Citrix Blogs

Establish device trust with Citrix’s device posture service

In our mobile-first world, where hybrid work is the norm for many organizations, employees need access to corporate applications and resources from anywhere, on any device, on the go. While traditional methods of authentication are still an effective way to check the integrity of end users, they are not enough to verify if the endpoints coming onto your network are trustworthy.

Without establishing device trust, you risk allowing an unsecure or compromised endpoint to connect to your network, which can increase the chances of a potential threat affecting critical corporate resources. Establishing device trust by checking the device’s posture is critical to implementing zero-trust-based access.

At Citrix, we are committed to the principle of “Never Trust, Always Verify.” That’s why we’re excited to introduce device posture service, which you can use to access both Citrix DaaS and Citrix Secure Private Access resources and enable secure access to all kinds of apps.

What is Citrix’s device posture service?

Device posture service is a cloud-based solution that helps you to establish device trust before allowing an end user to log in. The service enables companies to specify device posture parameters such as operating system version, Citrix Workspace app version, Microsoft End Point Manager integration, and MAC address that must be met by an endpoint to access corporate resources.

How does it work?

Device posture service allows an admin to define policies to check the posture of endpoint devices trying to access corporate resources remotely. Based on the compliance status of an endpoint, device posture service can deny access or provide restricted/full access to corporate applications and desktops. These are configured as Deny, Non-Compliant and Compliant actions in the device posture console.

You need to install a lightweight application called Citrix Device Posture Client on the endpoint device to run device posture scans. You can do this by using Citrix Global Application Configuration service or third-party tools like Microsoft SCCM, Jfrog, and Microsoft Intune.

Because the Citrix Device Posture Client is a client-privileged application, the end user can also download and install it without admin rights.

When an end user initiates a connection with Citrix Workspace, the Device Posture Client collects information about the endpoint parameters and shares this information with the device posture service to determine if the posture of the endpoint meets policy requirements.

Enforcing device posture checks is good security hygiene for any organization with a remote workforce. With Citrix’s device posture service, admins have peace of mind, and they can enforce access policies beyond their traditional network perimeter and extend them to a perimeter-less digital workspace.

The entitlement for Citrix Device Posture Service is part of Citrix’s Adaptive Authentication offering, which is bundled with Citrix DaaS Premium, Citrix DaaS Premium Plus, and Citrix Secure Private Access Advanced licenses. Customers with other licenses can purchase Adaptive Authentication as an add-on.

Device posture service is just one component in the zero-trust journey. The integration of the device posture service with Citrix Secure Private Access and Citrix DaaS can help your organization to enable secure access to native apps, virtual apps, SaaS and internal web apps, desktops, and files on any device, from anywhere, delivered with the resiliency and scalability of Citrix Cloud.

Learn more about Citrix Device Posture Service in our product documentation.

Exit mobile version