Citrix have released a new version of Citrix Virtual Apps and Desktop 7 2305.

Release 7 2305 is now available for download, 14th June, 2023.

Citrix Virtual Apps & Desktop 7 2305 is a CR release. Read more about CR here

Citrix Virtual Apps (former name: XenApp) Citrix Virtual Desktop (former name: XenDesktop)

Citrix raises the bar of for user experience and new product release of following technologies:

• WebStudio 2305
• Director 2305
• Citrix Licensing 11.17.2 build 41000
• Virtual Delivery Agents 2305 for ServerOS and ClientOS
• Virtual Delivery Agent 2305 for Linux
• Citrix Federated Authentication Service 2305
• Citrix Provisioning 2305
• Profile Management 2305
• Workspace Environment Management 2305
• Session Recording 2305
• Citrix Virtual Apps and Desktop Service (March-Jun 2023)
• Workspace App 2303 for Windows
• Workspace App 2305 for Linux
• Workspace App 2305 for Chrome
• Workspace App 2305 for Android
• Workspace App 2305 for MacOS
• Workspace App 2305 for HTML5
• Workspace App 2305 for ChromeOS

What’s new in Citrix Virtual Apps and Desktop 7 2305

Citrix Web Studio

Autoscale available with Citrix Virtual Apps and Desktops

Starting with this release, you can use Autoscale to power manage machines in your Citrix Virtual Apps and Desktops deployments. It provides a consistent, high-performance power management solution, letting you balance costs and user experience. For more information, see Autoscale.

Support for identifying why a machine is in maintenance mode

Previously, PowerShell was your only choice to identify why a machine was in maintenance mode. You can now achieve that in Web Studio:

1. Use Search to locate the machine.
2. Check Maintenance Reason on the Details tab in the lower pane. Or, hover over the Maintenance mode column. The following information can appear:
   • By Administrator: Put into maintenance mode by the administrator.
   • Maximum Failed Registrations: Put into maintenance mode as machine exceeded maximum allowed registration attempts.

Also, the Maintenance Reason filter is now available. You can use it to identify the target machines. The feature is useful for administrators to troubleshoot issues with machines in maintenance mode.

Support for using shared images to create Azure machine catalogs

When creating Azure catalogs in Web Studio, you can now select shared images from different subscriptions (shared through the Azure Compute Gallery). For more information, see Create a machine catalog using an Azure Resource Manager image.

Ability to track the progress of catalog creation and updates

Web Studio now lets you stay up to date on catalog creation and updates. You can gain an overview of the creation and update process, view the history of steps performed, and monitor the progress and running time of the current step. For more information, see Start creating the catalog.

Change certain VM settings after creating Azure VM catalogs

Using Web Studio, you can now change the following settings after creating a catalog:

• Machine size
• Availability zones
• Machine profile
• License type

To do that, on the Machine Catalogs node, select the catalog and then select Edit Machine Catalog in the action bar. For more information, see Edit a catalog.

Policy modeling improvements

The policy modeling feature is now generally available with Web Studio. You can simulate policies for planning and testing purposes. For more information, see Use the Policy Modeling wizard.

More session details

When you view a session in Web Studio > Search > Sessions, the session view (in the lower pane) now includes more session details to help you troubleshoot and identify client issues:

• Reconnect time. The time when a session reconnected after being disconnected.
• Client platform. The platform used to launch the session.
• Client version. The version of the client platform used to launch the session.
• Remote host IP. The IP address of the remote host where Citrix Workspace is being hosted.

Citrix Studio

Browse for apps to add manually

A Browse button is now available on the Add Application Manually page. With it, you can easily browse for and select an app from a VDA in the delivery group. For more information, see Create delivery groups and Applications.

Machine Creation Services (MCS)

Support for changing disk related custom properties of an existing catalog and existing VMs in GCP

Previously, in GCP environments, you could add the custom properties only when you created the MCS machine catalog. With this feature, you can now change the following disk-related custom properties of an existing catalog and existing VMs of the catalog.

• PersistOSDisk
• PersistWBC
• StorageType
• IdentityDiskStorageType
• WbcDiskStorageType

This implementation helps you to select different storage types for different disks even after you create a catalog and thus, balance pricing associated with different storage types. For more information, see Change disk related custom properties of an existing catalog.

Ability to reset the OS disk of a persistent VM in an MCS created machine catalog in Azure, Citrix Hypervisor, and Google Cloud

You can now use the PowerShell command Reset-ProvVMDisk to reset the OS disk of a persistent VM in an MCS created machine catalog. The feature automates the process of resetting the OS disk. For example, it helps in resetting the VM to its initial status of a persistent development desktop catalog created using MCS. Currently, this feature is applicable to Azure, Citrix Hypervisor, Google Cloud, and VMware virtualization environments. For more information on using the PowerShell command to reset the OS disk, see Reset OS disk.

Support for creating hybrid Azure Active Directory joined machines

When you create a catalog, a Hybrid Azure Active Directory joined identity type, is now available in Machine Identities. With that identity type, you can use MCS to create hybrid Azure Active Directory joined machines. Those machines are owned by an organization and signed into with an Active Directory Domain Services account that belongs to that organization.

For information about requirements and considerations related to hybrid Azure Active Directory join, see Hybrid Azure Active Directory joined.

For information about creating hybrid Azure Active Directory joined catalogs, see Create Hybrid Azure Active Directory joined catalogs.

Ability to get historical errors and warnings associated with an MCS machine catalog

Previously, you only got the latest warnings and errors associated with a machine catalog. With this feature, you can now get a list of the historical warnings and errors of an MCS machine catalog. This list helps you to understand any issues with your MCS machine catalog and fix those issues.

