Citrix Virtual Apps & Desktop 7 2303

Citrix have released a new version of Citrix Virtual Apps and Desktop 7 2303.
Release 7 2303 is now available for download, 24th March, 2023.
Citrix Virtual Apps & Desktop 7 2303 is a CR release. Read more about CR here
Citrix Virtual Apps (former name: XenApp) Citrix Virtual Desktop (former name: XenDesktop)
Citrix raises the bar of for user experience and new product release of following technologies:
- Director 2303
- Citrix Licensing 11.17.2 build 41000
- Virtual Delivery Agents 2303 for ServerOS and ClientOS
- Virtual Delivery Agent 2303 for Linux
- Citrix Federated Authentication Service 2303
- Citrix Provisioning 2303
- Profile Management 2303
- Workspace Environment Management 2303
- Session Recording 2303
- Citrix Virtual Apps and Desktop Service (March 2023)
- Workspace App 2303 for Windows
- Workspace App 2303 for Linux
- Workspace App 2303 for Chrome
- Workspace App 2303 for Android
- Workspace App 2303 for MacOS
- Workspace App 2303 for HTML5
- Workspace App 2303 for ChromeOS
What’s new in Citrix Virtual Apps and Desktop 7 2303
Citrix Web Studio
Support for configuring session roaming
Previously, PowerShell was your only choice to configure session roaming for applications and desktops. You can now do that using Web Studio. For more information, see Manage delivery groups.
Renamed some actions to better align with their actual meanings
We’ve renamed the following actions in Machine Catalogs and Delivery Groups. The workflows for performing those actions remain unchanged.
- Update Machines renamed to Change Master Image
- Rollback Machine Update renamed to Roll Back Master Image
- Upgrade Catalog renamed to Change Functional Level
- Upgrade Delivery Group renamed to Change Functional Level
- Undo Upgrade Catalog renamed to Undo Functional Level Change
- Undo Upgrade Delivery Group renamed to Undo Functional Level Change
Use a machine profile turned on by default for Azure catalog creation
When creating Azure machine catalogs using Web Studio, the Use a machine profile option is now selected by default. For more information, see Create a machine catalog using an Azure Resource Manager image.
Annotate an image when updating machines
In Web Studio, you can now annotate an image by adding a note for it when updating an MCS-created catalog. Each time you update the catalog, a note-related entry is created whether you add a note. If you update the catalog without adding a note, the entry appears as null (-). To view note history for the image, select the catalog, click Template Properties in the lower pane, and then click View note history. For more information, see Change the master image for a catalog.
Improve performance by preserving a provisioned VM when power cycling
We’ve added a setting, Retain VMs across power cycles, to the Machine Catalog Setup > Disk Settings page. The setting lets you preserve a provisioned VM when power cycling in Azure environments. For more information, see Create a Microsoft Azure catalog.
Proxy mode for Web Studio
Previously, the Web Studio console had to communicate with both the Web Studio server and Delivery Controllers when managing sites. With proxy mode, the Web Studio server can now act as a proxy for Delivery Controllers, thus becoming the only access point for the Web Studio console. For more information, see Configure Web Studio as a proxy for Delivery Controllers.
Citrix Studio
Browse for apps to add manually
A Browse button is now available on the Add Application Manually page. With it, you can easily browse for and select an app from a VDA in the delivery group. For more information, see Create delivery groups and Applications.
Machine Creation Services (MCS)
Support for customizing power on behavior at storage type change failure
At power-on, the storage type of a managed disk could fail to change to the desired type due to a failure on Azure. Previously, in these scenarios, the VM would remain off with a failure message sent to you. With this feature, you can either choose to power on the VM even when storage cannot be restored to its configured type or choose to keep the VM powered off. For more information, see Customize power on behavior at storage type change failure.
Support for Azure disk encryption at host
With this feature, you can now create an MCS machine catalog with encryption at host capability. Currently, MCS supports only the machine profile workflow for this feature. You can use a VM or a template spec as an input for a machine profile. For more information, see Azure disk encryption at host.
In this type of encryption, the server hosting the VM encrypts the data and then the encrypted data flows through the Azure storage server. Therefore, this method of encryption encrypts data end to end. For more information, see Encryption at host – End-to-end encryption for your VM data.
Support for GCP instance template as an input for machine profile
With this feature, you can now select a GCP instance template as an input for the machine profile. Instance templates are lightweight resources in GCP, therefore are very cost effective. To do this, use PowerShell commands. For more information on using PowerShell commands to create and update machine catalogs by selecting a GCP instance template, see Create a machine catalog with machine profile as an instance template.
Support for MAK activation
You can now provision persistent and non-persistent machine catalogs with VMs activated through the Multiple Activation Key (MAK). With this feature, now MCS can also communicate with provisioned VMs. This implementation helps in activating the Windows system without losing activation counts. For more information, see Volume licensing activation.
Support for allowing security identifiers while creating virtual machines
Previously, while creating new virtual machines with the configuration specified by a provisioning scheme, you could not add a security identifier (ADAccountSid
) to the NewProvVMcommand. With this feature, you can now add the parameter ADAccountSid to uniquely identify the machines while creating new virtual machines. For more information, see Add SIDs while creating virtual machines.
