..e150a4c27761130 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/index.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/index.mdx
@@ -56,7 +56,7 @@ Proxy mode is best suited for organizations that want to filter traffic directed
 
 ## Device Information Only
 
-This mode is best suited for organizations that only want to enforce [WARP client device posture checks](/cloudflare-one/identity/devices/warp-client-checks/) for zones in your account. DNS, Network and HTTP traffic is handled by the default mechanisms on your devices. To setup Device Information Only mode, refer to the [dedicated page](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/device-information-only/).
+This mode is best suited for organizations that only want to enforce [WARP client device posture checks](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/) for zones in your account. DNS, Network and HTTP traffic is handled by the default mechanisms on your devices. To setup Device Information Only mode, refer to the [dedicated page](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/device-information-only/).
 
 | DNS filtering | Network filtering | HTTP filtering | Features enabled                                                                     |
 | ------------- | ----------------- | -------------- | ------------------------------------------------------------------------------------ |
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/device-enrollment.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/device-enrollment.mdx
index ae9274ac6959c5b..68cfd7796d22c46 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/device-enrollment.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/device-enrollment.mdx
@@ -29,7 +29,7 @@ You can verify which devices have enrolled by going to **My Team** > **Devices**
 
 ### Check for mTLS certificate
 
-Enterprise customers can enforce [mutual TLS authentication](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/) during device enrollment.
+Enterprise customers can enforce [mutual TLS authentication](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/) during device enrollment.
 
 <Render file="warp/device-enrollment-mtls" product="cloudflare-one" />
 
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx
index 8101e6b762d74fd..2b80ba8951b1c4e 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx
@@ -19,7 +19,7 @@ Most of the parameters listed below are also configurable in Zero Trust under **
 
 ## Required for full Cloudflare Zero Trust features
 
-For the majority of Cloudflare Zero Trust features to work, you need to specify a team name. Examples of Cloudflare Zero Trust features which depend on the team name are [HTTP policies](/cloudflare-one/traffic-policies/http-policies/), [Browser Isolation](/cloudflare-one/remote-browser-isolation/), and [device posture](/cloudflare-one/identity/devices/).
+For the majority of Cloudflare Zero Trust features to work, you need to specify a team name. Examples of Cloudflare Zero Trust features which depend on the team name are [HTTP policies](/cloudflare-one/traffic-policies/http-policies/), [Browser Isolation](/cloudflare-one/remote-browser-isolation/), and [device posture](/cloudflare-one/reusable-components/posture-checks/).
 
 ### `organization`
 
@@ -239,7 +239,7 @@ This parameter replaces the old `enabled` property, which can no longer be used
 Only valid for iOS and Android/ChromeOS.
 :::
 
-Assigns a unique identifier to the device for the [device UUID posture check](/cloudflare-one/identity/devices/warp-client-checks/device-uuid).
+Assigns a unique identifier to the device for the [device UUID posture check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid).
 
 **Value Type:** `string`
 
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/intune.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/intune.mdx
index 27012438f3b7338..d56f385614e1a35 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/intune.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/intune.mdx
@@ -325,7 +325,7 @@ By completing this step, you deliver the WARP client to targeted macOS devices,
 
 Refer to the [generic instructions for iOS](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/#ios).
 
-Intune allows you to insert [predefined variables](https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-ios#tokens-used-in-the-property-list) into the XML configuration file. For example, you can set the [`unique_client_id`](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters/#unique_client_id) key to `{{deviceid}}` for a [device UUID posture check](/cloudflare-one/identity/devices/warp-client-checks/device-uuid/) deployment.
+Intune allows you to insert [predefined variables](https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-ios#tokens-used-in-the-property-list) into the XML configuration file. For example, you can set the [`unique_client_id`](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters/#unique_client_id) key to `{{deviceid}}` for a [device UUID posture check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid/) deployment.
 
 ### Per-app VPN for iOS
 
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/index.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/index.mdx
index 368a9391dae2976..b83b538a6ea532f 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/index.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/index.mdx
@@ -12,7 +12,7 @@ import { Render, Stream } from "~/components"
 
 ## About Cloudflare WARP
 
-The Cloudflare WARP client allows you to protect corporate devices by securely and privately sending traffic from those devices to Cloudflare's global network, where [Cloudflare Gateway](/cloudflare-one/traffic-policies/) can apply advanced web filtering. The WARP client also makes it possible to apply advanced [Zero Trust policies](/cloudflare-one/identity/devices/) that check for a device's health before it connects to corporate applications.
+The Cloudflare WARP client allows you to protect corporate devices by securely and privately sending traffic from those devices to Cloudflare's global network, where [Cloudflare Gateway](/cloudflare-one/traffic-policies/) can apply advanced web filtering. The WARP client also makes it possible to apply advanced [Zero Trust policies](/cloudflare-one/reusable-components/posture-checks/) that check for a device's health before it connects to corporate applications.
 
 ## How WARP works
 
@@ -59,7 +59,7 @@ Deploying the WARP client significantly enhances your organization's security an
 
 - **Application and device-specific insights**: With WARP installed on your corporate devices, you can view detailed application and user-level activity on the [Zero Trust Shadow IT Discovery](/cloudflare-one/insights/analytics/shadow-it-discovery/) page, while also monitoring device and network performance with [Digital Experience Monitoring (DEX)](/cloudflare-one/insights/dex/) to proactively detect and resolve issues.
 
-- **Device posture checks**: The WARP client provides advanced Zero Trust protection by making it possible to check for [device posture](/cloudflare-one/identity/devices/). By setting up device posture checks, you can build Zero Trust policies that check for a device's location, disk encryption status, OS version, and more.
+- **Device posture checks**: The WARP client provides advanced Zero Trust protection by making it possible to check for [device posture](/cloudflare-one/reusable-components/posture-checks/). By setting up device posture checks, you can build Zero Trust policies that check for a device's location, disk encryption status, OS version, and more.
 
 - **Secure private and infrastructure access**: WARP lets devices connect to [private networks](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/) over Cloudflare Tunnel and is required for [Access for Infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/), enabling secure SSH with short-lived certificates and detailed logging.
 
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/warp-logs.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/warp-logs.mdx
index 3845c1a0c3200f5..6599e971139e05a 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/warp-logs.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/warp-logs.mdx
@@ -113,7 +113,7 @@ The `warp-debugging-info-<date>-<time>.zip` archive contains the following files
 | `version.txt`                                                                                       | [WARP client version](/cloudflare-one/team-and-resources/devices/warp/download-warp/) installed on the device.                                                                                                                                                                                                                             |
 | `warp-account.txt`                                                                                  | WARP client device enrollment information.                                                                                                                                                                                                                                                                                                  |
 | `warp-bus-metrics.txt`                                                                              | Metrics for the internal message bus framework used by the WARP client.                                                                                                                                                                                                                                                                     |
-| `warp-device-posture.txt`                                                                           | Current [device posture](/cloudflare-one/identity/devices/warp-client-checks/) status.                                                                                                                                                                                                                                                      |
+| `warp-device-posture.txt`                                                                           | Current [device posture](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/) status.                                                                                                                                                                                                                                                      |
 | `warp-dex-data.txt`                                                                                 | Currently configured [DEX tests](/cloudflare-one/insights/dex/tests/) and their most recent statuses.                                                                                                                                                                                                                                       |
 | `warp-dns-fallbacks.txt`                                                                            | List of default DNS fallbacks used by the WARP DNS proxy.                                                                                                                                                                                                                                                                                   |
 | `warp-dns-lock.json`                                                                                | Default DNS providers and network interface information.                                                                                                                                                                                                                                                                                    |
diff --git a/src/content/docs/cloudflare-one/traffic-policies/http-policies/common-policies.mdx b/src/content/docs/cloudflare-one/traffic-policies/http-policies/common-policies.mdx
index 59e600d60253c26..2c07be759b575b1 100644
--- a/src/content/docs/cloudflare-one/traffic-policies/http-policies/common-policies.mdx
+++ b/src/content/docs/cloudflare-one/traffic-policies/http-policies/common-policies.mdx
@@ -171,11 +171,11 @@ You can select either individual applications or the entire Do Not Inspect set,
 
 ## Check device posture
 
-Require devices to have certain software installed or other configuration attributes. For instructions on setting up a device posture check, refer to [Enforce device posture](/cloudflare-one/identity/devices/).
+Require devices to have certain software installed or other configuration attributes. For instructions on setting up a device posture check, refer to [Enforce device posture](/cloudflare-one/reusable-components/posture-checks/).
 
 ### Enforce a minimum OS version
 
-Perform an [OS version check](/cloudflare-one/identity/devices/warp-client-checks/os-version/) to ensure users are running at least a minimum version.
+Perform an [OS version check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version/) to ensure users are running at least a minimum version.
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
@@ -209,7 +209,7 @@ To get the UUIDs of your device posture checks, use the [List device posture rul
 
 ### Check for a specific file
 
-Perform a [file check](/cloudflare-one/identity/devices/warp-client-checks/file-check/) to ensure users have a certain file on their device.
+Perform a [file check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/file-check/) to ensure users have a certain file on their device.
 
 Since the file path will be different for each operating system, you can configure a file check for each system and use the **Or** logical operator to only require one of the checks to pass.
 
diff --git a/src/content/docs/cloudflare-one/traffic-policies/identity-selectors.mdx b/src/content/docs/cloudflare-one/traffic-policies/identity-selectors.mdx
index fb439cc558f4059..77aa53fdad4b215 100644
--- a/src/content/docs/cloudflare-one/traffic-policies/identity-selectors.mdx
+++ b/src/content/docs/cloudflare-one/traffic-policies/identity-selectors.mdx
@@ -9,7 +9,7 @@ import { Render } from "~/components";
 
 With Cloudflare Zero Trust, you can create Secure Web Gateway policies that filter outbound traffic down to the user identity level. To do that, you can build DNS, HTTP or Network policies using a set of [identity-based selectors](#identity-based-selectors). These selectors require you to deploy the Zero Trust WARP client in [Gateway with WARP mode](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/).
 
-You may also filter outbound traffic based on additional signals from [device posture checks](/cloudflare-one/identity/devices/).
+You may also filter outbound traffic based on additional signals from [device posture checks](/cloudflare-one/reusable-components/posture-checks/).
 