For more information, see Retrieve warnings and errors associated with a catalog.

Support for converting a non-machine profile-based machine catalog to machine profile-based machine catalog in Azure environment

In the Azure environment, you can now use a VM or template spec as a machine profile input to convert a non-machine profile-based machine catalog to machine profile-based machine catalog. Existing VMs and new VMs added to the catalog take property values from the machine profile unless overwritten by the explicit custom property. For more information, see Convert a non-machine profile-based machine catalog to machine profile-based machine catalog.

Improved host connection creation experience

You can now get the following information while you create a host connection:

• List of all Citrix supported hypervisor plug-ins, including third party plug-ins
• Availability of hypervisor plug-in. If the availability status is false, possible reason could be that Cloud Connector is not installed

This feature helps you to correctly setup a resource location and thus, create a host connection. For more information, see Connection.

Support for double encryption on managed disk in Azure environment

In the Azure environment, you can now create an MCS machine catalog with double encryption. Double encryption is platform-side encryption (default) and customer-managed encryption (CMEK). Therefore, if you are a high security sensitive customer who is concerned about the risk associated with any encryption algorithm, implementation, or a compromised key, you can opt for this double encryption. Persistent OS and data disks, snapshots, and images are all encrypted at rest with double encryption. For more information, see Double encryption on managed disk.

Ability to reject invalid custom properties in Google Cloud Platform (GCP) and Azure environments

You can now avoid potential confusion if custom properties set at New-ProvScheme and Set-ProvScheme do not take effect. If you specify non-existing custom property or properties, you get an error message. For more information, see Important consideration about setting custom properties.

Support for validating ARM template spec

You can now validate the ARM template spec to make sure that it can be used as a machine profile to create a machine catalog. There are two ways to validate the ARM template spec:

• Using the Web Studio
• Using the PowerShell command

For more information on validating the ARM template spec, see Create a machine catalog using an Azure Resource Manager image.

Support for updating hardware version of new VMs added in an MCS machine catalog

In VMware environments, you can now update the hardware version of the newly added VMs in an existing MCS machine catalog using a machine profile source. Therefore, you do not have to create a machine catalog to update the hardware version of the VMs added to a catalog. You must use the machine profile workflow to use this feature.

Support for machine profile in VMware

In VMware environments, you can now create an MCS machine catalog using a machine profile. The source of the machine profile input is a VMware template. The machine profile captures the hardware properties from a VMware template and applies them to the newly provisioned VMs in the catalog. For more information, see Create a machine catalog using a machine profile.

Support for zone-redundant storage in Azure

Previously, MCS offered only locally redundant storage. With this feature, zone-redundant storage is now an option in Azure, allowing you to select a storage type depending on what type of redundancy you want to use. Zone-redundant storage replicates your Azure managed disk across multiple availability zones, which allows you to recover from a failure in one zone by using the redundancy in others. For more information, see Enable zone-redundant storage.

Support for getting custom properties from the machine profile input in GCP

Previously, in GCP environments, while creating an MCS machine catalog using a machine profile input, you had to explicitly specify the custom properties. The action forced an extra effort. With this feature, you can now derive the following custom properties without explicitly defining them:

• ServiceOffering
• CryptoKeyId
• CatalogZones
• Storage

When you run New-ProvScheme and Set-ProvScheme commands and do not explicitly specify the custom properties, then the values of the properties are derived from the machine profile input.

For example, New-ProvScheme -MachineProfile writes the machine profile’s machine type to the provisioning scheme’s ServiceOffering property unless you specify ServiceOffering in the New-ProvScheme command. If you run Set-ProvVMScheme twice, then the most recent command takes effect.

Support for machine catalog creation using an image from a different subscription in the same Azure tenant

Previously, in Azure environments, you could only select an image within your subscription to create a machine catalog. With this feature, you can now select an image in the Azure Compute Gallery (formerly Shared Imaged Gallery) that belongs to a different shared subscription to create and update MCS catalogs.

For information on sharing images with another service principal in the same tenant, see Image sharing with another service principal in the same tenant.

Increased capacity with improved performance for Citrix in Google Cloud

Citrix can now support catalogs containing up to 3,000 VDAs in a single Google Cloud project. This update brings performance improvements to both provisioning and power management operations.

Microsoft Teams Optimization

Audio quality for legacy codecs has increased

We have three options for audio redirection: medium quality, high quality, and adaptive audio. More bandwidth has been allocated for medium and high audio codecs. Medium bandwidth increased to 24 kbps and high bandwidth increased to 224 kbps.

Citrix Director

• Support authentication via Citrix Gateway. Citrix Probe Agent for application and desktop probing now supports authentication via Citrix Gateway domain credentials. This helps run the Probe Agent on machines that are connected to StoreFront via Citrix Gateway. The comprehensive probe results available on Director help troubleshoot issues related to the applications, hosting machine, or connection before the users experience them. For more information, see Application Probing and Desktop Probing
• Autoscale management in Director. You can monitor the metrics of Autoscale-managed machines from the Trends pages. For more information, see Monitor Autoscale-managed machines. Autoscale provides a consistent, high-performance solution, to proactively power manage your machines. It aims to balance costs and user experience. For more information, see Autoscale.

Citrix Licensing 11.17.2 build 43000

What’s new in the License Server version 11.17.2 build 43000

Moment.js version update

Moment.js 2.29.4

Apache version update

Apache 2.4.57

OpenSSL version update

OpenSSL 1.1.1t

jQuery version update

jQuery 3.5.1

Configure a proxy server within Citrix Licensing Manager

Starting with this release, you can view and configure proxy server settings from the Citrix Licensing Manager UI. Go to Settings > Server Configuration > Configure a Proxy Server to view your proxy server settings. You can edit these settings to add, modify, or remove a proxy server as needed. For more information, see Configure a proxy server within Citrix Licensing Manager.

