As we’re dealing with the impact of the COVID-19 pandemic, working securely and efficiently from home has never been more important and business continuity has never been more critical.
Citrix Workspace enables your employees to work from home and securely access the corporate resources they need to do their jobs. But what about the actual endpoints they’re using? Do they have the proper virus protection, the latest OS version, or the correct security standards applied? What’s the best way to protect the endpoint for the student who’s learning remote and protect the endpoint for the employee who’s working remote?
Citrix can enable secure remote-work initiatives, and Citrix Endpoint Management can help you secure your modern devices and deliver a great employee experience, even in the face of our current challenges. Once you enroll your endpoints, you can take advantage of these great policies.
Policies to Enhance Security
Let’s start with policies that will help to enable the best security posture for your devices.
- Passcode Policy — The passcode policy allows you to force passcodes on devices based on your organization’s security standards. Some of these settings for passcodes include minimum length; whether to allow simple passcodes; passcode expiration in days; and maximum failed sign-on attempts.
- OS Update Policy — The OS Update policy provides you parameters around device OS updates. You can use this policy to ensure the device has the latest OS updates and can deliver the best functionality and security.
- Device Restriction Policy — The Device Restriction policy delivers the ability to restrict certain features or functionality on user devices such as app store access, USB device connections, Bluetooth access, and much more. This ensures IT admins can secure devices based on an organization’s requirements.
- Firewall Policy — The firewall policy lets you configure the firewall settings for your deployed Windows devices. With the device working on remote networks, its security cannot be guaranteed with the OS firewall online, but we can at least ensure the device is protected from unauthorized connections.
- BitLocker Device Policy — This policy allows you to take advantage of a Windows 10 disk encryption feature called BitLocker, which provides extra file and system protections against unauthorized access to a lost or stolen Windows device. You can enable BitLocker on devices without a TPM chip; show recovery options on the BitLocker interface; deny write access to a fixed or removable drive when BitLocker isn’t enabled; and securely save an encrypted BitLocker recovery key for users to access in case they forget or misplace the key, which can be easily located on the self-help portal.
- Windows Information Protection — For corporate and BYOD deployments, you can easily configure and deliver a set of secure policies to a device such as Windows Information Protection (WIP). WIP protects against the potential leakage of enterprise data. Data leakage can occur through sharing of enterprise data to non-enterprise protected apps, between apps, or outside the organization network.
- FileVault Policy — The FileVault policy provides the ability to take advantage of the macOS FileVault Disk Encryption feature protecting the system volume by encrypting its contents (similar to Windows 10’s BitLocker technology). The policy allows you to set a maximum time to skip the FileVault setup, set recovery key type, and more.
Policies to Enhance User Experience
To support a great user experience, we can leverage several of these policies to help users adjust to a new or existing device. These policies will help with content distribution and allow users to gain quick access to the tools they need to get work done from home.
- Webclip Device Policy — This policy allows you to place shortcuts, or webclips, to websites to appear alongside apps on users’ devices. You can specify your own icons to represent the webclips for iOS, macOS, and Android devices. Windows tablets only require a label and a URL.
- Managed Bookmarks — The Managed Bookmarks policy provides you the ability to deploy a folder of bookmarks to Chrome OS devices, providing an easy experience for users to find the corporate or education sites they need.
App Deployment for Your Endpoints
You should also consider application deployment for your endpoints. Citrix Endpoint Management provides the ability to deploy apps to all supported endpoints. Choose from:
- MDX — These apps are customized by your internal organization leveraging our MDX toolkit or MAM SDK.
- Public App Store — These include free or paid apps available in a public app store such as the Apple App Store or Google Play (for example, GoToMeeting or an anti-virus software).
- Web and SaaS — These include apps accessed from an internal network (web apps) or over a public network (SaaS). You can create your own apps or choose from a set of app connectors for single sign-on authentication to existing web apps (for example, GoogleApps_SAML).
- Enterprise — These apps are native apps that aren’t wrapped with MDX and do not contain the policies associated with MDX apps.
- Web Link — These apps are web addresses (URLs) to public or private sites, or to web apps that don’t require single sign-on.
With Citrix Endpoint Management you have freedom of choice. You can choose whether to leverage a corporate device or personal device and take advantage of our breadth and depth of supported endpoints (iOS, iPadOS, MacOS, Chromebooks, Windows 10, Android devices, and more) and support for easy regular/bulk enrollment methods.
Another great example of choice is our support for Apple Education. Citrix Endpoint Management support includes Apple School Manager (ASM) and the Classroom app for iPad. The Endpoint Management Education Configuration device policy helps configure instructor and student devices for easy use with remote schooling. Together with Apple’s great school technology, we also recommend that you consider a similar solution for your deployed Chromebooks such as Google Classroom.
This is just a sampling of the policies and solutions that will help you deploy apps and secure endpoints that employees and students use every day. To learn more about how these and other policies can help you achieve your business continuity goals, check out our Citrix Endpoint Management policies page in Citrix Docs for more information.
Join our experts on Wednesday, April 1, at 9:00 a.m. and 2:00 p.m. ET for a Citrix Technology in Practice (TIPs) webinar, where you’ll learn how to leverage Citrix Endpoint Management to help your organization maintain security and productivity, particularly during times of disruption. Register today.