 ## Gateway identity checks
 
diff --git a/src/content/docs/cloudflare-one/traffic-policies/network-policies/common-policies.mdx b/src/content/docs/cloudflare-one/traffic-policies/network-policies/common-policies.mdx
index 8d6afbeed915fc9..78f842aab97b12a 100644
--- a/src/content/docs/cloudflare-one/traffic-policies/network-policies/common-policies.mdx
+++ b/src/content/docs/cloudflare-one/traffic-policies/network-policies/common-policies.mdx
@@ -80,7 +80,7 @@ Refer to the [network policies page](/cloudflare-one/traffic-policies/network-po
 
 ## Enforce device posture
 
-Require devices to have certain software installed or other configuration attributes. For instructions on enabling a device posture check, refer to the [device posture section](/cloudflare-one/identity/devices/). For example, you can use a list of [device serial numbers](/cloudflare-one/identity/devices/warp-client-checks/corp-device/) to ensure users can only access an application if they connect with the WARP client from a company device:
+Require devices to have certain software installed or other configuration attributes. For instructions on enabling a device posture check, refer to the [device posture section](/cloudflare-one/reusable-components/posture-checks/). For example, you can use a list of [device serial numbers](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device/) to ensure users can only access an application if they connect with the WARP client from a company device:
 
 <Render
 	file="gateway/policies/dash-plus-api/network/enforce-device-posture"
diff --git a/src/content/docs/cloudflare-one/tutorials/extend-sso-with-workers.mdx b/src/content/docs/cloudflare-one/tutorials/extend-sso-with-workers.mdx
index 9a5ec361a4709da..ae0dcaba6f6f9be 100644
--- a/src/content/docs/cloudflare-one/tutorials/extend-sso-with-workers.mdx
+++ b/src/content/docs/cloudflare-one/tutorials/extend-sso-with-workers.mdx
@@ -27,7 +27,7 @@ This tutorial will walk you through extending the single-sign-on (SSO) capabilit
 
 ![Standard authentication flow for a request to an Access application](~/assets/images/cloudflare-one/applications/access-standard-flow.png)
 
-You can extend this functionality by using a Cloudflare Worker to insert additional HTTP headers into the request. In this example, we will add the [device posture attributes](/cloudflare-one/identity/devices/#enforce-device-posture) `firewall_activated` and `disk_encrypted`, but you can include any attributes that Cloudflare Access collects from the authentication event.
+You can extend this functionality by using a Cloudflare Worker to insert additional HTTP headers into the request. In this example, we will add the [device posture attributes](/cloudflare-one/reusable-components/posture-checks/#enforce-device-posture) `firewall_activated` and `disk_encrypted`, but you can include any attributes that Cloudflare Access collects from the authentication event.
 
 ![Extended authentication flow uses a Worker to pass additional request headers to the origin](~/assets/images/cloudflare-one/applications/access-extended-flow-serverless.png)
 
@@ -42,7 +42,7 @@ This approach allows you to:
 ## Before you begin
 
 - Add a [self-hosted application](/cloudflare-one/access-controls/applications/http-apps/self-hosted-public-app/) to Cloudflare Access.
-- Enable the [Disk encryption](/cloudflare-one/identity/devices/warp-client-checks/disk-encryption/) and [Firewall](/cloudflare-one/identity/devices/warp-client-checks/firewall/) device posture checks.
+- Enable the [Disk encryption](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/disk-encryption/) and [Firewall](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/firewall/) device posture checks.
 - Install [Wrangler](/workers/wrangler/install-and-update/) on your local machine.
 
 ## 1. Create the Worker
diff --git a/src/content/docs/cloudflare-one/tutorials/m365-dedicated-egress-ips.mdx b/src/content/docs/cloudflare-one/tutorials/m365-dedicated-egress-ips.mdx
index 4e6da7a65a63466..9a5d0cc2e2cfdde 100644
--- a/src/content/docs/cloudflare-one/tutorials/m365-dedicated-egress-ips.mdx
+++ b/src/content/docs/cloudflare-one/tutorials/m365-dedicated-egress-ips.mdx
@@ -37,7 +37,7 @@ Make sure you have:
    | ---------------- | -------- | --------------------------------------------- |
    | User Group Names | in       | `Sales and Marketing`, `Retail`, `U.S. Sales` |
 
-   Additionally, you can check for [device posture conditions](/cloudflare-one/identity/devices/):
+   Additionally, you can check for [device posture conditions](/cloudflare-one/reusable-components/posture-checks/):
 
    | Selector                    | Operator | Value                                             | Logic |
    | --------------------------- | -------- | ------------------------------------------------- | ----- |
diff --git a/src/content/docs/cloudflare-one/tutorials/mysql-network-policy.mdx b/src/content/docs/cloudflare-one/tutorials/mysql-network-policy.mdx
index 15312aa8b137491..4a1f5f425886ca3 100644
--- a/src/content/docs/cloudflare-one/tutorials/mysql-network-policy.mdx
+++ b/src/content/docs/cloudflare-one/tutorials/mysql-network-policy.mdx
@@ -40,7 +40,7 @@ The application and (optional) DNS server are now connected to Cloudflare.
 ## Create a Gateway network policy
 
 1. Go to **Gateway** > **Firewall policies** > **Network**.
-2. Add a [network policy](/cloudflare-one/traffic-policies/network-policies/) that targets the private IP address and the port of the MySQL database (port 3306 by default). The following example allows access to the database to the users that enrolled into WARP using an `@example.com` email address. The network policies can also take into consideration [device posture checks](/cloudflare-one/identity/devices/).
+2. Add a [network policy](/cloudflare-one/traffic-policies/network-policies/) that targets the private IP address and the port of the MySQL database (port 3306 by default). The following example allows access to the database to the users that enrolled into WARP using an `@example.com` email address. The network policies can also take into consideration [device posture checks](/cloudflare-one/reusable-components/posture-checks/).
 
 | Selector         | Operator      | Value           | Logic | Action |
 | ---------------- | ------------- | --------------- | ----- | ------ |
diff --git a/src/content/docs/fundamentals/performance/maintenance-mode.mdx b/src/content/docs/fundamentals/performance/maintenance-mode.mdx
index 1655965e7487295..090b6d4592ec5a1 100644
--- a/src/content/docs/fundamentals/performance/maintenance-mode.mdx
+++ b/src/content/docs/fundamentals/performance/maintenance-mode.mdx
@@ -25,6 +25,6 @@ Certain customization and queue options depend on your [plan](/waiting-room/plan
 
 Users on all plans can [create an Access application](/cloudflare-one/access-controls/applications/http-apps/self-hosted-public-app/). Make sure to limit your [Access policy](/cloudflare-one/access-controls/policies/policy-management/#create-a-policy) to only include yourself and any collaborators.
 
-If needed, you can also further [customize the login page](/cloudflare-one/applications/login-page).
+If needed, you can also further [customize the login page](/cloudflare-one/reusable-components/custom-pages/access-login-page/).
 
 ![Example Access login page](~/assets/images/fundamentals/access-page.png)
diff --git a/src/content/docs/learning-paths/clientless-access/advanced-workflows/isolate-application.mdx b/src/content/docs/learning-paths/clientless-access/advanced-workflows/isolate-application.mdx
index 2d9f978017d7d66..0874744874af1e5 100644
--- a/src/content/docs/learning-paths/clientless-access/advanced-workflows/isolate-application.mdx
+++ b/src/content/docs/learning-paths/clientless-access/advanced-workflows/isolate-application.mdx
@@ -56,7 +56,7 @@ with HTTP policies applied"]
 | Action | Rule type | Selector                                                                                                | Value                      |
 | ------ | --------- | ------------------------------------------------------------------------------------------------------- | -------------------------- |
 | Allow  | Include   | Emails ending in                                                                                        | `@team.com`                |
-|        | Require   | [Device Posture - Serial Number List](/cloudflare-one/identity/devices/warp-client-checks/corp-device/) | `Corporate serial numbers` |
+|        | Require   | [Device Posture - Serial Number List](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device/) | `Corporate serial numbers` |
 
 | Additional settings | Status   |
 | ------------------- | -------- |
diff --git a/src/content/docs/learning-paths/mtls/concepts/mtls-cloudflare.mdx b/src/content/docs/learning-paths/mtls/concepts/mtls-cloudflare.mdx
index a9ec3b5c72ef604..52ca857280bc53a 100644
--- a/src/content/docs/learning-paths/mtls/concepts/mtls-cloudflare.mdx
+++ b/src/content/docs/learning-paths/mtls/concepts/mtls-cloudflare.mdx
@@ -20,5 +20,5 @@ There are two main ways to use mTLS at Cloudflare, either by using the Applicati
 | Mainly used for                                                       | External Authentication (that is, APIs)                                                                                                                                                                                                                                                                                           | Internal Authentication (that is, employees)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 | Availability                                                          | By default, 100 Client Certificates per Zone are included for free. For more certificates or [API Shield features](/api-shield/), contact your account team.                                                                                                                                                                      | Zero Trust Enterprise only feature.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
 | [Certificate Authority (CA)](/ssl/concepts/#certificate-authority-ca) | Cloudflare-managed or customer-uploaded (BYO CA). There's a soft-limit of up to [five customer-uploaded CAs](/ssl/client-certificates/byo-ca/#availability).                                                                                                                                                                      | Customer-uploaded only (BYO CA). There's a soft-limit of up to [50 CAs](/cloudflare-one/account-limits/#access).                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
-| Client Certificate Details                                            | Forwarded to the origin server via [Cloudflare API](/ssl/client-certificates/forward-a-client-certificate/#cloudflare-api), [Cloudflare Workers](/ssl/client-certificates/forward-a-client-certificate/#cloudflare-workers), and [Managed Transforms](/ssl/client-certificates/forward-a-client-certificate/#managed-transforms). | Forwarded to the origin server via [Cloudflare API](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#cloudflare-api), [Cloudflare Workers](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#cloudflare-workers), and [Managed Transforms](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#managed-transforms). Client Certificate headers and [Cf-Access-Jwt-Assertion](/cloudflare-one/identity/authorization-cookie/validating-json/) JWT header can be forwarded to the origin server. |
-| Client Certificates Revocation                                        | Use the WAF [Custom Rules](/waf/custom-rules/) to check for [_cf.tls_client_auth.cert_revoked_](/ssl/client-certificates/revoke-client-certificate/), which only applies to Cloudflare-managed CA. <br /><br /> For BYO CAs, it would be the same approach as with Cloudflare Access.                                             | Generate a [Certificate Revocation List (CRL)](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#create-a-crl) and enforce the revocation in a Cloudflare Worker.                                                                                                                                                                                                                                                                                                                                                                                         |
+| Client Certificate Details                                            | Forwarded to the origin server via [Cloudflare API](/ssl/client-certificates/forward-a-client-certificate/#cloudflare-api), [Cloudflare Workers](/ssl/client-certificates/forward-a-client-certificate/#cloudflare-workers), and [Managed Transforms](/ssl/client-certificates/forward-a-client-certificate/#managed-transforms). | Forwarded to the origin server via [Cloudflare API](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#cloudflare-api), [Cloudflare Workers](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#cloudflare-workers), and [Managed Transforms](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#managed-transforms). Client Certificate headers and [Cf-Access-Jwt-Assertion](/cloudflare-one/identity/authorization-cookie/validating-json/) JWT header can be forwarded to the origin server. |
+| Client Certificates Revocation                                        | Use the WAF [Custom Rules](/waf/custom-rules/) to check for [_cf.tls_client_auth.cert_revoked_](/ssl/client-certificates/revoke-client-certificate/), which only applies to Cloudflare-managed CA. <br /><br /> For BYO CAs, it would be the same approach as with Cloudflare Access.                                             | Generate a [Certificate Revocation List (CRL)](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#create-a-crl) and enforce the revocation in a Cloudflare Worker.                                                                                                                                                                                                                                                                                                                                                                                         |
diff --git a/src/content/docs/learning-paths/mtls/mtls-cloudflare-access/index.mdx b/src/content/docs/learning-paths/mtls/mtls-cloudflare-access/index.mdx
index 7f9278d5a994a17..ace3c9981c52d66 100644
--- a/src/content/docs/learning-paths/mtls/mtls-cloudflare-access/index.mdx
+++ b/src/content/docs/learning-paths/mtls/mtls-cloudflare-access/index.mdx
@@ -9,7 +9,7 @@ sidebar:
 This requires an active Enterprise [Account](/fundamentals/concepts/accounts-and-zones/) with Cloudflare Access enabled.
 :::
 