Alert for licenses with a future start date

An alert message appears when you upload a license file that contains licenses with a future start date. The message states that your licenses won’t be visible in the License Server inventory until the start date. This alert is displayed in the Citrix Licensing Manager > Install Licenses tab.

When there are multiple licenses with a future start date, the following message appears:

When there is a single license with a future start date, the following message appears:

Addition of Product Information tab

In this release of Citrix Licensing Manager, a new section about product information is added. This section provides information about License Server updates such as:

• the latest version of License Server available for download
• the most recent updates
• the last successful attempt for updates
• updates to open-source software such as OpenSSL and Apache versions for a particular release

Virtual Delivery Agents (VDAs) 7 2305 for Windows Desktop/Server OS.

Multiple webcam resolutions support for VDA and CWA Windows

High-definition webcam streaming now supports all webcam resolutions. If media type negotiation fails, HDX now defaults back to the default VGA resolution (640 x 480 pixels). See High-definition webcam streaming for details.

Audio diagnostic command line tool

A command line tool is now included on the VDA that can be used to query session data related to audio policies, configuration, and data transport. For more information, see Audio diagnostic command line tool.

Web Studio

Virtual Delivery Agents (VDAs) 7 2305 for Linux

Version 2305 of the Linux VDA includes the following new features and enhancements:

Support for SQLite

SQLite is now fully supported. You can specify SQLite or PostgreSQL to use by editing /etc/xdl/db.conf after installing the Linux VDA package. For more information about specifying a database to use, see the easy install and manual installation articles.

NOTE:

The Linux XDPing tool does not perform SQLite tests.

Session logon enhancements

This release enhances the session logon experience from the following aspects:

• Allows users to toggle the visibility of passwords and PIN codes, making it easy for users to find out incorrect inputs.
• Displays the session logon banner message and the authentication dialog on separate screens.
• Shows the session logon process and requires passwords or PIN codes for session reconnections in non-SSO scenarios.
• If users log on to VDA sessions with credentials different from those used to log on to Citrix Workspace app, the authentication dialogs are displayed separately. Users can easily identify when credentials are erroneously entered.
• Adds support for the following combinations of user authentication methods in non-SSO scenarios:Citrix Workspace appVDA sessionFASuser nameFASsmart card

For more information, see Custom backgrounds and banner messages on session logon screens and Non-SSO authentication.

More registry keys available for temp home directory settings

This release introduces two more registry keys that help with temp home directory settings:

• CheckUserHomeMountPoint
• CheckMountPointRetryTime

For more information, see Logon with a temp home directory.

Support for Fast Identity Online (FIDO2) authentication (preview)

You can now set up FIDO2 authentication to access websites using Google Chrome hosted on the Linux VDA. For more information, see FIDO2 (preview).

NOTE:

This feature is in preview. Preview features might not be fully localized and are recommended for use in non-production environments. Issues found with preview features are not supported by Citrix Technical Support.

H.264 lossless compression support for HDX 3D PRO

H.264 lossless compression support is now available for HDX 3D PRO hardware acceleration by NVIDIA GPUs. For more information, see H.264 lossless compression.

Extended wildcard support for specifying URLs to redirect

When specifying URLs whose content can be redirected to the client, you can now use the * wildcard to represent all URL components except the protocol. For more information, see Browser content redirection.

Support for VDA data backup and comparison by using XDPing

For troubleshooting purposes, we have added a VDA backup module to the XDPing tool. This module lets you back up the key data of a VDA at any time, such as the configuration, database, and binary permission data. You can back up the key data of the VDA when it is running properly. In case the VDA fails later, back up another copy of the data and compare the two copies of data to facilitate troubleshooting. For more information, see XDPing.

SSSD support for using MCS to create RHEL 8.x/9.x and Rocky Linux 8.x/9.x VDAs

You can now use System Security Services Daemon (SSSD) to join Active Directory domains when using MCS to create RHEL 8.x/9.x and Rocky Linux 8.x/9.x VDAs.

NOTE:

To use a currently running RHEL 8.x/9.x or Rocky Linux 8.x/9.x VDA that is connected to the domain using SSSD as the template VM for MCS, ensure that:

• The VDA is installed manually and not by using easy install. Easy install uses Adcli for RHEL 8.x/9.x and Rocky Linux 8.x/9.x and the combination of SSSD and Adcli is not supported by MCS.
• A Samba server is configured to use SSSD for AD authentication. For more information, see the Red Hat article at https://access.redhat.com/solutions/3802321.

For more information, see Create Linux VDAs using MCS.

Support for new Linux streaming target devices

We have extended Linux streaming to the following distributions:

• RHEL 8.7
• Rocky Linux 8.7
• SUSE 15.4

For more information, see Create Linux VDAs using Citrix Provisioning and Streaming Linux target devices in the Citrix Provisioning documentation.

Citrix Federated Authentication Service 2305

This release of Federated Authentication Service includes no new features.

Citrix Provisioning 2305

This release of Citrix Provisioning includes the enhancements described in the following sections. It includes several fixes for issues seen in past releases, and issues that we have identified.

IMPORTANT:

Use the most recent version of the Citrix License Server to receive the latest provisioning features.

When upgrading Citrix Provisioning to the newest version, the latest License Server version is required. If you do not upgrade to the latest version of the License Server, the product license enters the 30-day grace period.

For more information, see Licensing.

Update licenses to enable telemetry uploads

As outlined at Required License Server Update, Cloud Software Group has updated the license requirements that require you to upload telemetry. This implementation implies that as a Citrix Provisioning customer, you must return and allocate your Citrix Virtual Apps and Desktops and Citrix Provisioning license. For more information on licenses, see Licensing.