Ability to get warnings associated with MCS catalogs
Previously, you did not get any information indicating that there are issues with your machine catalog. With this feature, you can now get warnings to understand issues with your MCS catalogs and fix those issues.
Warnings, unlike errors, do not cause an initiated provisioning task to fail.
To get warnings, use PowerShell commands. For more information, see Retrieve warnings associated with a catalog.
Support for using an image from the Azure Compute Gallery to create and update an MCS catalog
You can create and update an MCS machine catalog using an image from the Azure Compute Gallery. You can use Citrix Studio or PowerShell commands to create or update machine catalogs. For more information, see Create machine catalog using Azure Compute Gallery image.
Add informative description for image updates
Previously, there was no option to add a description to an image update. With this feature, you can now add notes to describe images used for creating or updating a machine catalog. You can also retrieve these notes. This functionality is useful when you want to maintain records of the image updates. These records are helpful for audits. Using PowerShell commands, you can create and view the description. For details, see Adding descriptions to an image.
Support for changing the storage type of existing VMs to a lower tier on shutdown in Azure environments
In Azure environments, you can now save storage costs by changing the storage type of existing VMs to a lower tier when the VMs are shut down. To do this, use the StorageTypeAtShutdown custom property. For more information see, Change the storage type of existing VMs to a lower tier on shutdown.
Microsoft Teams Optimization
Audio quality for legacy codecs has increased
We have three options for audio redirection: medium quality, high quality, and adaptive audio. More bandwidth has been allocated for medium and high audio codecs. Medium bandwidth increased to 24 kbps and high bandwidth increased to 224 kbps.
Citrix Director
Failed Machines alert
The Proactive Notification and Alerting feature of the Director is enhanced to include a new alert, Failed Machines (in %) based on the percentage of failed machines in a delivery group. The new alert condition, allows you to configure alert thresholds as a percentage of failed machines in a delivery group. For more information, see Failed Machines section in the Alerts article.
Citrix Licensing 11.17.2 build 42000
This release addresses an issue that help to improve overall stability.
Virtual Delivery Agents (VDAs) 7 2303 for Windows Desktop/Server OS.
TLS 1.3 support
Citrix Virtual Apps and Desktops now supports the TLS 1.3 protocol for TCP-based connections between components. For more information, see Transport Layer Security (TLS).
HDX Direct (Preview)
With this feature, you can automatically establish a secure direct connection with the VDA when direct communication is available while you access your resources through Workspace and Gateway Service.
Enhanced EDT congestion control (Preview)
A new congestion control algorithm is introduced to optimize the protocol. This implementation allows EDT to achieve higher throughput and reduce latency for an enhanced user experience.
Geolocation redirection
The location and sensor virtual channel service supports the updated Windows location APIs and now compatible with all applications.
Virtual Delivery Agents (VDAs) 7 2303 for Linux
Version 2303 of the Linux VDA includes the following new features and enhancements:
Support for RHEL 9.1 and Rocky Linux 9.1
We have added RHEL 9.1 and Rocky Linux 9.1 as supported distributions. For more information, see System requirements.
Support for new Linux streaming target devices
We have extended Linux streaming to the following distributions:
- RHEL 9.1
- RHEL 9.0
- Rocky Linux 9.1
- Rocky Linux 9.0
For more information, see Streaming Linux target devices in the Citrix Provisioning documentation.
Easy install enhancements
We have enhanced the easy install feature and improved the user experience for both silent and interactive modes. Here’s a list of the main enhancements that we made:
- Added /opt/Citrix/VDA/sbin/ctxinstall.conf as the configuration file for easy install to set, save, and synchronize the values of all environment variables needed for GUI and ctxinstall.sh.
- Added validation for variable configurations to improve robustness.
- Added command options for you to run ctxinstall.sh. For more information, use the help command, ctxinstall.sh -h.
For more information on using easy install, see Create domain-joined VDAs using easy install.
XDPing enhancements
We have added an analysis module in the XDPing tool to check and analyze your VDA registration status. To do a VDA registration status check, run the sudo /opt/Citrix/VDA/bin/xdping -a command.
We have also extended the XDPing test categories to include the dependency, Kerberos, and PAM checks. To do the specific checks, run the sudo /opt/Citrix/VDA/bin/xdping -T dependency,kerberos,pam commands.
For more information, see XDPing, Federated Authentication Service, and Smart cards.
What’s new in earlier releases
For new features included in the releases that shipped after the 1912 LTSR through the 2301 CR, see What’s new history.
Citrix Federated Authentication Service 2303
This release of Federated Authentication Service addresses several issues that help to improve overall performance and stability. No new features were added.
For information about bug fixes, see Fixed issues.
Citrix Provisioning 2303
Support for joining your farm to Citrix Cloud and upgrading to the new encryption scheme
Citrix Provisioning now allows you to join your farm with Citrix Cloud. If you choose to join your farm with Citrix Cloud, then you must register all the Citrix Provisioning servers in the farm with Citrix Cloud to establish secure access to your Citrix Cloud resources.
To join your farm with Citrix Cloud, use the Configuration Wizard.