-Setting up [mTLS](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/) with [Cloudflare Access](/cloudflare-one/access-controls/policies/) can help in cases where the customer:
+Setting up [mTLS](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/) with [Cloudflare Access](/cloudflare-one/access-controls/policies/) can help in cases where the customer:
 
 - Already has existing Client Certificates on devices.
 - Needs to protect Access applications with [Bring Your Own CA (BYOCA)](/ssl/client-certificates/byo-ca/).
@@ -19,7 +19,7 @@ Setting up [mTLS](/cloudflare-one/identity/devices/access-integrations/mutual-tl
 
 The CA certificate can be from a publicly trusted CA or self-signed.
 
-In case you want to [create your own CA](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#test-mtls-using-cloudflare-pki) from scratch, you can follow these example steps and adapt the information to your own needs:
+In case you want to [create your own CA](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#test-mtls-using-cloudflare-pki) from scratch, you can follow these example steps and adapt the information to your own needs:
 
 1. Create a JSON file called `ca-csr.json`:
 
@@ -64,7 +64,7 @@ In case you want to [create your own CA](/cloudflare-one/identity/devices/access
 }
 ```
 
-3. Run the following [cfssl](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#test-mtls-using-cloudflare-pki) command to generate the CA certificate `ca.pem`:
+3. Run the following [cfssl](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#test-mtls-using-cloudflare-pki) command to generate the CA certificate `ca.pem`:
 
 ```txt
 cfssl gencert -initca ca-csr.json | cfssljson -bare ca
@@ -102,13 +102,13 @@ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=clie
 
 ## 3. Add mTLS CA certificate to Cloudflare Access
 
-Follow the steps outlined in the [developer documentation](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration).
+Follow the steps outlined in the [developer documentation](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration).
 
-Using the example from Step 2: upload the `ca.pem` to your Cloudflare Access account via the [dashboard](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration) or [Cloudflare API](/api/resources/zero_trust/subresources/access/subresources/certificates/methods/create/).
+Using the example from Step 2: upload the `ca.pem` to your Cloudflare Access account via the [dashboard](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration) or [Cloudflare API](/api/resources/zero_trust/subresources/access/subresources/certificates/methods/create/).
 
 Do not forget to enter the fully-qualified domain names (FQDN / associated hostnames) that will use this CA certificate.
 
-Customers can identify which client sends the Client Certificates by [forwarding client certificate headers](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#forward-a-client-certificate) to the origin server. Customers can then store and use the certificate information such as Common Name (CN), Serial number, and other fields along with the device number to perform additional checks or logics.
+Customers can identify which client sends the Client Certificates by [forwarding client certificate headers](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#forward-a-client-certificate) to the origin server. Customers can then store and use the certificate information such as Common Name (CN), Serial number, and other fields along with the device number to perform additional checks or logics.
 
 Additionally, authenticated requests also send the `Cf-Access-Jwt-Assertion\` JWT header to the origin server. To decode the header value, you can use [jwt.io](https://jwt.io/).
 
diff --git a/src/content/docs/learning-paths/replace-vpn/build-policies/block-page.mdx b/src/content/docs/learning-paths/replace-vpn/build-policies/block-page.mdx
index d97fc6c3d663113..d9c1f472b2b1642 100644
--- a/src/content/docs/learning-paths/replace-vpn/build-policies/block-page.mdx
+++ b/src/content/docs/learning-paths/replace-vpn/build-policies/block-page.mdx
@@ -28,7 +28,7 @@ To work around these limitations, we recommend using [WARP client block notifica
 
 :::note
 
-The Gateway custom block page is a different concept from [Access custom block pages](/cloudflare-one/applications/block-page/), which are used in conjunction with Cloudflare Access policies.
+The Gateway custom block page is a different concept from [Access custom block pages](/cloudflare-one/reusable-components/custom-pages/access-block-page/), which are used in conjunction with Cloudflare Access policies.
 :::
 
 ### Enable the block page for DNS policies
diff --git a/src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx b/src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx
index 2e11bc0a9f74a46..d3bba38b6f6c062 100644
--- a/src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx
+++ b/src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx
@@ -37,11 +37,11 @@ If you plan to grant access to services based on group membership, [view the use
 
 #### Device posture
 
-Most customers will also build policies that are contingent on the use of a corporate device. For example, all users on corporate devices can access `*.jira.internal.com`, but users on personal devices can only access `dev.internal.jira.com`. In order for this to be effective, we recommend defining a source of truth for your corporate devices. This is sometimes the presence of a specific [issued certificate](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/), the presence of a [process with a matched hash](/cloudflare-one/identity/devices/warp-client-checks/application-check/), or an API integration with a supported [thirty-party endpoint security provider](/cloudflare-one/integrations/service-providers/) like Crowdstrike or SentinelOne.
+Most customers will also build policies that are contingent on the use of a corporate device. For example, all users on corporate devices can access `*.jira.internal.com`, but users on personal devices can only access `dev.internal.jira.com`. In order for this to be effective, we recommend defining a source of truth for your corporate devices. This is sometimes the presence of a specific [issued certificate](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/), the presence of a [process with a matched hash](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/application-check/), or an API integration with a supported [thirty-party endpoint security provider](/cloudflare-one/integrations/service-providers/) like Crowdstrike or SentinelOne.
 
 :::note
 
-Be sure to [enable the device posture checks](/cloudflare-one/identity/devices/) that you want to use in your policies.
+Be sure to [enable the device posture checks](/cloudflare-one/reusable-components/posture-checks/) that you want to use in your policies.
 :::
 
 ### 2. Define your networks
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/recommended-network-policies.mdx b/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/recommended-network-policies.mdx
index 19dad41b1bb65a5..9638928fea52bfe 100644
--- a/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/recommended-network-policies.mdx
+++ b/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/recommended-network-policies.mdx
@@ -134,7 +134,7 @@ resource "cloudflare_zero_trust_gateway_policy" "posture_fail_net_restricted_acc
 </TabItem>
 </Tabs>
 
-You can add a number of WARP client device posture checks as needed, such as [Disk encryption](/cloudflare-one/identity/devices/warp-client-checks/disk-encryption/) and [Domain joined](/cloudflare-one/identity/devices/warp-client-checks/domain-joined/). For more information on device posture checks, refer to [Enforce device posture](/cloudflare-one/identity/devices/).
+You can add a number of WARP client device posture checks as needed, such as [Disk encryption](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/disk-encryption/) and [Domain joined](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/domain-joined/). For more information on device posture checks, refer to [Enforce device posture](/cloudflare-one/reusable-components/posture-checks/).
 
 ## FinanceUsers-NET-HTTPS-FinanceServers (example)
 
diff --git a/src/content/docs/magic-wan/zero-trust/cloudflare-gateway.mdx b/src/content/docs/magic-wan/zero-trust/cloudflare-gateway.mdx
index 4652d012fdbe968..fdce1fbd2381f0f 100644
--- a/src/content/docs/magic-wan/zero-trust/cloudflare-gateway.mdx
+++ b/src/content/docs/magic-wan/zero-trust/cloudflare-gateway.mdx
@@ -21,8 +21,8 @@ import { Render } from "~/components";
 		decryptTlsURL: "/cloudflare-one/traffic-policies/http-policies/tls-decryption/",
 		doNotInspectURL: "/cloudflare-one/traffic-policies/http-policies/#do-not-inspect",
 		magicWANName: "Magic WAN",
-		warpChecksURL: "/cloudflare-one/identity/devices/warp-client-checks/",
-		osVersionChecks: "/cloudflare-one/identity/devices/warp-client-checks/os-version/",
+		warpChecksURL: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/",
+		osVersionChecks: "/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version/",
 		mwanOnrampsURL: "/magic-wan/on-ramps/",
 		gatewayResolverPoliciesURL: "/cloudflare-one/traffic-policies/resolver-policies/",
 		gatewayInternalDnsURL: "/cloudflare-one/traffic-policies/resolver-policies/#internal-dns",
diff --git a/src/content/docs/reference-architecture/architectures/sase.mdx b/src/content/docs/reference-architecture/architectures/sase.mdx
index 89a63ae4e9a758c..5c3ee400af5cbf2 100644
--- a/src/content/docs/reference-architecture/architectures/sase.mdx
+++ b/src/content/docs/reference-architecture/architectures/sase.mdx
@@ -490,16 +490,16 @@ Not only does the user identity need to be verified, but the security posture of
 
 The following built-in posture checks are available:
 