Support for using PowerShell and MCLI commands to rotate encryption keys

Previously, you rotated the encryption keys using only the Citrix Provisioning console. With this feature, you can now use PowerShell and MCLI commands to rotate encryption keys. For more information, see Using PowerShell and MCLI commands to rotate encryption key.

Support for new Linux streaming target devices

For Linux streaming, the following operating systems are now supported:

• RHEL 8.7
• Rocky Linux 8.7
• SUSE 15.4

For more information, see Streaming Linux target devices.

Support for Azure SQL Database with on-premises Citrix Provisioning

Citrix Provisioning 2203 LTSR and later support Azure SQL Database platform with on-premises Citrix Provisioning. For Azure SQL Database platform, only SQL login authentication is supported.

NOTE:

Azure SQL Managed Instance is not supported with on-premises Citrix Provisioning.

Citrix Profile Management 2305

This release includes the following new features and enhancements. It also addresses several issues that help to improve overall performance and stability.

Support for user-level policy settings

By default, most Profile Management policies work only at the machine level. With the user-level policy settings feature enabled, those policies can work at the user level, and user-level settings override machine-level settings.

This feature is useful for organizations where different users or user groups require different Profile Management settings. For more information, see Enable and configure user-level policy settings.

Enhancements to Outlook container

These enhancements simplify the process of fully enabling Outlook containers while offering a high level of availability for Outlook service:

• Automatic enabling of Cached Exchange modePreviously, to have OST files downloaded to Outlook containers, you had to manually enable the Use Cached Exchange Mode to download email to an Outlook data file setting for each user’s Exchange account. Profile Management now automatically enables this setting for users when all conditions for Outlook containers to work are met.
• Automatic switching between Cached Exchange mode and Online mode.
  • When the container is detached, Outlook automatically switches to Online mode.
  • When the container is reattached, Outlook automatically switches back to Cached Exchange mode.
  This enhancement offers a high level of availability for the Outlook service.

For more information, see Enable native Outlook search experience.

Always On Tracing logs

The Always on Tracing feature is now available for Profile Management. This feature provides detailed logs that can help identify critical problems with Profile Management, thereforce reducing the need to reproduce problems. For more information, see Collect the Always On Tracing log file.

Support for Google Drive in Mirroring Files for Sync mode

Profile Management containers now support Google Drive both in Mirroring Files for Sync mode and Streaming Files for Sync mode, giving you more flexibility in choosing cloud storage.

Citrix Workspace Environment Management 2305

This release includes the following new features and addresses issues to improve the user experience:

Enhancement to gMSA support

This enhancement simplifies the process of configuring a group Managed Service Account (gMSA) for use with Workspace Environment Management (WEM). You can now use the GUI to configure the account. After binding the Citrix WEM SPN with the account, you can select the account in the same way as you do for an AD user when you do the following:

• Create a WEM database.
• Configure the infrastructure service.
• Upgrade the database.

For more information, see Group Managed Service Account.

Wake up agents

This release introduces the Wake on LAN feature, which lets you remotely turn on agent hosts. WEM automatically selects agents that reside on the same subnet as the target agents and uses those agents as Wake on LAN messengers. This feature requires hardware compatible with Wake on LAN. To use this feature, verify that the target machines satisfy the hardware requirements and relevant BIOS settings are configured. For more information, see Wake on LAN.

Profile Management

Workspace Environment Management now supports the following Profile Management policies. The following new option is now available in the Administration Console > Policies and Profiles > Citrix Profile Management Settings.

• Enable active write back on session lock and disconnection
  • Available on the Main Profile Management Settings tab.
  • If enabled, profile files and folders are written back only when a session is locked or disconnected. With both this option and the Enable Active write back registry option enabled, registry entries are written back only when a session is locked or disconnected.
  For more information, see Citrix Profile Management Settings.
• Enable VHD disk compaction
  • Available on the Profile Container Settings tab.
  • If enabled, VHD disks are automatically compacted on user logoff when certain conditions are met. This option enables you to save the storage space consumed by profile container, OneDrive container, and mirror folder container. Advanced options are available on the Advanced Settings tab, including:
    • Disable defragmentation for VHD disk compaction, Set free space ratio to trigger VHD disk compaction, and Set number of logoffs to trigger VHD disk compaction. When Enable VHD disk compaction is enabled, use these three options to adjust the default VHD compaction settings and behavior.
  For more information, see Citrix Profile Management Settings.
• Enable asynchronous processing for user Group Policy on logon
  • Available on the Advanced Settings tab.
  • If enabled, Profile Management roams with users a registry value that Windows uses to determine the processing mode for the next user logon — synchronous or asynchronous processing mode. This ensures that the actual processing mode is applied each time users log on.
  For more information, see Citrix Profile Management Settings.
• Enable app access control
  • Available on the App Access Control tab.
  • If enabled, Profile Management controls user access to items (such as files, folders, and registries) based on the rules you provide. A typical use case is to apply rules to control user access to apps installed on machines — whether to make apps invisible to relevant users. This feature can simplify application and image management. For example, using the feature, you can deliver identical machines to different departments while meeting their different application needs, thus reducing the number of images.

Citrix Session Recording 2305

Support for Azure SQL Database

You can now install the Session Recording database on Azure SQL Database.

For more information, see Install the Session Recording database on Azure SQL Database. For a complete list of the operating systems and database services that you can install the Session Recording database on, see System requirements.

Support for sharing recordings as unrestricted links

In the Session Recording web player, you can now share recordings as unrestricted links so that anyone in your AD domain can access the recordings using the links.