You can do the following:
- Join an existing farm to Citrix Cloud
- Create a new farm and join the farm to Citrix Cloud
- Register a Citrix Provisioning server with Citrix Cloud
Joining your farm with Citrix Cloud provides enhanced database security. With enhanced database security, sensitive data in the Citrix Provisioning database is re-encrypted with a new key. This new encryption scheme follows the industry standard encryption best practices. For more information, see Farm.
If you upgrade to Citrix Provisioning version 2303 and select to join your join farm to Citrix Cloud, you can then choose to downgrade to an earlier release. However, you cannot downgrade to an earlier release without reverting to the database in use before upgrading.
Therefore, you MUST back up the database before upgrading.
For more information, see Servers.
Enhanced security for Configuration Wizard answer file
Starting with Citrix Provisioning version 2303, the passwords to database and domain accounts in the configuration wizard answer files are protected with enhanced security. For more information, see Running the configuration wizard silently.
Support for SQL Server 2022
Citrix Provisioning now supports SQL Server 2022 in the following on-premises configuration:
- Standalone
- Database mirroring
- Always on failover with or without multi-subnet failover
Support for new Linux streaming target devices
For Linux streaming, the following operating systems are now supported:
- RHEL 9.0
- RHEL9.1
- Rocky Linux 9.0
- Rocky Linux 9.1
For more information, see Streaming Linux target devices for details.
Support for read-only administrative role
With this feature, groups of users can have read-only access to a farm, site, and device collection. Therefore, if you assign a group to have farm read-only access, the users in that group can view farm, site, device collection, and device properties within a farm. For more information, see Administrative roles.
Support for different event IDs
Previously, all events logged by the stream process used the same two event IDs (one for errors and one for information). With this feature, you now have specific codes for all events logged by the stream process. This helps you to set up alerts based on event IDs and helps you to meet compliance around uptime. For more information, see Event IDs logged by the stream process.
Citrix Profile Management 2303
This release includes the following new features and enhancements. It also addresses several issues that help to improve overall performance and stability.
App access control
Profile Management can now hide applications from users, machines, and processes based on the rules you provide. With a new policy, App access control, you can enable this feature and provide control rules.
A PowerShell tool, Rule Generator, is delivered with the Profile Management installation package, letting you create, manage, and generate rules for app access control.
For more information, see Control user access to applications.
Active write-back on session lock and disconnection
A new policy, Active write back on session lock and disconnection, is now available to extend the Active write back and Active write back registry policies:
- With both this new policy and the Active write back policy enabled, profile files and folders are written back only when a session is locked or disconnected.
- With this new policy and both the Active write back and Active write back registry policies enabled, registry entries are written back only when a session is locked or disconnected. For more information, see Configure active write-back.
VHD disk compaction
With a new policy, Enable VHD disk compaction, VHD files are now automatically compacted on user logoff when certain conditions are met. This policy enables you to save the storage space consumed by profile container, OneDrive container, and folder mirroring container.
Depending on your needs and the resources available, you can adjust the default VHD compaction settings and behavior using the following policies:
- Free space ratio to trigger VHD disk compaction
- Number of logoffs to trigger VHD disk compaction
- Disable defragmentation for VHD disk compaction
Citrix Workspace Environment Management 2303
This release includes the following new features and addresses issues to improve the user experience:
Profile Management
Workspace Environment Management now supports all versions of Profile Management through 2303. The following new options are now available in Administration Console > Policies and Profiles > Citrix Profile Management Settings.
- Enable concurrent session support. Provides native Outlook search experience in concurrent sessions. If enabled, each concurrent session uses a separate Outlook OST file. You can specify the maximum number of VHDX disks for storing Outlook OST files. The option is available in Policies and Profiles > Citrix Profile Management Settings > Advanced Settings.
- Enable profile streaming for pending area. If enabled, files in the pending area are fetched to the local profile only when they are requested. This ensures optimum logon experience in concurrent session scenarios. The option is available in Policies and Profiles > Citrix Profile Management Settings > Streamed User Profiles.
Citrix Session Recording 2303
This release includes the following new features and addresses issues to improve the user experience:
Compressed recording
You can enable compressed recording for parts of Thinwire-transmitted session screens that are not H.264 compressed. This feature reduces recording file size significantly. To enable this feature, go to the Recording tab of Session Recording Agent Properties and select the check box in the Compressed recording section.

NOTE:
- This feature is disabled by default.
- The minimum version required for the VDA is 2303.
For more information, see Enable or disable recording.
Image resolution scaling for lossy video codec
Lossy video codec lets you adjust compression options to reduce the size of recording files and to accelerate navigation through recorded sessions during playback. This release adds a compression option, image resolution scaling, to the lossy video codec feature. Image resolution scaling lets you downscale the resolution of recorded screens.

For more information, see Enable or disable lossy video codec.
Enhanced notification for event response actions
Starting with Session Recording 2206, you can disconnect, log off, or lock users from their virtual sessions when a specific event is detected. You can also notify users of the actions by setting the time interval between a notice and its execution. This release enhances the notification feature by giving users a clearer understanding of the reason behind the actions. For an example notice, see the following screen capture:

For more information, see Create a custom event response policy.