-- [Application check](/cloudflare-one/identity/devices/warp-client-checks/application-check/): Checks that a specific application process is running
-- [File check](/cloudflare-one/identity/devices/warp-client-checks/file-check/): Checks for the presence of a file
-- [Firewall](/cloudflare-one/identity/devices/warp-client-checks/firewall/): Checks if a firewall is running
-- [Disk encryption](/cloudflare-one/identity/devices/warp-client-checks/disk-encryption/): Checks if/how many disks are encrypted
-- [Domain joined](/cloudflare-one/identity/devices/warp-client-checks/domain-joined/): Checks if the device is joined to a Microsoft Active Directory domain
-- [OS version](/cloudflare-one/identity/devices/warp-client-checks/os-version/): Checks what version of the OS is running
-- [Unique Client ID](/cloudflare-one/identity/devices/warp-client-checks/device-uuid/): When using an MDM too, organizations can assign a verifiable UUID to a mobile, desktop, or laptop device
-- [Device serial number](/cloudflare-one/identity/devices/warp-client-checks/corp-device/): Checks to see if the device serial matches a list of company desktop/laptop computers
-
-Cloudflare One can also integrate with any deployed endpoint security solution, such as [Microsoft Endpoint Manager](/cloudflare-one/integrations/service-providers/microsoft/), [Tanium](/cloudflare-one/identity/devices/access-integrations/tanium/), [Carbon Black](/cloudflare-one/identity/devices/warp-client-checks/carbon-black/), [CrowdStrike](/cloudflare-one/integrations/service-providers/crowdstrike/), [SentinelOne](/cloudflare-one/identity/devices/warp-client-checks/sentinel-one/), and more. Any data from those products can be passed to Cloudflare for use in access decisions.
+- [Application check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/application-check/): Checks that a specific application process is running
+- [File check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/file-check/): Checks for the presence of a file
+- [Firewall](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/firewall/): Checks if a firewall is running
+- [Disk encryption](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/disk-encryption/): Checks if/how many disks are encrypted
+- [Domain joined](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/domain-joined/): Checks if the device is joined to a Microsoft Active Directory domain
+- [OS version](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version/): Checks what version of the OS is running
+- [Unique Client ID](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid/): When using an MDM too, organizations can assign a verifiable UUID to a mobile, desktop, or laptop device
+- [Device serial number](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device/): Checks to see if the device serial matches a list of company desktop/laptop computers
+
+Cloudflare One can also integrate with any deployed endpoint security solution, such as [Microsoft Endpoint Manager](/cloudflare-one/integrations/service-providers/microsoft/), [Tanium](/cloudflare-one/reusable-components/posture-checks/access-integrations/tanium/), [Carbon Black](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/carbon-black/), [CrowdStrike](/cloudflare-one/integrations/service-providers/crowdstrike/), [SentinelOne](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/sentinel-one/), and more. Any data from those products can be passed to Cloudflare for use in access decisions.
 
 All of the above device information, combined with data on the user identity and also the network the device is on, is available in Cloudflare to be used as part of the company policy. For example, organizations could choose to only allow administrators to SSH into servers when all of the following conditions are met: their device is free from threats, running the latest operating system, and joined to the company domain.
 
diff --git a/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx b/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx
index 2a6de928006a838..accb1f95758f154 100644
--- a/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx
+++ b/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx
@@ -70,7 +70,7 @@ A critical part of application access is authenticating a user. Cloudflare has a
 
 ### Device posture
 
-The final prerequisite for building really effective access policies is to configure [device posture](/cloudflare-one/identity/devices/). When using the [device agent](/cloudflare-one/team-and-resources/devices/warp/), Cloudflare has access to a [variety of information](/cloudflare-one/identity/devices/warp-client-checks/) about the device which can then be used in an access policy. When using an [agentless method](/reference-architecture/diagrams/sase/sase-clientless-access-private-dns/) to access applications, only the user identity information is available. We also support using device posture information from [other vendors](/cloudflare-one/integrations/service-providers/), such as Microsoft, Crowdstrike and Sentinel One.
+The final prerequisite for building really effective access policies is to configure [device posture](/cloudflare-one/reusable-components/posture-checks/). When using the [device agent](/cloudflare-one/team-and-resources/devices/warp/), Cloudflare has access to a [variety of information](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/) about the device which can then be used in an access policy. When using an [agentless method](/reference-architecture/diagrams/sase/sase-clientless-access-private-dns/) to access applications, only the user identity information is available. We also support using device posture information from [other vendors](/cloudflare-one/integrations/service-providers/), such as Microsoft, Crowdstrike and Sentinel One.
 
 ![Figure 2 - two employees with different devices trying to access the same corporate application. Only the user with the device agent can access the SSH service.](~/assets/images/reference-architecture/designing-ztna-access-policies-for-cloudflare-access/figure2.svg "Figure 2 - two employees with different devices trying to access the same corporate application. Only the user with the device agent can access the SSH service.")
 
@@ -282,7 +282,7 @@ This is a very simple Access Group, with just two group selectors. Note that bec
 
 As you can see, it defines that "all employees" are those in the Azure AD group "Full Time Employees", who are also in the group "Completed security training." The first selector defines the initial scope of the Access Group, and the second selector requires that they must also be in that specific group.
 
-This Access Group requires that three [device posture checks](/cloudflare-one/identity/devices/warp-client-checks/) have been created for the [OS version](/cloudflare-one/identity/devices/warp-client-checks/os-version/). For example, the posture check "Latest version of macOS" is defined as "macOS version is greater than or equal to 15.1" and reflects the latest version the company considers stable and secure (vs. the very latest OS version). Once included in the Access policy, this will enforce the logic we’ve established here - if any user wants to sign in as a 'Secure Employee', they'll need to meet these requirements.
+This Access Group requires that three [device posture checks](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/) have been created for the [OS version](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version/). For example, the posture check "Latest version of macOS" is defined as "macOS version is greater than or equal to 15.1" and reflects the latest version the company considers stable and secure (vs. the very latest OS version). Once included in the Access policy, this will enforce the logic we’ve established here - if any user wants to sign in as a 'Secure Employee', they'll need to meet these requirements.
 
 #### Employees on trusted devices
 
diff --git a/src/content/docs/reference-architecture/design-guides/network-vpn-migration.mdx b/src/content/docs/reference-architecture/design-guides/network-vpn-migration.mdx
index d828c31ec5c899d..d0b420a186f9b1f 100644
--- a/src/content/docs/reference-architecture/design-guides/network-vpn-migration.mdx
+++ b/src/content/docs/reference-architecture/design-guides/network-vpn-migration.mdx
@@ -115,7 +115,7 @@ Figure 4 shows traffic from end user devices to Cloudflare and tunnels routing t
 
 By using existing network or security appliances to terminate IPsec tunnels, secure off-ramps can be created with limited impact on the current infrastructure. These IPsec tunnels also allow for outbound server-initiated traffic to continue flowing. However, depending on the scale of the deployment, the existing appliances might run into bandwidth limitations. It is best to consider this first phase a 'pilot' or low-scale deployment to get up and running quickly and validate user-application connectivity. The next phase will improve on the design using the insights gathered during this phase.
 
-With such a design in place, Cloudflare will be able to filter traffic based on the identity of the requesting user. For example, users authenticated to the corporate identity provider and are members of the "Engineering" group will only be allowed access to the internally hosted source code repository. Furthermore, the user device may need to pass [certain posture checks](/cloudflare-one/identity/devices/) before connecting. There are [example network policies](/cloudflare-one/traffic-policies/network-policies/common-policies/#restrict-access-to-private-networks) in the zero trust documentation you can use as a reference. In essence, this will enable you to define network access policies using user identities instead of their associated IP address ranges. Getting rid of traditional 5-tuple ACLs will be a first step towards a zero trust model.
+With such a design in place, Cloudflare will be able to filter traffic based on the identity of the requesting user. For example, users authenticated to the corporate identity provider and are members of the "Engineering" group will only be allowed access to the internally hosted source code repository. Furthermore, the user device may need to pass [certain posture checks](/cloudflare-one/reusable-components/posture-checks/) before connecting. There are [example network policies](/cloudflare-one/traffic-policies/network-policies/common-policies/#restrict-access-to-private-networks) in the zero trust documentation you can use as a reference. In essence, this will enable you to define network access policies using user identities instead of their associated IP address ranges. Getting rid of traditional 5-tuple ACLs will be a first step towards a zero trust model.
 
 ### Device agent deployment
 
diff --git a/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx b/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx
index c03a28a4a6ae16f..e57b702de6003ab 100644
--- a/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx
+++ b/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx
@@ -97,14 +97,14 @@ There are several advantages to using Cloudflare's dedicated egress IPs when com
 
 - [Dedicated egress IPs can be geolocated](/cloudflare-one/traffic-policies/egress-policies/dedicated-egress-ips/#ip-geolocation) to one or more Cloudflare data centers in a geography of your choosing, instead of being restricted to the geographic locations of your existing Internet breakout data centers.
 - Users will always connect to Cloudflare [through the closest Cloudflare Data Center and Cloudflare will optimize the path towards the SaaS application](/cloudflare-one/traffic-policies/egress-policies/dedicated-egress-ips/#egress-location).
-- Dedicated egress IPs are assigned to user traffic using policies that follow zero trust principles. [Egress policies](/cloudflare-one/traffic-policies/egress-policies/) can be defined that will only assign a dedicated egress IP to a user if they belong to the correct IdP group and/or pass [device posture](/cloudflare-one/identity/devices/) checks. Otherwise, traffic will be sourced from Cloudflare's public IP range, which may not be part of the SaaS IP allowlist, preventing access to the SaaS application while still allowing Internet usage.
+- Dedicated egress IPs are assigned to user traffic using policies that follow zero trust principles. [Egress policies](/cloudflare-one/traffic-policies/egress-policies/) can be defined that will only assign a dedicated egress IP to a user if they belong to the correct IdP group and/or pass [device posture](/cloudflare-one/reusable-components/posture-checks/) checks. Otherwise, traffic will be sourced from Cloudflare's public IP range, which may not be part of the SaaS IP allowlist, preventing access to the SaaS application while still allowing Internet usage.
 - Dedicated egress IPs imply that traffic needs to flow through Cloudflare before reaching the SaaS application. This makes it easy to add secure web gateway policies to protect data in the SaaS applications once users have authenticated.
 
 ![Figure 3: Enforce only traffic that has been secured by Cloudflare is accepted by the SaaS application.](~/assets/images/reference-architecture/zero-trust-for-saas/zero-trust-saas-image-03.svg "Figure 3: Enforce only traffic that has been secured by Cloudflare is accepted by the SaaS application.")
 