To facilitate managing unrestricted links, Session Recording lets you:

• Set a validity period for each of the links.
• (Optional) Enter a justification when generating the links.
• Get an overview of which recordings have been shared as unrestricted links.
• View all unrestricted links of a specific recording.
• Know which users have accessed an unrestricted link.
• Revoke unrestricted links that haven’t expired.
• Clear invalid links that have expired or revoked.

For more information, see Share recordings as links.

Configure Session Recording timespan for blocking sensitive information disclosure

Session Recording allows you to bypass specified periods when recording the screen to prevent sensitive information from being disclosed. The sensitive information blocking capability is enabled by using the Session-Pause and Session-Resume cmdlets. This release enhances the feature by allowing you to configure the amount of time of the screen recording you want to skip before sensitive information is detected. The default value is 1 second. For more information, see Sensitive information blocking.

Advanced filters available for ICLDB ARCHIVE and ICLDB REMOVE commands

When using the ICLDB ARCHIVE and ICLDB REMOVE commands to archive and remove session recording files, you can now set advanced filters by appending the RULES parameter. For more information, see Manage recordings.

Support for email alerts in your preferred language

You can now send email alerts even if the operating system language of your Session Recording server is not one of the following languages that Session Recording supports:

• English
• French
• German
• Spanish
• Japanese
• Simplified Chinese

If the operating system language of your Session Recording server is not one of the supported languages, email alerts are sent in English by default. You can customize a language to send email alerts in. To do so, find the email template called template.en.html under <Session Recording server installation path>\Bin\templates and then change the plain text in the template to your preferred language. For more information, see Configure event response policies.

Citrix Virtual Apps and Desktops service

June 2023

New and enhanced features

Dynamic session timeout support extended to VDA version 2203 LTSR CU3 or later. For single-session OS delivery groups, this feature now applies to VDAs of version 2206 CR or later, or 2203 LTSR CU3 or later. For more information, see Dynamic session timeouts.

Improved host connection creation experience in Full Configuration. After you select a resource location, the Connection type drop-down list now displays all Citrix-supported hypervisors and cloud services, and their availabilities depend on:

• For a resource location without accessible Cloud Connectors, only hypervisors and cloud services that support connectorless deployments are available.
• For a resource location with accessible Cloud Connectors, only hypervisors and cloud services that have their plug-ins properly installed on those connectors are available.

For more information, see Create and manage connections.

Additional component selection in VDA upgrade. You can now select which additional components to upgrade or install while upgrading a VDA. For more information, see Configure auto-upgrade for VDAs.

IMPORTANT:

To use the additional components feature, make sure that your VDA Upgrade Agent is version 7.34 or later, which is included in the VDA installer version 2206 or later.

Full Configuration now preconfigures certain settings for Azure machines based on machine profiles. When you provision Azure VMs, Full Configuration now preconfigures the following settings based on the selected machine profile:

• Host group
• Disk Encryption Set
• Availability Zone
• License Type

Support for AWS instance hibernation. You can now launch AWS instances, set them as desired, and hibernate them. The hibernation process stores the in-memory state of the instance, along with its private and elastic IP addresses, allowing it to pick up exactly where it left off. For more information on creating VMs that support hibernation, see Instance Hibernation.

Support for optimizing AWS throttling. You can now power on and off a large number of machines in an AWS catalog without encountering throttling issues. Throttling issues occur when the number of requests sent to AWS exceeds the number of requests that the server can handle. This feature increases efficiency by reducing the number of AWS calls to power machines on and off in bulk. It also significantly reduces the time taken to power on and off machines in persistent catalogs.

Secure environment for Azure managed traffic. Previously, you relied on the public internet to let your Azure endpoints interact with resources in your environment. As a result, security concerns were raised because the public internet was accessed. With this feature, MCS enables network traffic to be routed through Citrix Cloud Connectors in your environment. This makes the environment safe because now all Azure managed traffic originates from your own environment. To do this, add ProxyHypervisorTrafficThroughConnector in CustomProperties. For more information, see Create a secure environment for Azure managed traffic.

After you set the custom properties, you can configure Azure policies to have private disk access to Azure managed disks.

Support for provisioning catalog VMs with Azure Monitor Agent. Azure Monitor Agent (AMA) collects monitoring data and delivers it to Azure Monitor. With this feature, you can provision MCS machine catalog VMs (persistent and non-persistent) with AMA installed as an extension. This implementation enables monitoring by uniquely identifying the VMs in monitoring data. For more information on AMA, see Azure Monitor Agent overview.

Currently, MCS supports only the machine profile workflow for this feature. For more information on provisioning machine catalog VMs with AMA enabled, see Provision catalog VMs with Azure Monitor Agent installed.

Enable restart schedule for an MCS catalog. Previously, you could schedule image updates by waiting for the next restart or by triggering an immediate restart of all VMs. With this feature, you can now create a one-time restart schedule for a catalog to be triggered on a desired date and time to facilitate MCS image updates. To create a restart schedule, use the BrokerCatalogRebootSchedule command. For more information, see Change the master image.

May 2023

New and enhanced features

Search enhancements. This feature enhances visuals and interactions for filters, bringing you a better search experience. For more information, see Use Search in the Full Configuration management interface.

New user exclusions policy where you can define directory paths that are not redirected to the user layer. User exclusions apply to the user personalization layer (UPL), but not to the session host. Logoff.txt now contains all active user exclusions. For more information, see User personalization layer.

Support for updating hardware version of new VMs added in an MCS machine catalog. In VMware environments, you can now update the hardware version of the newly added VMs in an existing MCS machine catalog using a machine profile source. You do not have to create a new machine catalog to update the hardware version of the VMs added to a catalog. You must use the machine profile workflow to use this feature.

