Require Cloudflare Access on all Subdomains

Is there a way to require #CloudflareAccess policies for all subdomains of a given domain? The goal would be to rule out (or fail closed instead of open) possible misconfigurations of individual applications using their respective subdomain.

Create 2 overarching policies.

  1. Example.com → Allow your group/policy
  2. *.example.com → same as above

Create additional policies for explicit apps / different access requirements from the two above.