 #### Using Cloudflare as an identity proxy
 
-With Cloudflare, [Zero Trust Network Access (ZTNA)](https://www.cloudflare.com/en-gb/learning/access-management/what-is-ztna/) can be applied to managed SaaS applications. In this scenario, Cloudflare acts as the [Single Sign-On (SSO)](https://www.cloudflare.com/en-gb/learning/access-management/what-is-sso/) service for an application, proxying user authentication requests to the organization's existing identity providers (IdPs). This allows for additional restrictions to be layered on before granting access, such as requiring [multi-factor authentication](https://www.cloudflare.com/en-gb/learning/access-management/what-is-multi-factor-authentication/), implementing [device posture checks](/cloudflare-one/identity/devices/), or [evaluating the country](/cloudflare-one/access-controls/policies/#selectors) the request is coming from.
+With Cloudflare, [Zero Trust Network Access (ZTNA)](https://www.cloudflare.com/en-gb/learning/access-management/what-is-ztna/) can be applied to managed SaaS applications. In this scenario, Cloudflare acts as the [Single Sign-On (SSO)](https://www.cloudflare.com/en-gb/learning/access-management/what-is-sso/) service for an application, proxying user authentication requests to the organization's existing identity providers (IdPs). This allows for additional restrictions to be layered on before granting access, such as requiring [multi-factor authentication](https://www.cloudflare.com/en-gb/learning/access-management/what-is-multi-factor-authentication/), implementing [device posture checks](/cloudflare-one/reusable-components/posture-checks/), or [evaluating the country](/cloudflare-one/access-controls/policies/#selectors) the request is coming from.
 
 ![Figure 4: Cloudflare can act as an identity proxy, providing a consistent authentication experience for all SaaS applications.](~/assets/images/reference-architecture/zero-trust-for-saas/zero-trust-saas-image-04.svg "Figure 4: Cloudflare can act as an identity proxy, providing a consistent authentication experience for all SaaS applications.")
 
@@ -118,7 +118,7 @@ IT teams will also benefit from a consistent and automated process for onboardin
 
 Consider a scenario where a user moves to a different group or team within an organization. As soon as the user group information is updated on the IdP, Cloudflare's ZTNA policies will dynamically enforce these changes, ensuring that the user's access to the SaaS applications is immediately adjusted based on their new role. This also helps in SaaS applications' license optimization. For example, if an employee is transferred from the sales team, which uses Salesforce, to a team that does not require access to Salesforce, the ZTNA policies will revoke their access to the application. This automated process helps in reclaiming the license that was previously assigned to the user, ensuring that only those who actually need the application have access to it.
 
-Finally, SaaS applications are accessible over the Internet, allowing any device to access them if a user authenticates successfully. However, with Cloudflare's ZTNA service, IT teams can ensure that only managed devices access a SaaS application by enforcing device posture checks, in addition to identity checks. A common use case is [verifying the presence of an IT-deployed device certificate](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/#configure-the-client-certificate-check) before granting application access.
+Finally, SaaS applications are accessible over the Internet, allowing any device to access them if a user authenticates successfully. However, with Cloudflare's ZTNA service, IT teams can ensure that only managed devices access a SaaS application by enforcing device posture checks, in addition to identity checks. A common use case is [verifying the presence of an IT-deployed device certificate](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/#configure-the-client-certificate-check) before granting application access.
 
 #### Deployment guidelines
 
@@ -165,7 +165,7 @@ Phishing attacks and campaigns to spread malware to take over devices and access
 
 #### Securing access
 
-As described already, implementing ZTNA to secure your email platform offers numerous benefits. One key advantage is ensuring that email access is restricted to trusted, managed devices, even when using a cloud-based email service. This typically involves using Cloudflare to verify the presence of a [client certificate](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/) and confirm that there are no risks detected by an external endpoint management solution, such as [Crowdstrike](/cloudflare-one/integrations/service-providers/crowdstrike/) or [SentinelOne](/cloudflare-one/integrations/service-providers/sentinelone/).
+As described already, implementing ZTNA to secure your email platform offers numerous benefits. One key advantage is ensuring that email access is restricted to trusted, managed devices, even when using a cloud-based email service. This typically involves using Cloudflare to verify the presence of a [client certificate](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/) and confirm that there are no risks detected by an external endpoint management solution, such as [Crowdstrike](/cloudflare-one/integrations/service-providers/crowdstrike/) or [SentinelOne](/cloudflare-one/integrations/service-providers/sentinelone/).
 
 #### Tenant control
 
diff --git a/src/content/docs/reference-architecture/diagrams/sase/augment-access-with-serverless.mdx b/src/content/docs/reference-architecture/diagrams/sase/augment-access-with-serverless.mdx
index 09b89d0e212c58c..c6362ecdb1af291 100644
--- a/src/content/docs/reference-architecture/diagrams/sase/augment-access-with-serverless.mdx
+++ b/src/content/docs/reference-architecture/diagrams/sase/augment-access-with-serverless.mdx
@@ -100,7 +100,7 @@ Cloudflare's Workers are a great candidate for interacting with incoming JSON We
 
 ### 3. Augment the authentication material (JWT) with extra authentication details
 
-In some situations, it is beneficial to elaborate on this JWT in order to execute additional processing on the protected destination application (for example, adding device [posture details](/cloudflare-one/identity/devices/) as part of an incoming request).
+In some situations, it is beneficial to elaborate on this JWT in order to execute additional processing on the protected destination application (for example, adding device [posture details](/cloudflare-one/reusable-components/posture-checks/) as part of an incoming request).
 
 In the following example, we want to make sure the exposed application is aware of the status of the device's firewall and disk encryption (Note that the WARP client needs to be installed on the client machine for these signals to be collected).
 
diff --git a/src/content/docs/ssl/client-certificates/byo-ca.mdx b/src/content/docs/ssl/client-certificates/byo-ca.mdx
index 6b9b11868462ff4..9d946b80736da2d 100644
--- a/src/content/docs/ssl/client-certificates/byo-ca.mdx
+++ b/src/content/docs/ssl/client-certificates/byo-ca.mdx
@@ -19,7 +19,7 @@ Bring your own CA (BYOCA) is especially useful if you already have mTLS implemen
 
 - Currently, you can only manage your uploaded CA via API, and the hostname associations are **not** reflected on the [dashboard](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/client-certificates/).
 - This process is only available on Enterprise accounts.
-- Each Enterprise account can upload up to five CAs. This quota does not apply to CAs uploaded through [Cloudflare Access](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/).
+- Each Enterprise account can upload up to five CAs. This quota does not apply to CAs uploaded through [Cloudflare Access](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/).
 
 ## CA certificate requirements
 
diff --git a/src/content/docs/ssl/client-certificates/configure-your-mobile-app-or-iot-device.mdx b/src/content/docs/ssl/client-certificates/configure-your-mobile-app-or-iot-device.mdx
index 884d9eba5aa9b04..bedbbe625bb031b 100644
--- a/src/content/docs/ssl/client-certificates/configure-your-mobile-app-or-iot-device.mdx
+++ b/src/content/docs/ssl/client-certificates/configure-your-mobile-app-or-iot-device.mdx
@@ -15,7 +15,7 @@ This walkthrough uses the example of a device that captures temperature readings
 
 To keep this example simple, the API is implemented as a Cloudflare Worker (borrowing code from the [To-Do List tutorial on building a jamstack app](/workers/tutorials/build-a-jamstack-app/)).
 
-Temperatures are stored in [Workers KV](/kv/concepts/how-kv-works/) using the source IP address as a key, but you can easily use a [value from the client certificate](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/), such as the fingerprint.
+Temperatures are stored in [Workers KV](/kv/concepts/how-kv-works/) using the source IP address as a key, but you can easily use a [value from the client certificate](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/), such as the fingerprint.
 
 The example API code below saves a temperature and timestamp into KV when a POST is made and returns the most recent five temperatures when a GET request is made.
 
diff --git a/src/content/docs/ssl/client-certificates/index.mdx b/src/content/docs/ssl/client-certificates/index.mdx
index 2a52313b789da55..cc7ba53e144e697 100644
--- a/src/content/docs/ssl/client-certificates/index.mdx
+++ b/src/content/docs/ssl/client-certificates/index.mdx
@@ -38,7 +38,7 @@ The account-level CAs can be:
 As explained in the [mTLS learning path](/learning-paths/mtls/concepts/), there are different use cases and implementation options for mTLS. Consider the following links for specific guidance.
 
 - [Application security](/learning-paths/mtls/mtls-app-security/)
-- [mTLS for Zero Trust](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/) (Cloudflare Access integration)
+- [mTLS for Zero Trust](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/) (Cloudflare Access integration)
 - [mTLS with API Shield](/api-shield/security/mtls/configure/)
 - [mTLS Workers binding](/workers/runtime-apis/bindings/mtls/)
 
diff --git a/src/content/docs/ssl/client-certificates/zero-trust-mtls.mdx b/src/content/docs/ssl/client-certificates/zero-trust-mtls.mdx
index 677e7b99b476c90..60fedb951f69188 100644
--- a/src/content/docs/ssl/client-certificates/zero-trust-mtls.mdx
+++ b/src/content/docs/ssl/client-certificates/zero-trust-mtls.mdx
@@ -1,7 +1,7 @@
 ---
 pcx_content_type: navigation
 title: mTLS for Zero Trust
-external_link: /cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/
+external_link: /cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/
 sidebar:
   order: 14
 
diff --git a/src/content/docs/ssl/troubleshooting/faq.mdx b/src/content/docs/ssl/troubleshooting/faq.mdx
index 65c947bed60d9da..646ac1f209aeb68 100644
--- a/src/content/docs/ssl/troubleshooting/faq.mdx
+++ b/src/content/docs/ssl/troubleshooting/faq.mdx
@@ -121,7 +121,7 @@ If you are encountering issues with PayPal IPN when the traffic is proxied by Cl
 
 ## Does Cloudflare support TLS client authentication?
 
-Yes. For more details, refer to our documentation on [Mutual TLS authentication](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/).
+Yes. For more details, refer to our documentation on [Mutual TLS authentication](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/).
 
