Type
Product improvement
Description
Changes to the Warp client pre-login behaviour to support offline Entra hybrid join
Benefit
We have the Warp client deployed alongside an mdm.xml file with a service token to provide connectivity to an on-prem environment for initial login and domain join during the device part of the Windows Autopilot ESP. Unfortunately when the device progresses to the user ESP the Warp client is detecting this change of context and (I assume) is trying to authenticate as the user (handled by SAML in a browser for our organisation), but the user has no abililty to interact with any login request as they are still in the Autopilot setup phase. Therefore the line of sight to a domain controller is lost because the Cloudflare tunnel disconnects, and the device never completes setup.
I don’t think it would take a lot to add some logic to see if the device was currently in the Autopilot setup phase and hold off on trying to move to an identity-based session, and having it validated by Microsoft as a compatible solution with documentation provided by Cloudflare would be valuable.