Today, many enterprises plan to transition their on-premises Active Directory joined devices to Microsoft Entra ID and Intune to centralize device management with Microsoft Intune. With Intune, administrators can centrally control device configuration, security policies, updates, and compliance for corporate and personal devices, tablets, and phones. Other crucial administrator functions such as device reassignment, patch forcing, new employee preparation, and power management features are also available within Intune.
For these enterprises with Citrix deployments, their machine catalogs require manual intervention to enroll Entra ID and Hybrid Entra ID joined machines in Intune, leading to time-consuming errors. With Machine Creation Service Enable Intune Based Device Management, Citrix administrators can now create machine catalogs with the capability of Entra ID, Hybrid Entra ID joined, and Intune enrolled machines, achieving SSO to Entra ID-based applications, activation of Entra ID conditional access, and ensure compliance of MCS provisioned virtual machines.
When enrolling Entra ID or Hybrid Entra ID joined catalogs in Intune, catalogs can be persistent or non-persistent, single or multi-session virtual machines. When provisioned by MCS, the virtual machine’s related identity configuration information persists in the MCS identity disk, which, once powered on, will join Entra ID and enroll the virtual machine in Intune. When machines within the catalog or the catalog itself are no longer required, the machine catalog deletion process removes the virtual machines from Entra ID and Intune.
Once created, Intune can control the MCS-created virtual machine device configuration, security policies, updates, compliance, data, and application access. Additionally, other Intune-related actions for unified device management are also supported.
Entra ID Intune Enrollment Process
For Entra ID and Intune, create your machine catalog, use the “Azure Active Directory joined” identity type, and select “Enroll the machines in Microsoft Intune”:
Hybrid Entra ID Intune Enrollment Process
Create your machine catalog for your Hybrid Entra ID, and Intune joined devices and use the “Hybrid Azure Active Directory joined” option. Select “Enroll the machines in Microsoft Intune with Configuration Manager” and finish by selecting the appropriate options for your environment for Active Directory accounts and OU location.
Once the catalog is created, power on the provisioned machines and check the status of your domain and Intune enrollment:
Entra ID
Hybrid Entra ID
Entra ID joined, and Intune enrolled machine catalogs are available today for persistent and non-persistent virtual machines in Citrix DaaS. For Hybrid Entra ID joined machine catalogs, persistent virtual machines are enabled today for Citrix DaaS and Citrix Virtual Apps and Desktops 2407, with support for non-persistent virtual machines coming shortly.
For more information and requirements, please visit the product documentation for this feature.
Disclaimer: This publication may include references to the planned testing, release and/or availability of Cloud Software Group, Inc. products and services. The information provided in this publication is for informational purposes only, its contents are subject to change without notice, and it should not be relied on in making a purchasing decision. The information is not a commitment, promise or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for products remains at the sole discretion of Cloud Software Group, Inc.