 ***
 
diff --git a/src/content/docs/style-guide/documentation-content-strategy/content-types/3rd-party-integration-guide.mdx b/src/content/docs/style-guide/documentation-content-strategy/content-types/3rd-party-integration-guide.mdx
index 61da21feb7d1365..6175a24f0a81a19 100644
--- a/src/content/docs/style-guide/documentation-content-strategy/content-types/3rd-party-integration-guide.mdx
+++ b/src/content/docs/style-guide/documentation-content-strategy/content-types/3rd-party-integration-guide.mdx
@@ -142,7 +142,7 @@ Prerequisites
 **3rd-party integration in the Cloudflare dashboard**:
 
 - [Enable Logpush to Sumo Logic](/logs/logpush/logpush-job/enable-destinations/sumo-logic/)
-- [Device Posture - Carbon Black](/cloudflare-one/identity/devices/warp-client-checks/carbon-black/)
+- [Device Posture - Carbon Black](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/carbon-black/)
 
 **Linking to external documentation**:
 
diff --git a/src/content/docs/support/third-party-software/content-management-system-cms/improving-web-security-for-content-management-systems-like-wordpress.mdx b/src/content/docs/support/third-party-software/content-management-system-cms/improving-web-security-for-content-management-systems-like-wordpress.mdx
index e64a9c1f64d33de..b377f403b06da08 100644
--- a/src/content/docs/support/third-party-software/content-management-system-cms/improving-web-security-for-content-management-systems-like-wordpress.mdx
+++ b/src/content/docs/support/third-party-software/content-management-system-cms/improving-web-security-for-content-management-systems-like-wordpress.mdx
@@ -96,7 +96,7 @@ While designed for authenticating appliances that cannot perform a login, you ca
 Do the following:
 
 1. [Create a client certificate](/ssl/client-certificates/create-a-client-certificate/) and save both the certificate and key to your device.
-2. Import the certificate to your computer’s key storage. With macOS Keychain, you can use the steps listed in [Test in the browser](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#test-in-the-browser).
+2. Import the certificate to your computer’s key storage. With macOS Keychain, you can use the steps listed in [Test in the browser](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#test-in-the-browser).
 3. [Enable mTLS](/ssl/client-certificates/enable-mtls/) by adding the correct host.
 4. In **SSL/TLS** > **Client Certificates**, select **Create mTLS Rule**.
 5. Under **When incoming requests match**, enter a value for thr **URI Path** field to narrow the rule scope to the admin section, otherwise you will block your visitors from accessing the public content.
diff --git a/src/content/notifications/index.yaml b/src/content/notifications/index.yaml
index 3100f5d31f1a73d..e185067e9ff3042 100644
--- a/src/content/notifications/index.yaml
+++ b/src/content/notifications/index.yaml
@@ -342,9 +342,9 @@ entries:
 
   - name: Access mTLS Certificate Expiration Alert
     audience: "[Access](/cloudflare-one/access-controls/policies/) customers that use client certificates for mutual TLS authentication. This notification will be sent 30 and 14 days before the expiration of the certificate."
-    availability: Purchase of [Access](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/) and/or [Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls/).
+    availability: Purchase of [Access](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/) and/or [Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls/).
     associatedProducts: SSL/TLS
-    nextSteps: Upload a [renewed certificate](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration).
+    nextSteps: Upload a [renewed certificate](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration).
     otherFilters: None.
 
   - name: Advanced Certificate Alert
diff --git a/src/content/partials/cloudflare-one/access/access-block-page.mdx b/src/content/partials/cloudflare-one/access/access-block-page.mdx
index 29a9c277f4a93ff..6184c4944de3c57 100644
--- a/src/content/partials/cloudflare-one/access/access-block-page.mdx
+++ b/src/content/partials/cloudflare-one/access/access-block-page.mdx
@@ -5,6 +5,6 @@
 
 Under **Block page**, choose what end users will see when they are denied access to the application:
 
-* **Cloudflare default**: Reload the [login page](/cloudflare-one/applications/login-page/) and display a block message below the Cloudflare Access logo. The default message is `That account does not have access`, or you can enter a custom message.
+* **Cloudflare default**: Reload the [login page](/cloudflare-one/reusable-components/custom-pages/access-login-page/) and display a block message below the Cloudflare Access logo. The default message is `That account does not have access`, or you can enter a custom message.
 * **Redirect URL**: Redirect to the specified website.
-* **Custom page template**: Display a [custom block page](/cloudflare-one/applications/block-page/) hosted in Zero Trust.
+* **Custom page template**: Display a [custom block page](/cloudflare-one/reusable-components/custom-pages/access-block-page/) hosted in Zero Trust.
diff --git a/src/content/partials/cloudflare-one/access/access-choose-idps.mdx b/src/content/partials/cloudflare-one/access/access-choose-idps.mdx
index 4e19143c769af06..a3e67e2308529c2 100644
--- a/src/content/partials/cloudflare-one/access/access-choose-idps.mdx
+++ b/src/content/partials/cloudflare-one/access/access-choose-idps.mdx
@@ -10,7 +10,7 @@ Configure how users will authenticate:
 Select the [**Identity providers**](/cloudflare-one/integrations/identity-providers/) you want to enable for your application.
 </li>
 <li>
-(Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
+(Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/reusable-components/custom-pages/access-login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
 </li>
 
 { props.appType === "rdp" ?
diff --git a/src/content/partials/cloudflare-one/access/app-launcher.mdx b/src/content/partials/cloudflare-one/access/app-launcher.mdx
index d287ca2a9e7223f..14ea0928efb94f4 100644
--- a/src/content/partials/cloudflare-one/access/app-launcher.mdx
+++ b/src/content/partials/cloudflare-one/access/app-launcher.mdx
@@ -54,6 +54,8 @@ To show an Access application in the App Launcher:
 
 6.  In **Application domains**, choose a domain to use for the App Launcher link.
 
+7. (Optional) In **Tags**, add [custom tags](/cloudflare-one/reusable-components/tags/) so that users can more easily find the application in their App Launcher.
+
 ## Customize App Launcher appearance
 
 :::note
diff --git a/src/content/partials/cloudflare-one/access/block-page.mdx b/src/content/partials/cloudflare-one/access/block-page.mdx
index a54dd68d9b4da04..d5da105a4f66033 100644
--- a/src/content/partials/cloudflare-one/access/block-page.mdx
+++ b/src/content/partials/cloudflare-one/access/block-page.mdx
@@ -14,11 +14,11 @@ Cloudflare Access offers three different block page options:
 
 - **Default**: Displays a Cloudflare branded block page.
 - **Custom Redirect URL** - Redirects blocked requests to the specified URL. For example, you could redirect the user to a [dynamic Access Denied page](https://github.com/cloudflare/cf-identity-dynamic) that fetches their identity and shows the exact reason they were blocked.
-- **Custom Page Template** - (Only available on Pay-as-you-go and Enterprise plans) Displays a [custom HTML page](/cloudflare-one/applications/block-page/#create-a-custom-block-page) hosted by Cloudflare.
+- **Custom Page Template** - (Only available on Pay-as-you-go and Enterprise plans) Displays a [custom HTML page](/cloudflare-one/reusable-components/custom-pages/access-block-page/#create-a-custom-block-page) hosted by Cloudflare.
 
 ### Identity versus non-identity
 
-You can display a different [type of block page](/cloudflare-one/applications/block-page/#types-of-block-pages) to users who fail an identity-based policy versus a non-identity policy.
+You can display a different [type of block page](/cloudflare-one/reusable-components/custom-pages/access-block-page/#types-of-block-pages) to users who fail an identity-based policy versus a non-identity policy.
 
 - **Identity failure block page**: Displays when the user is blocked by an identity-based Access policy (such as email, user group, or external evaluation rule), after logging in to their identity provider.
 - **Non-identity failure block page**: Displays when the user is blocked by a non-identity Access policy (such as country, IP, or device posture). Cloudflare checks non-identity attributes before prompting the user to login.
@@ -39,7 +39,7 @@ To create a custom block page for Access:
 
 4. Enter a unique name for the block page.
 
-5. In **Type**, select whether this is an [identity or non-identity block page](/cloudflare-one/applications/block-page/#identity-versus-non-identity).
+5. In **Type**, select whether this is an [identity or non-identity block page](/cloudflare-one/reusable-components/custom-pages/access-block-page/#identity-versus-non-identity).
 
 6. In **Custom HTML**, enter the HTML code for your custom page. For example,
 
diff --git a/src/content/partials/cloudflare-one/access/tags.mdx b/src/content/partials/cloudflare-one/access/tags.mdx
index f64172dc69b6ef3..e3a58a2b4824ffc 100644
--- a/src/content/partials/cloudflare-one/access/tags.mdx
+++ b/src/content/partials/cloudflare-one/access/tags.mdx
@@ -3,7 +3,7 @@
 
 ---
 
-You can label an Access application with up to 25 custom tags. End users can then filter the applications in their App Launcher by their tags.
+You can label an Access application with up to 25 custom tags. End users can then filter the applications in their [App Launcher](/cloudflare-one/applications/app-launcher/) by their tags.
 
 ### Create a tag
 
diff --git a/src/content/partials/cloudflare-one/gateway/get-started/create-network-policy.mdx b/src/content/partials/cloudflare-one/gateway/get-started/create-network-policy.mdx
index 7fb98c0ee668102..8a19a1933b0cf3d 100644
--- a/src/content/partials/cloudflare-one/gateway/get-started/create-network-policy.mdx
+++ b/src/content/partials/cloudflare-one/gateway/get-started/create-network-policy.mdx
@@ -12,7 +12,7 @@ To create a new network policy:
 2. In the **Network** tab, select **Add a policy**.
 3. Name the policy.
 4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
-5. Choose an **Action** to take when traffic matches the logical expression. For example, you can use a list of [device serial numbers](/cloudflare-one/identity/devices/warp-client-checks/corp-device/) to ensure users can only access an application if they connect with the WARP client from a company device:
+5. Choose an **Action** to take when traffic matches the logical expression. For example, you can use a list of [device serial numbers](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device/) to ensure users can only access an application if they connect with the WARP client from a company device:
 
    <Render
    	file="gateway/policies/enforce-device-posture"
@@ -32,7 +32,7 @@ To create a new network policy:
    | Account | Zero Trust | Edit       |
 
 2. (Optional) Configure your API environment variables to include your [account ID](/fundamentals/account/find-account-and-zone-ids/) and API token.
-3. Send a `POST` request to the [Create a Zero Trust Gateway rule](/api/resources/zero_trust/subresources/gateway/subresources/rules/methods/create/) endpoint. For example, you can use a list of [device serial numbers](/cloudflare-one/identity/devices/warp-client-checks/corp-device/) to ensure users can only access an application if they connect with the WARP client from a company device:
+3. Send a `POST` request to the [Create a Zero Trust Gateway rule](/api/resources/zero_trust/subresources/gateway/subresources/rules/methods/create/) endpoint. For example, you can use a list of [device serial numbers](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device/) to ensure users can only access an application if they connect with the WARP client from a company device:
 
    <APIRequest
    	path="/accounts/{account_id}/gateway/rules"
diff --git a/src/content/partials/cloudflare-one/gateway/policies/dash-plus-api/network/enforce-device-posture.mdx b/src/content/partials/cloudflare-one/gateway/policies/dash-plus-api/network/enforce-device-posture.mdx
index 2bdca8b173ea3d3..dad7a5bc64da942 100644
--- a/src/content/partials/cloudflare-one/gateway/policies/dash-plus-api/network/enforce-device-posture.mdx
+++ b/src/content/partials/cloudflare-one/gateway/policies/dash-plus-api/network/enforce-device-posture.mdx
@@ -4,7 +4,7 @@
 
 import { Tabs, TabItem, Render, APIRequest } from "~/components";
 
-In the following example, you can use a list of [device serial numbers](/cloudflare-one/identity/devices/warp-client-checks/corp-device/) to ensure users can only access an application if they connect with the WARP client from a company device:
+In the following example, you can use a list of [device serial numbers](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device/) to ensure users can only access an application if they connect with the WARP client from a company device:
 
 <Tabs syncKey="dashPlusAPI">
 <TabItem label="Dashboard">
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/device-posture.mdx b/src/content/partials/cloudflare-one/gateway/selectors/device-posture.mdx
index 93094cae46e1ba7..00723a3e876eb59 100644
--- a/src/content/partials/cloudflare-one/gateway/selectors/device-posture.mdx
+++ b/src/content/partials/cloudflare-one/gateway/selectors/device-posture.mdx
@@ -5,7 +5,7 @@
 
 With the Device Posture selector, admins can use signals from end-user devices to secure access to their internal and external resources. For example, a security admin can choose to limit all access to internal applications based on whether specific software is installed on a device and/or if the device or software are configured in a particular way.
 