Support for filtering AWS VM instances. Previously, when you used an AWS VM instance as a machine profile input to create an MCS machine catalog, the catalog sometimes did not create or function correctly because of invalid machine profile input. With this feature, you can now list the AWS VM instances that can be used as valid machine profile VMs. To do this, use the Get-HypInventoryItem command. For more information, see Filtering VM instances.

Support for converting a non-machine profile-based machine catalog to machine profile-based machine catalog in Azure environment. In the Azure environment, you can now use a VM or template spec as a machine profile input to convert a non-machine profile-based machine catalog to machine profile-based machine catalog. Existing VMs and new VMs added to the catalog take property values from the machine profile unless overwritten by explicit custom properties. For more information, see Convert a non-machine profile-based machine catalog to machine profile-based machine catalog.

Support for double encryption on managed disk in Azure environment. In Azure environment, you can now create an MCS machine catalog with double encryption. Double encryption is platform-side encryption (default) and customer-managed encryption (CMEK). Therefore, if you are a high security sensitive customer who is concerned about the risk associated with any encryption algorithm, implementation, or a compromised key, you can opt for this double encryption. Persistent OS and data disks, snapshots, and images are all encrypted at rest with double encryption. For more information, see Double encryption on managed disk.

Support for machine profile in VMware. In VMware environments, you can now create an MCS machine catalog using a machine profile. The source of the machine profile input is a VMware template. The machine profile captures the hardware properties from a VMware template and applies them to the newly provisioned VMs in the catalog. For more information, see Create a machine catalog using a machine profile.

Ability to reset the OS disk of a persistent VM in an MCS created machine catalog in Azure and Citrix Hypervisor. You can now use the PowerShell command Reset-ProvVMDisk to reset the OS disk of a persistent VM in an MCS created machine catalog. The feature automates the process of resetting the OS disk. For example, it helps in resetting the VM to its initial status of a persistent development desktop catalog created using MCS. Currently, this feature is applicable to Azure, Citrix Hypervisor, and VMware virtualization environments. For more information on using the PowerShell command to reset the OS disk, see Reset OS disk.

Improved host connection creation experience. You can now get the following information while you create a host connection:

• List of all Citrix supported hypervisor plug-ins, including third party plugins
• Availability of hypervisor plug-in. If the availability status is false, possible reason might be that Cloud Connector is not installed

This feature helps you to correctly set-up a resource location and thus, create a host connection. For more information, see Step 1. Connection.

User experience improvements for the Policies node. To improve the user experience and make policy management more efficient, we’ve implemented the following improvements to the Full Configuration > Policies node:

• New UI design for the Create Policy and Create Template actions:
  • Expandable folder view for policy settings. On the Select Settings page, all settings are displayed by category in an expandable tree view, making it easier to find a setting.
  • To select a setting, you simply click a check box instead of using the Select button.
  • Legacy settings have been hidden by default so that only the most relevant settings are shown. If legacy settings are needed, select Include legacy settings.
  • An action button has been added next to a Boolean setting, enabling you to change its value directly in the settings list.
  
• New UI design for the Edit Policy action:
  • The navigation menu has been updated to an unordered list. Each item in the list now includes a Save button on its page. With this new design, you can save changes made to an item without having to navigate through all items in the navigation menu. These improvements make policy management more efficient and streamlined.
  • Red dots appear next to the navigation items to indicate setting errors.
  
• Drag to reprioritize policies. In the priority list, you can now change the priority of a policy by dragging it to a desired position.

New option to turn off forced user logoff for AutoScale. A new option, Neither notify nor force user logoff, is now available on the Manage Autoscale > User Logoff Notification page. With the option selected, Autoscale will neither force users to log off from machines in drain state nor notify users to log off and log on to a different machine. For more information, see User logoff notifications.

Ability to restart Windows 365 Cloud PCs. You can now use Citrix DaaS to restart Windows 365 Cloud PCs.

More session details. When you view a session in Full Configuration > Search > Sessions, the session view (in the lower pane) now includes more session details to help you troubleshoot and identify client issues:

• Reconnect time. The time when a session reconnected after being disconnected.
• Client platform. The platform used to launch the session.
• Client version. The version of the client platform used to launch the session.
• Remote host IP. The IP address of the remote host where Citrix Workspace is being hosted.

Support for renaming Azure AD security groups for VMs. For VMs added to an Azure AD security group through Citrix DaaS, you can now rename the security group using Full Configuration > Edit Machine Catalog. Renaming occurs after you save the change.

Default domain selection for machine accounts. When you create a catalog, the domain where the resource (connection) resides is selected by default for machine accounts.

Ability to display the Azure AD assigned security groups for VMs to join. In Full Configuration, when you create Azure Active Directory joined VMs, an option, Join an assigned security group as a member, is now available, letting you add the Azure AD security group where the VMs reside to an assigned security group. For more information, see Create a machine catalog using an Azure Resource Manager image.

Support for changing networks for connections. In Full Configuration, you can now change networks for a connection. You can’t unassociate networks from a connection if they are in use. For more information, see Edit network.

Ability to remove tags in Azure environments. Previously, Remove-ProvVM and Remove-ProvScheme PowerShell commands with ForgetVM parameter removed the VMs and machine catalogs from the Citrix database. However, the commands didn’t remove the tags from the resources. You had to individually manage the VMs and machine catalogs that weren’t deleted entirely from all the resources. With this feature, you can use:

• Remove-ProvVM with ForgetVM parameter to remove VMs and tags created on the resources from a single VM or a list of VMs from a machine catalog.
• Remove-ProvScheme with ForgetVM parameter to remove a machine catalog from the Citrix database and tags created on the resources from an entire machine catalog.