Google Analytics disabled for EU customers by default
Google Analytics is now disabled for EU customers by default. For more information, see CEIP and Google Analytics.
More optional parameters for ICLDB commands
This release introduces the RELOCATE parameter to the IMPORT command and the FILTER parameter to the ARCHIVE and REMOVE commands of the ICLDB utility.
- The RELOCATE parameter for ICLDB IMPORTYou can move session recording files to different storage paths for load balancing or other purposes. To ensure that the files can still be played, you must update their new paths to the Session Recording database. To do so, use the ICLDB IMPORT command. To accelerate the import process, append the RELOCATE parameter to the ICLDB IMPORT command.Without the RELOCATE parameter, the ICLDB IMPORT command parses session recording files in their entirety, which takes time. With the RELOCATE parameter, the ICLDB IMPORT command simply locates the database records of session recording files and updates their file paths directly.
- The FILTER parameter for ICLDB ARCHIVE and ICLDB REMOVEPreviously, only the RETENTION parameter was available for the ICLDB ARCHIVE and ICLDB REMOVE commands to specify target session recording files to manipulate. Starting with this release, you can add the FILTER parameter to manipulate session recording files that meet both RETENTION and FILTER. The FILTER parameter lets you filter file paths by using the
*
and?
wildcards.
Citrix Virtual Apps and Desktops service
March 2023
New and enhanced features
Support for creating dynamic security group under existing assigned security group. Previously, you could create Azure AD dynamic security groups for a machine catalog. With this feature, you can also add an Azure AD dynamic security group under an existing Azure AD assigned security group. You can do the following:
- Get security group information.
- Get all Azure AD assigned security groups that are synced from on-premises AD server or the assigned security groups to which Azure AD roles can be assigned.
- Get all Azure AD dynamic security groups.
- Add Azure AD dynamic security group as a member of Azure AD assigned group.
- Remove the membership between Azure AD dynamic security group and Azure AD assigned security group when Azure AD dynamic security group is deleted along with the machine catalog.
For more information, see Create an Azure AD dynamic security group under an existing Azure AD assigned security group.
Support for Azure AD dynamic security group for Azure AD joined VM. Citrix now supports dynamic security group for a catalog While creating an MCS machine catalog. Dynamic security group rules place the VMs in the catalog to a dynamic security group based on the naming scheme of the machine catalog. This is useful when you want to manage the VMs by Azure Active Directory (Azure AD). This is also useful when you want to apply Conditional Access policies or distribute apps from Intune by filtering the VMs with Azure AD dynamic security group. When you delete a catalog, the dynamic security group is also deleted. For more information, see Azure Active Directory dynamic security group.
For more information on license requirement for using dynamic security groups, see the Microsoft document Create or update a dynamic group in Azure Active Directory.
Support for adding VMs to Azure AD security groups through Full Configuration. An option, Azure AD security group, is now available when you create Azure AD joined VMs. The option lets you add the VMs to an Azure AD security group based on their naming scheme. For more information, see Create a Microsoft Azure catalog.
Support for changing the storage type of existing VMs to a lower tier on shutdown in Azure environments. In Azure environments, you can now save storage costs by changing the storage type of existing VMs to a lower tier when the VMs are shut down. To do this, use the StorageTypeAtShutdown custom property. For more information, see Change the storage type of existing VMs to a lower tier on shutdown.
Support for allowing security identifiers while creating virtual machines. Previously, while creating new virtual machines with the configuration specified by a provisioning scheme, you could not add a security identifier (ADAccountSid
) to the NewProvVM
command. With this feature, you can now add the parameter ADAccountSid
to uniquely identify the machines while creating new virtual machines. For more information, see Add SIDs while creating virtual machines.
Ability to get warnings associated with MCS catalogs. Previously, you did not get any information indicating that there are issues with your machine catalog. With this feature, you can now get warnings to understand issues with your MCS catalogs and fix those issues.
Warnings, unlike errors, do not cause an initiated provisioning task to fail.
To get warnings, use PowerShell commands. For more information, see Retrieve warnings associated with a catalog.
Shared tenants for connections. You can now add tenants and subscriptions that share the Azure Compute Gallery with the subscription of the connection. As a result, when creating or updating catalogs, you can select shared images from those tenants and subscriptions. For more information, see Edit connection settings.
Removed support for changing the OS type for Azure catalogs. When changing catalog images, only images with the same OS type as the image in use are shown. With this enhancement, Citrix DaaS no longer supports changing the OS type for Azure catalogs after catalog creation.
February 2023
New and enhanced features
Support for sharing images across different Azure tenants. Previously, in Azure environments, you could share images only with shared subscriptions using Azure Compute Gallery. With this feature, you can now select an image in Azure Compute Gallery that belongs to a different shared subscription in a different tenant to create and update an MCS catalog. For more information, see Image sharing across Azure tenants.
Policy modeling. The policy modeling feature is now generally available. You can simulate policies for planning and testing purposes. For more information, see Use the Policy Modeling wizard.
Ability to turn preview features on or off. In Full Configuration > Home, as a Citrix Cloud administrator with full access, you can now turn preview features on or off without contacting Citrix. For more information, see Home page for the Full Configuration interface.
