From 830a3bb6789d01886eb25180f051b3aab58f9800 Mon Sep 17 00:00:00 2001
From: Ranbel Sun <ranbel@cloudflare.com>
Date: Mon, 14 Jul 2025 16:55:23 -0400
Subject: [PATCH 1/2] tls decryption

---
 .../warp/deployment/mdm-deployment/partners/kandji.mdx        | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/kandji.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/kandji.mdx
index 2bd8c88f03cebc..77b883bb9959db 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/kandji.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/kandji.mdx
@@ -233,3 +233,7 @@ fi
 
 exit 0
 ```
+
+## TLS decryption
+
+The Kandji macOS agent uses certificate pinning, which is incompatible with [Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/). If Gateway TLS decryption is [turned on](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#turn-on-tls-decryption), you must create a Do Not Inspect policy to exempt Kandji from inspection.
\ No newline at end of file

From e2588f770659a2fa24f2f2e384ac92a3c65f5b6b Mon Sep 17 00:00:00 2001
From: Ranbel Sun <ranbel@cloudflare.com>
Date: Tue, 15 Jul 2025 12:57:37 -0400
Subject: [PATCH 2/2] add TLS decryption note for Kandji

---
 .../warp/deployment/mdm-deployment/partners/kandji.mdx          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/kandji.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/kandji.mdx
index 77b883bb9959db..37e66b27d64339 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/kandji.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/kandji.mdx
@@ -236,4 +236,4 @@ exit 0
 
 ## TLS decryption
 
-The Kandji macOS agent uses certificate pinning, which is incompatible with [Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/). If Gateway TLS decryption is [turned on](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#turn-on-tls-decryption), you must create a Do Not Inspect policy to exempt Kandji from inspection.
\ No newline at end of file
+The Kandji macOS agent uses certificate pinning, which is incompatible with [Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/). If Gateway TLS decryption is [turned on](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#turn-on-tls-decryption), you must create a [Do Not Inspect policy](/cloudflare-one/policies/gateway/http-policies/common-policies/#skip-inspection-for-groups-of-applications) to exempt Kandji from SSL/TLS inspection. For more information, refer to the [Kandji documentation](https://support.kandji.io/kb/using-kandji-on-enterprise-networks#SSL/TLS-Inspection).
\ No newline at end of file