This implementation helps in identifying orphaned resources that are created by MCS but no longer used by MCS.

This feature is only applicable to persistent VMs. For more information, see Remove tags.

April 2023

New and enhanced features

Publishing with specific cloud platforms using Citrix Provisioning in Image Portability Service. Specific workflows for using Image Portability Service to publish in AWS, Azure, and Google Cloud are now available. In addition, the required permissions for Azure and networking have been updated. For more details, see Migrate workloads to public cloud.

Support for identifying why a machine is in maintenance mode. Previously, PowerShell was your only choice to identify why a machine was in maintenance mode. You can now achieve that in Full Configuration:

1. Use Search to locate the machine.
2. Check Maintenance Reason on the Details tab in the lower pane. Or hover over the Maintenance Mode column. The following information can appear:

• By Administrator: Put into maintenance mode by administrator.
• Maximum Failed Registrations: Put into maintenance mode as machine exceeded maximum allowed registration attempts.

Also, a filter, Maintenance Reason, is now available. You can use it to identify the target machines.

The feature is useful for administrators to troubleshoot issues with machines in maintenance mode.

Use variables to notify users of remaining time before they are logged off. When forcing user logoff, you can now use %s% or %m% as variables to indicate the specified time in the notification message. To express the time in seconds, use %s%. To express the time in minutes, use %m%. For more information, see User logoff notifications.

Support for customizing power on behavior at storage type change failure. At power-on, the storage type of a managed disk might fail to change to the desired type due to a failure on Azure. Previously, in these scenarios, the VM would remain off with a failure message sent to you. With this feature, you can either choose to power on the VM even when storage cannot be restored to its configured type or choose to keep the VM powered off. For more information, see Customize power on behavior at storage type change failure.

Support for MAK activation. You can now provision persistent and non-persistent machine catalogs with VMs activated through the Multiple Activation Key (MAK). With this feature, now MCS can also communicate with provisioned VMs. This implementation helps in activating the Windows system without losing activation counts. For more information, see Volume licensing activation.

Support for Azure disk encryption at host. With this feature, you can now create an MCS machine catalog with encryption at host capability. Currently, MCS supports only the machine profile workflow for this feature. You can use a VM or a template spec as an input for a machine profile. For more information, see Azure disk encryption at host.

In this type of encryption, the server hosting the VM encrypts the data and then the encrypted data flows through the Azure storage server. Therefore, this method of encryption encrypts data end to end. For more information, see Encryption at host – End-to-end encryption for your VM data.

Support for GCP instance template as an input for machine profile. With this feature, you can now select a GCP instance template as an input for the machine profile. Instance templates are lightweight resources in GCP, therefore are very cost effective. To do this, use PowerShell commands. For more information on using PowerShell commands to create and update machine catalogs by selecting a GCP instance template, see Create a machine catalog with machine profile as an instance template.

Support for modifying Azure AD dynamic security group name. You can modify or delete an Azure AD dynamic security group name from Azure portal. This action can make the Azure AD dynamic security group name out-of-sync with the dynamic security group associated with a machine catalog. With this feature, you can now modify the Azure AD dynamic security group name associated with a machine catalog.

This modification helps you to make the Azure AD dynamic security group information stored in Azure AD identity pool object to be consistent with the information stored in Azure portal. For more information, see Modify Azure AD dynamic security group name.

Added permissions required in GCP. The permissions required to do the following are now added:

• Create host connection
• Do power management of VMs
• Provision catalogs

For more information, see About GCP permissions.

Credential handling. For enhanced security, by default, credentials are not forwarded to the cloud for users who are not in the same domain as their VDAs. Login attempts fail when all of the following conditions are met:

• The user is in a domain different from the VDA
• No trust exists between the domains
• StoreFront is installed in the same domain as the VDA

Previously under these conditions, the user couldn’t be authenticated to StoreFront. So, the Cloud Connector forwarded user credentials to the cloud to route the authentication request to the correct destination for that user. This behavior can still be configured if needed. For more information, see the CredentialForwardingToCloudAllowed parameter of Set-Brokersite in the DaaS PowerShell SDK.

Citrix Workspace App 2303 for Windows

What’s new in 2303

Quick launch of disconnected desktops

Starting with this release, the quick launch of disconnected desktops feature is enabled by default. You can launch your previously disconnected desktops instantly. When Citrix Workspace app starts up, it launches the disconnected sessions in hidden mode. The session is instantly presented when you launch the desktop.

NOTE:

This feature is applicable to Workspace (cloud) sessions only.

For more information, see Quick launch of disconnected desktops.

Client App Management for WebEx plug‑in [Technical Preview]

Download, install, and auto‑update of the WebEx plug‑in is supported and handled the same way as Zoom plug‑ins.

For more information on how to enable this feature, see Client App Management for WebEx plug‑in.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

You can provide feedback on this feature via the Podio form.

Configure path for Browser Content Redirection overlay Browser temp data storage

Starting with Citrix Workspace app 2303 version, you are requested to configure temp data storage path for Chromium Embedded Framework (CEF) based browser.

For more information, see Configure path for Browser Content Redirection overlay Browser temp data storage.

Support for modern authentication methods for StoreFront stores

Citrix Workspace app 2303 for Windows support modern authentication methods for StoreFront stores. You can authenticate to Citrix StoreFront stores using any of the following ways:

• Using Windows Hello and FIDO2 security keys. For more information, see Other ways to authenticate.
• Single sign-on to Citrix StoreFront stores from Azure Active Directory (AAD) joined machines with AAD as the identity provider. For more information, see Other ways to authenticate.
• Workspace administrators can configure and enforce Azure Active Directory conditional access policies for users authenticating to Citrix StoreFront stores. For more information, see Support for Conditional access with Azure AD.