Search Session Diagnostics with user name. This feature enables the use of Session Launch Diagnostics starting with the user name if you don’t have the transaction id. This feature is specifically useful for help desk administrators to triage a failed session if the end user hasn’t captured the transaction id. You can search for a user name, and select a session to triage from a list of failed sessions that the user attempted to launch over the last 48 hours. The Session Launch Diagnostics page shows the details of the failed session. It lists the exact component and stage where the failure occurred. For more information, see the Session Launch Diagnostics article.
Deploy secure web and SaaS apps with Secure Private Access. On the Full Configuration > Applications > Applications tab, a new option, Add Web/SaaS Applications, is now available in the action bar. The option lets you deploy secure web and SaaS apps with Secure Private Access. Citrix Secure Private Access provides an easy, flexible way for remote users to access web, SaaS, and client-server based apps using a Zero-Trust approach. It enables single sign-on to web and SaaS apps, along with granular security controls such as watermarking and copy/paste controls, among other security features. With Citrix Secure Private Access, you can combine all your virtualized and non-virtualized apps in one place and enhance the user experience for your users. See Citrix Secure Private Access.
Filter log content for a specific time duration. A new option, Custom, is now available in the time duration list in Full Configuration > Logging > Events. Use it to specify a period of the events for which you want to filter your search. For more information, see Configuration logging.
Updates for Autoscale. We’ve updated the Control when Autoscale starts powering on tagged machines option to make it easy to understand. The option controls when Autoscale starts powering on tagged machines based on the percentage of the remaining capacity of untagged machines. When the percentage falls below the threshold (default, 10%), Autoscale starts powering on tagged machines. When the percentage exceeds the threshold, Autoscale goes into power-off mode. For more information, see Autoscaling tagged machines (cloud burst).
App protection policies. You can now enable app protection when creating or editing a delivery group. The feature provides anti-keylogging and anti-screen-capturing capabilities for client sessions. For more information, see Create delivery groups and Manage delivery groups.
Real-time GPU Utilization available for AMD GPUs. You can now see GPU Utilization of AMD Radeon Instinct MI25 GPUs and AMD EPYC 7V12(Rome) CPUs on Monitor. Monitor already supports the NVIDIA Tesla M60 GPUs. GPU Utilization displays graphs with real-time percentage utilization of the GPU, the GPU memory, and of the Encoder and the Decoder to troubleshoot GPU-related issues on multi-session and single-session OS VDAs. The AMD GPU Utilization graphs are available only for VDAs running 64-bit Windows and Citrix Virtual Apps and Desktops 7 2212 or later. For more information, see GPU Utilization.
Support for scheduling configuration updates in Azure. In Azure environments, you can now schedule a time slot for the configuration updates of the existing MCS provisioned machines using the PowerShell command Schedule-ProvVMUpdate
. Any power on or restart during the scheduled time slot applies a scheduled provisioning scheme update to a machine. You can also cancel the configuration update before the scheduled time using Cancel-ProvVMUpdate
.
You can schedule and cancel the configuration update of:
- A single or multiple VMs
- An entire catalog
For more information, see Schedule configuration updates.
Support for using Citrix ready images directly from Google Cloud Marketplace. You can now browse and select images offered by Citrix on the Google Cloud Marketplace to create MCS catalogs. Currently, MCS supports only the machine profile workflow for this feature. For more information, see Google Cloud Marketplace.
Limit host groups scope in SCVMM Host Connection. Previously, host connection to SCVMM required the admin to have a single top level host group configured. This implies that the admin had visibility to all host groups, clusters, or hosts beneath the single top level host group. With this feature, in large deployments where a single SCVMM manages multiple clusters in different data centers, you can now limit the host groups scope of the admins. To do this, you can use the Delegated Admin role in the Microsoft System Center Virtual Machine Manager (VMM) console to select the host groups to which an admin must have access. For more information, see Install and configure a hypervisor.
Support for zone-redundant storage in Azure. Previously, MCS offered only locally-redundant storage. With this feature, zone-redundant storage is now an option in Azure, allowing you to select a storage type depending on what type of redundancy you want to use. Zone-redundant storage replicates your Azure managed disk across multiple availability zones, which allows you to recover from a failure in one zone by utilizing the redundancy in others. For more information see, Enable zone-redundant storage.
January 2023
New and enhanced features
Option to downgrade storage disk to Standard HDD when VMs shut down. A new option, Enable storage cost saving, is now available on the Disk Settings page when you create or update Azure catalogs. The option saves storage costs by downgrading to Standard HDD for the storage disk and the write-back cache disk when the VM shuts down. The VM switches to its original settings on restart. For more information, see Create a Microsoft Azure catalog.
Support for configuring session roaming in Full Configuration. Previously, PowerShell was your only choice to configure session roaming for applications and desktops. You can now do that in Full Configuration. For more information, see Manage delivery groups.
Renamed some actions to better align with their actual meanings. We’ve renamed the following actions in Full Configuration > Machine Catalogs and Full Configuration > Delivery Groups. The workflows for performing those actions remain unchanged.
