Citrix Blogs

Extending EMM Capabilities to Citrix ICA Sessions with MS Intune & XenMobile

It has been a while since we released Citrix Receiver for iOS and it has since become one of the preferred mobile clients for our customers. We are excited to announce the Tech Preview of our first Managed Receiver for iOS client with Microsoft Intune!

In recent years, the iPad has become the tablet of choice in the corporate world. I got to see this phenomenon first-hand during my days as a Citrix consultant, having worked in countless mobility projects for customers across all verticals. You can also read about this in The New York Times.

I like to think Citrix Receiver has played a big role in helping corporations adopt these devices and support both the corporate-issued and BYOD models. Sure, there are more than 2 million apps in the App Store today, but let’s face it: enterprises around the world use Windows (and Linux) -based applications and desktops for many of their business-critical functions. Citrix Receiver for iOS provides access to all of these resources with market-leading user experience from any iOS device.

Today, more than one million users worldwide use Citrix Receiver for iOS to access Citrix-virtualized applications and desktops and that number continues to grow. My laptop sits on my desk most of the time these days, because I have everything I need to work on my iPad Pro thanks to Citrix Receiver. When combined with a smart keyboard and the Citrix X1 Mouse, often I find it to be the perfect desktop replacement, the best of both worlds.

Citrix Receiver for iOS from an IT administrator’s perspective.

The XenApp/XenDesktop environments are secure by design, with all application workloads and user data hosted in a remote (and secure) data center. In a way, Citrix Receiver for iOS provides secure access to these environments in its own “bubble” via the ICA session.

However, with the proliferation of EMM solutions in the enterprise, IT admins have become accustomed to a new array of mobile device- and app-specific security policies to help them meet business security requirements and regulatory compliance for their respective industries. Today, it is common for most business iOS apps, such as mobile email clients and web browsers, to be fully secured and managed by IT. Citrix offers its own set of XenMobile Apps for mobile, but, up until now, Citrix Receiver had not been part of the EMM ecosystem, which presented a challenge from a security and management perspective.

I’m happy to tell you things are going to get a lot easier going forward when it comes to the management of the Citrix Receiver clients, in general. We have heard you loud and clear and are working on a few things to make some of these management challenges a thing of the past. And I mean this for all of our Citrix Receiver clients, although this blog post focuses only on Citrix Receiver for iOS.

We are starting by introducing the first ever “Managed Receiver for iOS” client. This client includes the same feature set as the standard Citrix Receiver for iOS client available in the Apple App Store, but with added capabilities for management with Microsoft Intune and XenMobile. This means IT benefits from the security policies available with these EMM solutions for things like checking device MDM compliance, enforcing device PINs, encryption, and restricting copy and paste functions, to name some of the common ones. In summary, Citrix Receiver for iOS can now be included as part of the IT managed “bubble” in the mobile device along with other managed apps.

Agile baby steps. Intune Tech Preview and beyond.

Knowing how critical it is to do things correctly the first time in the EMM space, we are kicking things off with a Tech Preview build for Microsoft Intune, as part of all the great things that are happening with the close collaboration between Citrix and Microsoft. We hope to gather as much feedback from the field as possible and learn any lessons along the way in preparation to the official general availability release, that will also include support for XenMobile.

I always like to set the correct expectations with our partners and customers so let me take you through some of the details on what this Intune Tech Preview includes and what our plans are for the Managed Receiver for iOS client in the near future:

#1 The Tech Preview is for evaluation with Microsoft Intune only initially and is available for download on the Citrix Downloads page. Active Software Maintenance or Subscription Advantage support is required for access. The build is offered as an unsigned app (IPA file) that requires you to sign it with your organization’s Apple Enterprise signing certificate before it can be pushed and installed on devices. We have included instructions on how to sign the app in the downloads page.

Note: The Intune management capabilities have been built into the client so there is no need to wrap the app with the Intune App Wrapping tool. The iOS devices used for evaluation must be enrolled with Intune MDM.

#2 We are taking a phased approach, as it relates to the supported EMM policy sets, which I generally group into two categories: Security and Configuration. Security would typically include all the generic MDM policies for restricting certain functions and enforcing compliance (require device PIN, block camera, copy/paste, encryption, etc). Configuration would include app-specific policies for administration of the client settings per-se (server URLs, authentication, logs, etc).

In Phase 1, we include support for the first category (Security) based on the available Intune or XenMobile generic policy sets. For Phase 2, in the future, we plan to include support for the second category (Configuration) to allow administrative control over Receiver-specific settings. Beyond this, we are even looking at ways to introduce smart-access capabilities through further integration with NetScaler.

#3 As you might have noticed with our recent move of XenMobile Apps to the public app stores, we understand public app store distribution is generally the preferred distribution model for mobile apps. We will follow on the same steps with our Managed Receiver for iOS client and will make the app available on the Apple App Store after we reach general availability. You can sleep easy knowing that there won’t be a need for app signing or wrapping of any kind in the future.

#4 What about XenMobile? We will have support for XenMobile by the time we ship our GA build. Stay tuned for announcements around a XenMobile Tech Preview.

Feedback and support.

You can use the Managed Receiver support forum for general discussion and to report any issues you encounter while using the Tech Preview.

Exit mobile version