-For more information on device posture checks, refer to [Device posture](/cloudflare-one/identity/devices/).
+For more information on device posture checks, refer to [Device posture](/cloudflare-one/reusable-components/posture-checks/).
 
 | UI name                      | API example                                                                                                                                                             |
 | ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/src/content/partials/cloudflare-one/posture/configure-posture-check.mdx b/src/content/partials/cloudflare-one/posture/configure-posture-check.mdx
index dd74636532ce360..1aa138e60258949 100644
--- a/src/content/partials/cloudflare-one/posture/configure-posture-check.mdx
+++ b/src/content/partials/cloudflare-one/posture/configure-posture-check.mdx
@@ -13,4 +13,4 @@ import { Markdown } from "~/components"
 6. Select **Save**.
 7. To test, go to **Logs** > **Posture** and verify that the service provider posture check is returning the expected results.
 
-You can now use this posture check in a [device posture policy](/cloudflare-one/identity/devices/#3-build-a-device-posture-policy).
+You can now use this posture check in a [device posture policy](/cloudflare-one/reusable-components/posture-checks/#3-build-a-device-posture-policy).
diff --git a/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx b/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx
index 1c8bce5dec13b2c..76e096c3de233cf 100644
--- a/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx
+++ b/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx
@@ -60,7 +60,7 @@ Determine whether the user is matching any policy, or if they are matching a pol
 
    - If the mismatched value is related to identity, [check the user registry](/cloudflare-one/insights/logs/users/) and verify the values that are passed to Gateway from your IdP. Cloudflare updates the registry when the user enrolls in the WARP client. If the user's identity is outdated, ask the user to re-authenticate WARP (**Preferences** > **Account** > **Re-Authenticate Session**).
 
-   - If the mismatched value is related to device posture, [view posture check results](/cloudflare-one/identity/devices/#2-verify-device-posture-checks) for the user's device. Verify that the device passes the posture checks configured in the policy.
+   - If the mismatched value is related to device posture, [view posture check results](/cloudflare-one/reusable-components/posture-checks/#2-verify-device-posture-checks) for the user's device. Verify that the device passes the posture checks configured in the policy.
 
 ## 6. Are the correct Gateway proxy settings enabled?
 
diff --git a/src/content/partials/cloudflare-one/warp/device-enrollment-mtls.mdx b/src/content/partials/cloudflare-one/warp/device-enrollment-mtls.mdx
index a370c5ff429d0c6..2143a906756220d 100644
--- a/src/content/partials/cloudflare-one/warp/device-enrollment-mtls.mdx
+++ b/src/content/partials/cloudflare-one/warp/device-enrollment-mtls.mdx
@@ -23,7 +23,7 @@ To check for an mTLS certificate:
    | ------ | --------- | ----------- | -------------------- |
    | Allow  | Require   | Common Name | `<CERT-COMMON-NAME>` |
 
-7. On your device, add the client certificate to the [system keychain](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#test-in-the-browser).
+7. On your device, add the client certificate to the [system keychain](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#test-in-the-browser).
 
 </TabItem> <TabItem label="Terraform (v5)">
 
@@ -79,6 +79,6 @@ To check for an mTLS certificate:
 
 4. Add the policy to your [`cloudflared_zero_trust_access_application` for WARP](/cloudflare-one/team-and-resources/devices/warp/deployment/device-enrollment/#set-device-enrollment-permissions).
 
-5. On your device, add the client certificate to the [system keychain](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#test-in-the-browser).
+5. On your device, add the client certificate to the [system keychain](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/#test-in-the-browser).
 
 </TabItem> </Tabs>
\ No newline at end of file
diff --git a/src/content/partials/fundamentals/account-permissions-table.mdx b/src/content/partials/fundamentals/account-permissions-table.mdx
index 9c8fce1fdc78213..7472f504e4aab70 100644
--- a/src/content/partials/fundamentals/account-permissions-table.mdx
+++ b/src/content/partials/fundamentals/account-permissions-table.mdx
@@ -12,12 +12,12 @@ import { Markdown } from "~/components";
 | Access: Apps and Policies Revoke                                                                           | Grants ability to revoke [Cloudflare Access application tokens](/cloudflare-one/team-and-resources/users/session-management/)                                     |
 | Access: Apps and Policies {props.editWord}                                                                 | Grants write access to [Cloudflare Access](/cloudflare-one/access-controls/policies/) applications and policies                                         |
 | Access: Audit Logs Read                                                                                    | Grants read access to [Cloudflare Access audit logs](/cloudflare-one/insights/logs/audit-logs/).                                                        |
-| Access: Custom Pages Read                                                                                  | Grants read access to [Cloudflare Access custom block pages](/cloudflare-one/applications/block-page/).                                                 |
-| Access: Custom Pages {props.editWord}                                                                      | Grants write access to [Cloudflare Access custom block pages](/cloudflare-one/applications/block-page/).                                                |
-| Access: Device Posture Read                                                                                | Grants read access to [Cloudflare Access device posture](/cloudflare-one/identity/devices/).                                                            |
-| Access: Device Posture {props.editWord}                                                                    | Grants write access to [Cloudflare Access device posture](/cloudflare-one/identity/devices/).                                                           |
-| Access: Mutual TLS Certificates Read                                                                       | Grants read access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/).           |
-| Access: Mutual TLS Certificates {props.editWord}                                                           | Grants write access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/).          |
+| Access: Custom Pages Read                                                                                  | Grants read access to [Cloudflare Access custom block pages](/cloudflare-one/reusable-components/custom-pages/access-block-page/).                                                 |
+| Access: Custom Pages {props.editWord}                                                                      | Grants write access to [Cloudflare Access custom block pages](/cloudflare-one/reusable-components/custom-pages/access-block-page/).                                                |
+| Access: Device Posture Read                                                                                | Grants read access to [Cloudflare Access device posture](/cloudflare-one/reusable-components/posture-checks/).                                                            |
+| Access: Device Posture {props.editWord}                                                                    | Grants write access to [Cloudflare Access device posture](/cloudflare-one/reusable-components/posture-checks/).                                                           |
+| Access: Mutual TLS Certificates Read                                                                       | Grants read access to [Cloudflare Access mTLS certificates](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/).           |
+| Access: Mutual TLS Certificates {props.editWord}                                                           | Grants write access to [Cloudflare Access mTLS certificates](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/).          |
 | Access: Organizations, Identity Providers, and Groups Read                                                 | Grants read access to [Cloudflare Access account resources](/cloudflare-one/identity/).                                                                 |
 | Access: Organizations, Identity Providers, and Groups Revoke                                               | Grants ability to revoke user sessions to [Cloudflare Access account resources](/cloudflare-one/identity/).                                             |
 | Access: Organizations, Identity Providers, and Groups {props.editWord}                                     | Grants write access to [Cloudflare Access account resources](/cloudflare-one/identity/).                                                                |
diff --git a/src/content/partials/learning-paths/zero-trust/device-enrollment-permissions.mdx b/src/content/partials/learning-paths/zero-trust/device-enrollment-permissions.mdx
index 05bab1db9e81e66..8af7b928af61585 100644
--- a/src/content/partials/learning-paths/zero-trust/device-enrollment-permissions.mdx
+++ b/src/content/partials/learning-paths/zero-trust/device-enrollment-permissions.mdx
@@ -13,7 +13,7 @@ Device enrollment permissions determine which users can connect new devices to y
 
 ## Only allow corporate devices
 
-Device posture evaluation happens after a device has already enrolled in your Zero Trust organization. If you want only specific devices to be able to enroll, we recommend adding a [mutual TLS authentication](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/) rule to your device enrollment policy. This rule will check for the presence of a specific client certificate on the enrolling devices.
+Device posture evaluation happens after a device has already enrolled in your Zero Trust organization. If you want only specific devices to be able to enroll, we recommend adding a [mutual TLS authentication](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/) rule to your device enrollment policy. This rule will check for the presence of a specific client certificate on the enrolling devices.
 
 :::note
 
diff --git a/src/content/warp-releases/linux/ga/2024.6.497.0.yaml b/src/content/warp-releases/linux/ga/2024.6.497.0.yaml
index 74b4ffec7fdd0dc..a75e93e0512917e 100644
--- a/src/content/warp-releases/linux/ga/2024.6.497.0.yaml
+++ b/src/content/warp-releases/linux/ga/2024.6.497.0.yaml
@@ -4,7 +4,7 @@ releaseNotes: |
     **New features**
     - The WARP client now supports operation on Ubuntu 24.04.
     - Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, refer to [Device tunnel protocol](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#device-tunnel-protocol). This feature will be rolled out to customers in stages over approximately the next month.
-    - The Device Posture [client certificate check](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/) has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = `123456.mycompany`, where 123456 is the device serial number).
+    - The Device Posture [client certificate check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/) has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = `123456.mycompany`, where 123456 is the device serial number).
     - TCP MSS clamping is now used where necessary to meet the MTU requirements of the tunnel interface. This will be especially helpful in Docker use cases.
 
