[ZT] Kandji TLS decryption (cloudflare#23683)

ranbel · sdnts · commit d02067dab63e · 2025-07-24T16:06:12.000-04:00
* tls decryption

* add TLS decryption note for Kandji
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/kandji.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/kandji.mdx
@@ -233,3 +233,7 @@ fi
 
 exit 0
 ```
+
+## TLS decryption
+
+The Kandji macOS agent uses certificate pinning, which is incompatible with [Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/). If Gateway TLS decryption is [turned on](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#turn-on-tls-decryption), you must create a [Do Not Inspect policy](/cloudflare-one/policies/gateway/http-policies/common-policies/#skip-inspection-for-groups-of-applications) to exempt Kandji from SSL/TLS inspection. For more information, refer to the [Kandji documentation](https://support.kandji.io/kb/using-kandji-on-enterprise-networks#SSL/TLS-Inspection).