- Update Machines renamed to Change Master Image
- Rollback Machine Update renamed to Roll Back Master Image
- Upgrade Catalog renamed to Change Functional Level
- Upgrade Delivery Group renamed to Change Functional Level
- Undo Upgrade Catalog renamed to Undo Functional Level Change
- Undo Upgrade Delivery Group renamed to Undo Functional Level Change
Support for organizing application groups using folders. You can now create nested folders to organize application groups for easy access. For more information, see Organize application groups using folders.
Restriction enhancements for delivery groups. Previously, when restricting the use of apps or desktops for a delivery group, you could specify only users and user groups that were allowed to use them in a delivery group. You can now also add users and user groups that you want to block. This enhancement is useful when you add a group of users to an allow list and at the same time want to block a subset of users in the allow list. For more information, see Create delivery groups.
Access Citrix Analytics for Performance – Session Details from Monitor. The Session Details page from Citrix Analytics for Performance is now integrated in Monitor. Click View Session Timeline in the Sessions page in Monitor to view the Sessions Details page from Citrix Analytics for Performance within Monitor. This requires you to have a valid Citrix Analytics for Performance entitlement. The Session Details are available for sessions that are categorized as Excellent, Fair, or Poor in Citrix Analytics for Performance.
You can view a trend of the session experience for the session for up to the last three days along with the factors contributing to the experience. This information complements the live data available in Monitor, used by the helpdesk admin while troubleshooting issues related to session experience.
For more information, see the Site Analytics article.
Non-persistent VMs are deleted from hypervisors or cloud services when you delete them or their machine catalogs in Full Configuration. The option to retain VMs in hypervisors or cloud services is now available only to persistent VMs. For more information, see Manage machine catalogs.
Citrix Workspace App 2303 for Windows
What’s new in 2303
Quick launch of disconnected desktops
Starting with this release, the quick launch of disconnected desktops feature is enabled by default. You can launch your previously disconnected desktops instantly. When Citrix Workspace app starts up, it launches the disconnected sessions in hidden mode. The session is instantly presented when you launch the desktop.

NOTE:
This feature is applicable to Workspace (cloud) sessions only.
For more information, see Quick launch of disconnected desktops.
Client App Management for WebEx plug‑in [Technical Preview]
Download, install, and auto‑update of the WebEx plug‑in is supported and handled the same way as Zoom plug‑ins.
For more information on how to enable this feature, see Client App Management for WebEx plug‑in.
NOTE:
Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.
You can provide feedback on this feature via the Podio form.
Configure path for Browser Content Redirection overlay Browser temp data storage
Starting with Citrix Workspace app 2303 version, you are requested to configure temp data storage path for Chromium Embedded Framework (CEF) based browser.
For more information, see Configure path for Browser Content Redirection overlay Browser temp data storage.
Support for modern authentication methods for StoreFront stores
Citrix Workspace app 2303 for Windows support modern authentication methods for StoreFront stores. You can authenticate to Citrix StoreFront stores using any of the following ways:
- Using Windows Hello and FIDO2 security keys. For more information, see Other ways to authenticate.
- Single sign-on to Citrix StoreFront stores from Azure Active Directory (AAD) joined machines with AAD as the identity provider. For more information, see Other ways to authenticate.
- Workspace administrators can configure and enforce Azure Active Directory conditional access policies for users authenticating to Citrix StoreFront stores. For more information, see Support for Conditional access with Azure AD.
To enable this feature, you must use Microsoft Edge WebView2 as the underlying browser for direct StoreFront and gateway authentication.
NOTE:
Ensure that the Microsoft Edge WebView2 Runtime version is 102 or later.
You can enable modern authentication methods for StoreFront stores using the GPO template. For more information, see Support for modern authentication methods for StoreFront stores section.
Improved experience for optimized Microsoft Teams video conference calls
Starting with this release, by default simulcast support is enabled for optimized Microsoft Teams video conference calls. With this support, the quality and experience of video conference calls across different endpoints are improved by adapting to the proper resolution for the best call experience for all callers.
With this improved experience, each user might deliver multiple video streams in different resolutions (for example, 720p, 360p, and so on) depending on several factors including endpoint capability, network conditions, and so on The receiving endpoint then requests the maximum quality resolution that it can handle thereby giving all users the optimum video experience.
NOTE:
This feature is available only after the roll-out of an update from Microsoft Teams. For information on ETA, go to and search for Microsoft 365 roadmap. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.
Enhancement to App Protection: Anti-DLL Injection
As part of App Protection, we now have a security enhancement that helps to protect the Citrix Workspace app from certain unauthorized dynamic-link libraries (DLL) or untrusted modules. If such untrusted modules are injected, the Citrix Workspace app detects these interventions and stops the modules from loading.
The anti-DLL injection can be enabled for the following components:
- Citrix Auth Manager
- Citrix Workspace app UI
- Citrix Virtual Apps and Desktops
For more information, see the App Protection documentation.
DISCLAIMER:
This capability works by filtering access to required functions of the underlying operating system (specific API calls required to load DLLs). Doing so means that it can provide protection even against certain custom and purpose-built hacker tools. However, as operating systems evolve, new ways of loading DLLs can emerge. While we continue to identify and address them, we cannot guarantee full protection in specific configurations and deployments.
