Automatic setup of WARP VPN via MDM on iOS devices

Hi all, I have the WARP client being deployed to iOS devices by Intune. I’ve pushed the team settings etc. using the XML payload, however until the user launches the app on their device and clicks to approve the VPN profile it appears to not actually use the WARP client and therefore there is no filtered browsing. Am I missing some setup step somewhere? The devices are supervised and DEP enrolled.

I have the same issue on android, doesn’t make sense to me. Also when testing umbrella it was fully automatic except for an annoying notification that it was active.

Would love to be able to complete remaining setup automatically for users.

I think I made it work. There is 1 (or 2) steps in it.
Policy 1) Create a VPN Profile for iOS under Devices->iOS->Device Configuration Profile

  • Chose a Custom VPN
  • VPN Server address:
  • Auth method: Username/password
  • VPN Identifier: com.cloudflare.cloudflareoneagent
  • Split tunnel: Disable
  • Type og automatic vpn: On-demand - Connect VPN - Restrict to All Domains

Inspiration from: Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune | Microsoft Learn

Policy 2) Create a Device Features profile for iOS under Devices->iOS->Device Configuration Profile

  • Setup the SSO Extension for the app com.cloudflare.cloudflareoneagent

With those policies mine just connected.