     **Warning**
diff --git a/src/content/warp-releases/linux/ga/2025.5.893.0.yaml b/src/content/warp-releases/linux/ga/2025.5.893.0.yaml
index 030e6a87b65c0c0..f707fe5ff9120cd 100644
--- a/src/content/warp-releases/linux/ga/2025.5.893.0.yaml
+++ b/src/content/warp-releases/linux/ga/2025.5.893.0.yaml
@@ -10,7 +10,7 @@ releaseNotes: |-
   -  The WARP client now applies post-quantum cryptography end-to-end on enabled devices accessing resources behind a Cloudflare Tunnel. This feature can be [enabled by MDM](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters/#enable_post_quantum).
   - Improvement to handle client configuration changes made by MDM while WARP is not running.
   - Fixed an issue affecting Split Tunnel Include mode, where traffic outside the tunnel was blocked when switching between Wi-Fi and Ethernet networks.
-  - Added a WARP client device posture check for SAN attributes to the [client certificate check](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/).
+  - Added a WARP client device posture check for SAN attributes to the [client certificate check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/).
 
   **Known issues**
   - Devices using WARP client 2025.4.929.0 and up may experience Local Domain Fallback failures if a fallback server has not been configured. To configure a fallback server, refer to [Route traffic to fallback server](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/local-domains/#route-traffic-to-fallback-server).
diff --git a/src/content/warp-releases/macos/ga/2023.9.252.0.yaml b/src/content/warp-releases/macos/ga/2023.9.252.0.yaml
index 8d2690741f47247..1055fd4dd66d3fc 100644
--- a/src/content/warp-releases/macos/ga/2023.9.252.0.yaml
+++ b/src/content/warp-releases/macos/ga/2023.9.252.0.yaml
@@ -4,7 +4,7 @@ releaseNotes: |-
   **Notable updates**
 
   - Added connectivity error reasons to the UI. Examples of this UI and the types of errors your users will see can be found in the [client errors documentation](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/warp/troubleshooting/client-errors/)
-  - Added new posture type: [Client certificate](https://developers.cloudflare.com/cloudflare-one/identity/devices/warp-client-checks/client-certificate/)
+  - Added new posture type: [Client certificate](https://developers.cloudflare.com/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/)
   - Added support for IPv6 DEX Traceroute tests (previously only IPv4 addresses could be used)
   - Improved reliability and efficiency in configurating split tunnel rules. Most `error petting the dog` errors should now be gone and organizations with large split tunnel configuration should see reliability improvements.
   - Modify IPv6 DNS behavior to no longer bind to discrete stub resolvers and instead point interfaces at a V6->V4 mapping `::ffff:127.0.2.2`. This change makes DNS mapping consistent on all platforms
diff --git a/src/content/warp-releases/macos/ga/2024.6.416.0.yaml b/src/content/warp-releases/macos/ga/2024.6.416.0.yaml
index 07ce735521c3f2b..1b18d2c1e9bd15f 100644
--- a/src/content/warp-releases/macos/ga/2024.6.416.0.yaml
+++ b/src/content/warp-releases/macos/ga/2024.6.416.0.yaml
@@ -3,7 +3,7 @@ releaseNotes: |-
 
   **New features**
   - Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, see https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#device-tunnel-protocol. This feature will be rolled out to customers in stages over approximately the next month.
-  - The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = 123456.mycompany, where 123456 is the device serial number). Additional details can be found here: https://developers.cloudflare.com/cloudflare-one/identity/devices/warp-client-checks/client-certificate/
+  - The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = 123456.mycompany, where 123456 is the device serial number). Additional details can be found here: https://developers.cloudflare.com/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/
 
   **Additional changes and improvements**
   - Fixed a known issue where the certificate was not always properly left behind in `/Library/Application Support/Cloudflare/installed_cert.pem`.
diff --git a/src/content/warp-releases/macos/ga/2024.9.346.0.yaml b/src/content/warp-releases/macos/ga/2024.9.346.0.yaml
index 7433df88930a166..790f835a60dce34 100644
--- a/src/content/warp-releases/macos/ga/2024.9.346.0.yaml
+++ b/src/content/warp-releases/macos/ga/2024.9.346.0.yaml
@@ -10,7 +10,7 @@ releaseNotes: |
   - Added a JSON output option to the `warp-cli`.
   - Added the ability to execute a PCAP on multiple interfaces with `warp-cli` and `warp-dex`.
   - Improved `warp-dex` default interface selection for PCAPs and changed `warp-dex` CLI output to JSON.
-  - Improved [application posture check](/cloudflare-one/identity/devices/warp-client-checks/application-check/) compatibility with symbolically linked files.
+  - Improved [application posture check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/application-check/) compatibility with symbolically linked files.
   - Fixed an issue where the client, when switching between WireGuard and MASQUE protocols, sometimes required a manual tunnel key reset.
   - Added MASQUE tunnel protocol support for the consumer version of WARP ([1.1.1.1 w/ WARP](/warp-client/)).
 
diff --git a/src/content/warp-releases/macos/ga/2025.5.893.0.yaml b/src/content/warp-releases/macos/ga/2025.5.893.0.yaml
index 2f85946a6e5b603..22f13d62d246d38 100644
--- a/src/content/warp-releases/macos/ga/2025.5.893.0.yaml
+++ b/src/content/warp-releases/macos/ga/2025.5.893.0.yaml
@@ -12,7 +12,7 @@ releaseNotes: |-
   - Improvement to handle client configuration changes made by an MDM while WARP is not running.
   - Fixed an issue affecting Split Tunnel Include mode, where traffic outside the tunnel was blocked when switching between Wi-Fi and Ethernet networks.
   - Improvement for WARP connectivity issues on macOS due to the operating system not accepting DNS server configurations.
-  - Added a WARP client device posture check for SAN attributes to the [client certificate check](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/).
+  - Added a WARP client device posture check for SAN attributes to the [client certificate check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/).
 
   **Known issues**
   - macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.4 or later.
diff --git a/src/content/warp-releases/windows/beta/2025.5.735.1.yaml b/src/content/warp-releases/windows/beta/2025.5.735.1.yaml
index 12b7a5add4e3a67..bcdd63d26b9f34a 100644
--- a/src/content/warp-releases/windows/beta/2025.5.735.1.yaml
+++ b/src/content/warp-releases/windows/beta/2025.5.735.1.yaml
@@ -8,7 +8,7 @@ releaseNotes: |-
   - The WARP client now applies post-quantum cryptography end-to-end on enabled devices accessing resources behind a Cloudflare Tunnel. This feature can be [enabled by MDM](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters/#enable_post_quantum).
   - Improvement to gracefully handle changes made by MDM while WARP is not running.
   - Improvement for multi-user mode to avoid unnecessary key rotations when transitioning from a pre-login to a logged-in state.
-  - Added a WARP client device posture check for SAN attributes to the [client certificate check](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/).
+  - Added a WARP client device posture check for SAN attributes to the [client certificate check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/).
   - Fixed an issue affecting Split Tunnel Include mode, where traffic outside the tunnel was blocked when switching between Wi-Fi and Ethernet networks.
   - Added [SCCM VPN boundary support](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#sccm-vpn-boundary-support) to device profile settings. With SCCM VPN boundary support enabled, operating systems will register WARP's local interface IP with the on-premise DNS server when reachable.
 
diff --git a/src/content/warp-releases/windows/ga/2023.9.248.0.yaml b/src/content/warp-releases/windows/ga/2023.9.248.0.yaml
index 206e928851840ce..4cd15046f0267e6 100644
--- a/src/content/warp-releases/windows/ga/2023.9.248.0.yaml
+++ b/src/content/warp-releases/windows/ga/2023.9.248.0.yaml
@@ -3,7 +3,7 @@ releaseNotes: |-
 
   **Notable updates**
   - Added connectivity error reasons to the UI. Examples of this UI and the types of errors your users will see can be found in the [client errors documentation](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/warp/troubleshooting/client-errors/)
-  - Added new posture type: [Client certificate](https://developers.cloudflare.com/cloudflare-one/identity/devices/warp-client-checks/client-certificate/)
+  - Added new posture type: [Client certificate](https://developers.cloudflare.com/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/)
   - Added support for IPv6 DEX Traceroute tests (previously only IPv4 addresses could be used)
   - Improved reliability and efficiency in configurating split tunnel rules. Most `error petting the dog` errors should now be gone and organizations with large split tunnel configuration should see reliability improvements.
   - Fixed an issue where warp-svc.exe could crash under extreme load
diff --git a/src/content/warp-releases/windows/ga/2024.6.415.0.yaml b/src/content/warp-releases/windows/ga/2024.6.415.0.yaml
index ffe76ffbc386799..546107a79b996bb 100644
--- a/src/content/warp-releases/windows/ga/2024.6.415.0.yaml
+++ b/src/content/warp-releases/windows/ga/2024.6.415.0.yaml
@@ -4,7 +4,7 @@ releaseNotes: |-
   **New features**
   - Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, see https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#device-tunnel-protocol. This feature will be rolled out to customers in stages over approximately the next month.
   - The ZT WARP client on Windows devices can now connect before the user completes their Windows login. This Windows pre-login capability allows for connecting to on-premise Active Directory and/or similar resources necessary to complete the Windows login.
-  - The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = 123456.mycompany, where 123456 is the device serial number). Additional details can be found here:  https://developers.cloudflare.com/cloudflare-one/identity/devices/warp-client-checks/client-certificate/
+  - The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = 123456.mycompany, where 123456 is the device serial number). Additional details can be found here:  https://developers.cloudflare.com/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/
 
   **Additional changes and improvements**
   - Added a new message explaining why WARP was unable to connect, to help with troubleshooting.
diff --git a/src/content/warp-releases/windows/ga/2025.5.893.0.yaml b/src/content/warp-releases/windows/ga/2025.5.893.0.yaml
index 85b02854c8ba20a..6e32b6172dc1a3e 100644
--- a/src/content/warp-releases/windows/ga/2025.5.893.0.yaml
+++ b/src/content/warp-releases/windows/ga/2025.5.893.0.yaml
@@ -11,7 +11,7 @@ releaseNotes: |-
   - The WARP client now applies post-quantum cryptography end-to-end on enabled devices accessing resources behind a Cloudflare Tunnel. This feature can be [enabled by MDM](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters/#enable_post_quantum).
   - Improvement to handle client configuration changes made by an MDM while WARP is not running.
   - Improvements for multi-user experience to better handle fast user switching and transitions from a pre-login to a logged-in state.
-  - Added a WARP client device posture check for SAN attributes to the [client certificate check](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/).
+  - Added a WARP client device posture check for SAN attributes to the [client certificate check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/client-certificate/).
   - Fixed an issue affecting Split Tunnel Include mode, where traffic outside the tunnel was blocked when switching between Wi-Fi and Ethernet networks.
   - Added [SCCM VPN boundary support](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#sccm-vpn-boundary-support) to device profile settings. With SCCM VPN boundary support enabled, operating systems will register WARP's local interface IP with the on-premise DNS server when reachable.
   - Fix for an issue causing WARP connectivity to fail without full system reboot.