Citrix Enterprise Browser
This release includes Citrix Enterprise Browser version 109.1.1.29, based on Chromium version 109. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.
Citrix Workspace App 2303 for iOS
Document scanner Feature preview
NOTE:
This feature is in public preview and can be enabled by request. You can request access to this feature at: https://podio.com/webforms/28405010/2263002.
Using the document scanner, you can now scan and save multiple documents, all within the desktop session. You can access this feature by clicking the Scan button on the session toolbar. However, if you have Citrix Casting enabled, this feature is found on the session toolbar by clicking More > Scan Document.
The document scanner feature requires read and write access on your device. To enable access, follow these steps:
- From your profile, click Application Settings > Store Settings.
- Click on your current store.
- Click Device Storage and select Read and write access.
Support for store configuration using MDM solutions Feature preview
NOTE:
This feature is in public preview.
Citrix Workspace app for iOS now supports remote configuration of your Workspace Store URL using mobile device management (MDM) solutions. For more information, see Configure Workspace app using MDM solutions.
Support for PiP Feature preview
NOTE:
This feature is in public preview.
Citrix Workspace app for iOS now supports Picture-in-picture (PiP) mode, enabling you to shrink your desktop session, SaaS app, or web app, to a floating window that you can move freely around the screen and place anywhere. PiP mode frees up the home screen of the Citrix Workspace app for you to complete other tasks. Click on the Home button on the session toolbar in your desktop session, or on the ellipsis menu (…) > Minimize in your SaaS app or web app to minimize the screen. Click on the floating window to view the app in full screen and close the app by clicking the X icon on the floating window. The floating window appears automatically in full screen when you minimize another app.
This feature is supported for both on-premises and cloud deployments. However, for cloud deployments, web apps can be minimized to a PiP and you can also switch between a desktop session and a web app by clicking on the floating window.
NOTE:
You can keep only two apps active at a time. One in full screen mode and the other minimized as a PiP:
- 2 web or SaaS apps
- 1 web or SaaS app and 1 virtual app or desktop session
Known limitations:
- PiP mode is unavailable when external peripherals are connected such as a mouse or keyboard or external monitor.
- If PiP mode is enabled and your device is connected to an external monitor, Citrix Workspace app is unresponsive and the back button is unavailable in Display settings inside the desktop session.
Reauthentication after session timeout
With this release, you are now prompted to reauthenticate to the Citrix Workspace app if your CWA session has expired since your last sign in. You are prompted for two-factor authentication or a username and password when connecting to the Citrix Workspace app from the web or a native client.
Citrix Workspace App 2303 for Linux
Persistent login
NOTE:
This feature is generally available for Citrix Workspace app.
The Persistent login feature enables you to stay logged in for up to the duration (2–365 days) configured by your admin. When this feature is enabled, you need not provide login credentials for the Citrix Workspace app during the configured period.
With this functionality, the SSO to Citrix DaaS sessions is extended up to a period of 365 days. This extension is based on the lifetime of Long-Lived Tokens. Your credentials are cached by default for 4 days or Lifetime whichever is lower. And then extended when you become active within these 4 days by connecting to the Citrix Workspace App.
For more information, see Persistent login.
Support for authentication using FIDO2 in HDX session
NOTE:
This feature is generally available for Citrix Workspace app.
With this release, you can authenticate virtual apps or desktops by using FIDO2 security keys. FIDO2 security keys provide a seamless way for enterprise employees to authenticate to apps or desktops that support FIDO2 without entering a user name or password. For more information about FIDO2, see FIDO2 Authentication.
NOTE:
If you’re using the FIDO2 device through USB redirection, remove the USB redirection rule of your FIDO2 device from the
usb.conf
file in the$ICAROOT/
folder. This update helps you to switch to the FIDO2 virtual channel.
By default, FIDO2 authentication is disabled.
For more information, see Support for authentication using FIDO2.
Improved audio echo cancellation support
NOTE:
This feature is generally available for Citrix Workspace app.
Starting with this release, Citrix Workspace app supports echo cancellation. This feature is designed for real-time user cases, and it improves the user experience. The echo cancellation feature supports low quality, medium quality, and adaptive audio. Citrix recommends using adaptive audio for better performance.
For more information, see Improved audio echo cancellation support
Inactivity Timeout for Citrix Workspace app
NOTE:
This feature is generally available for Citrix Workspace app.
The inactivity timeout feature signs you out of the Citrix Workspace app based on a value that the admin sets. Admins can specify the amount of idle time that is allowed before a user is automatically signed out of the Citrix Workspace app. You’re automatically signed out when no activity from the mouse, keyboard, or touch occurs for the specified interval of time, within the Citrix Workspace app window. The inactivity timeout does not affect the already running Citrix Virtual Apps and Desktops and Citrix DaaS sessions or the Citrix StoreFront stores.
The inactivity timeout value can be set starting from 10 minutes to 1440 minutes. The interval to change this timeout value must be in multiples of 5. For example: 10, 15, 20, or 25 minutes. By default, the inactivity timeout isn’t configured.
NOTE:
This feature is applicable only on cloud deployments.
For more information on how to configure InactivityTimeoutInMinutes, see Inactivity Timeout for Citrix Workspace app section.
Background blurring for webcam redirection
Citrix Workspace app for Linux now supports background blurring for webcam redirection.
For more information, see Background blurring for webcam redirection.
Configure path for Browser Content Redirection overlay Browser temp data storage
Starting with Citrix Workspace app 2303 version, you are requested to configure temp data storage path for CEF based browser.
For more information, see Configure path for Browser Content Redirection overlay Browser temp data storage.
Support for new PIV cards
With this release, Citrix Workspace app supports the following new Personal Identification Verification (PIV) cards:
- IDEMIA next-generation smartcard
- DELL TicTok Smartcard
Performance optimization for smartcard driver
Citrix Workspace app 2303 version includes performance related fixes and optimizations for VDSCARDV2.DLL
smartcard driver. These enhancements help to outperform version 1 VDSCARD.DLL
.
Microsoft Teams enhancements
Limiting video resolutions
Administrators who have users on lower‑performance client endpoints can choose to limit incoming or outgoing video resolutions to decrease the impacts of encoding and decoding video on those endpoints. Starting from Citrix Workspace app 2303 for Linux, you can limit these resolutions using client configuration options.
For more information, see Limiting video resolutions.
Configuring a preferred network interface
Starting with Citrix Workspace app 2303 version, you can now configure a preferred network interface for media traffic. With this enhancement, if you have multiple network connections and the performance of the default one is not good, you can change to another network.
Citrix Workspace App 2303 for Android
This release addresses a few issues that help to improve overall performance and stability.
Citrix Workspace App 2303 for Apple OSX
Native support for Mac with Apple Silicon (M1 Series) Universal architecture
Citrix Workspace app for macOS now natively supports Macs with Apple silicon (M1 Series) by way of a universal architecture. With the universal architecture, the Citrix Workspace app runs natively on both Apple silicon and Intel-based Mac computers without Rosetta emulation. The build runs natively on Macs with Apple silicon (M1 Series) and it must be installed and tested on Macs using M1 Series.
NOTE:
Citrix continues to support Intel-based Macs that use the Rosetta 2 dynamic binary translator. However, Citrix will soon deprecate the Citrix Workspace app for Mac that uses Rosetta emulation. Keep a look out for an announcement in the Deprecation section.
You can now download either the Universal Architecture build or Intel build from the Citrix Workspace App for macOS (Apple silicon) section at Downloads. If you’re using Citrix Workspace app on a Mac running Mac with Apple silicon (M1 Series), you must upgrade the HDX RealTime Optimization Pack (RTOP). This ensures that the audio-video conferencing and Voice over Internet Protocol enterprise telephony through Microsoft Skype for Business is optimized. You can install the HDX RealTime Media Engine 2.9.500 for Mac from the Citrix website at Downloads.
If your organization uses any third-party plug-ins or virtual channels, you must ensure that these plug-ins are compatible with Macs running Apple silicon. If the plug-ins are developed in-house then you must rebuild these plug-ins before installing the universal architecture build.
Citrix Workspace App 2303 for HTML5
Multi‑window chat and meetings for Microsoft Teams
Starting with the 2301 version, you can use multiple windows for chat and meetings in Microsoft Teams. You can pop out the conversations or meetings in various ways.
For details about the pop‑out window feature, see Pop out a chat in Microsoft Teams.
For troubleshooting see, CTX253754.
Microsoft will deprecate the single‑window support in the future. If you’re running an older version of Citrix Workspace app or Virtual Delivery Agent (VDA), you can upgrade to:
- Citrix Workspace app 2301 or later and
- VDA – 2203 or later
Plug and Play audio device support
Previously, only a single audio playback and recording device was supported and displayed as Citrix HDX Audio irrespective of the real device name.
Starting with the 2301 release, we support multiple audio devices and redirect them to VDA. Now, when you redirect USB audio devices, you can view the real name of the audio device under the Sound settings > Playback and Sound settings > Recording on the VDA. The list of devices on the VDA is dynamically updated whenever an audio device is plugged in or removed.
Citrix Workspace App 2303 for Chrome OS
Plug and Play audio device support
Previously, only a single audio playback and recording device was supported and displayed as Citrix HDX Audio irrespective of the real device name.
Starting With the 2303 release, you can connect multiple audio devices and redirect them to VDA. When you redirect USB audio devices, you can now view the real name of the audio device under the Sound settings > Playback and Sound settings > Recording on the VDA. The list of devices on the VDA dynamically update whenever an audio device is plugged in or removed.
NOTE:
By default, this feature is enabled.
For more information, see Plug and Play audio device support.
Background blurring and effects in Microsoft Teams optimization
Starting with the 2303 release, Citrix Workspace app for ChromeOS supports background blurring and effects in Microsoft Teams optimization for video calls. You can either blur or replace the background effects povided by Microsoft Teams to avoid unexpected distractions by helping the conversation stay focused on the silhouette (body and face). This feature can be used with P2P and conference calls.
NOTES:
- By default, this feature is disabled.
- This feature is now integrated with the Microsoft Teams UI. Multi-window support is a prerequisite that needs a VDA update to 2112 or higher. For more information, see Multi-window meetings and chat.