To enable this feature, you must use Microsoft Edge WebView2 as the underlying browser for direct StoreFront and gateway authentication.

NOTE:

Ensure that the Microsoft Edge WebView2 Runtime version is 102 or later.

You can enable modern authentication methods for StoreFront stores using the GPO template. For more information, see Support for modern authentication methods for StoreFront stores section.

Improved experience for optimized Microsoft Teams video conference calls

Starting with this release, by default simulcast support is enabled for optimized Microsoft Teams video conference calls. With this support, the quality and experience of video conference calls across different endpoints are improved by adapting to the proper resolution for the best call experience for all callers.

With this improved experience, each user might deliver multiple video streams in different resolutions (for example, 720p, 360p, and so on) depending on several factors including endpoint capability, network conditions, and so on The receiving endpoint then requests the maximum quality resolution that it can handle thereby giving all users the optimum video experience.

NOTE:

This feature is available only after the roll-out of an update from Microsoft Teams. For information on ETA, go to and search for Microsoft 365 roadmap. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.

Enhancement to App Protection: Anti-DLL Injection

As part of App Protection, we now have a security enhancement that helps to protect the Citrix Workspace app from certain unauthorized dynamic-link libraries (DLL) or untrusted modules. If such untrusted modules are injected, the Citrix Workspace app detects these interventions and stops the modules from loading.

The anti-DLL injection can be enabled for the following components:

• Citrix Auth Manager
• Citrix Workspace app UI
• Citrix Virtual Apps and Desktops

For more information, see the App Protection documentation.

DISCLAIMER:

This capability works by filtering access to required functions of the underlying operating system (specific API calls required to load DLLs). Doing so means that it can provide protection even against certain custom and purpose-built hacker tools. However, as operating systems evolve, new ways of loading DLLs can emerge. While we continue to identify and address them, we cannot guarantee full protection in specific configurations and deployments.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 109.1.1.29, based on Chromium version 109. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Citrix Workspace App 2305 for iOS

What’s new

Extended keyboard enhancements

Starting with the 23.5.0 version, extended keyboard functionality is enhanced to provide a better user experience. The following are the enhancements:

• Pin or unpin the extended toolbar UI.
• Rotate the extended toolbar in sync with screen rotation.
• Support Windows icon key and 3-key combination shortcuts.
• Improve experience in multiple monitor use case scenarios.
• Auto open or collapse the extended toolbar UI.
• Improve the experience for Stage Manager mode (on iPad with M1 chip).

Citrix Workspace App 2305 for Linux

Support for IPv6 TCP with TLS [Technical Preview]

Previously, TLS connections between Citrix Workspace app for Linux and Virtual Delivery Agents (VDAs) were supported over the IPv4 network only.

With this release, Citrix Workspace app supports TLS connections over both IPv4 and IPv6.

This feature is enabled by default.

No additional configuration is required when you use IPv6 TLS direct connection with VDA on Citrix Workspace app for Linux.

You can provide feedback for this technical preview by using the Podio form.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Prerequisites for cloud authentication

Starting with the 2305 release, ensure that you have installed cURL 7.69 or later for cloud authentication.

Enhancement on 32-bit cursor support [Technical Preview]

Starting with Citrix Workspace app for Linux version 2212, support for the 32-bit cursor was enabled by default.

Starting with this release, you can disable the support for the 32-bit cursor. For this enhancement, a new parameter named Cursor32bitSupport is added in the wfclient.ini file.

To disable support for the 32-bit cursor, see Support for 32-bit cursor documentation.

You can provide feedback for this technical preview by using the Podio form.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Enhancement to support keyboard layout synchronization for GNOME 42

With this release, Citrix Workspace app for Linux supports keyboard layout synchronization for desktops like Ubuntu 22.04 which uses GNOME 42 desktop environment and later versions.

For more information, see Keyboard layout synchronization section.

Client IME for East Asian languages

Client Input Method Editor (IME) feature enhances input and display experience with Chinese, Japanese, and Korean (CJK) language characters in Citrix Workspace app for Linux. You can choose to use the Client IME when you have a favorite IME in Linux Client or IME is not available from the remote server.

For more information, see Client IME for East Asian languages.

Support for authentication using FIDO2 when connecting to on-premises stores [Technical Preview]

With this release, users can authenticate using passwordless FIDO2 security keys when signing in to on-premises stores through Citrix Workspace app for Linux. The security keys support different types of security inputs such as:

• Security pins
• Biometrics
• Card swipe
• Smart card
• Public Key Certificates.

For more information about FIDO2, see FIDO2 Authentication.

Citrix Workspace app uses the Citrix Enterprise Browser as the default browser for FIDO2 authentication. Administrators can configure the type of browser to authenticate to Citrix Workspace app.

For more information, see Support for authentication using FIDO2 when connecting to on-premises stores.

You can provide feedback for this technical preview by using the Podio form.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Copy and paste files and folders between two virtual desktops [Technical Preview]

Previously, you can copy only text between two virtual desktops. With this release, you can copy and paste files and folders between two virtual desktops. The maximum transfer of data in one single copy-paste operation is 200 MB. For more information, see File copy and paste documentation.

This feature is enabled by default.

NOTE:

Copy and paste files and folders between two virtual desktops is supported only on the x64 Linux distribution.

For more information, see Copy and paste files and folders between two virtual desktops.

You can provide feedback for this technical preview by using the Podio form.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Support for ARM64 architecture [Technical Preview]

Starting with this release, Citrix Workspace app for Linux supports ARM64 architecture-based devices. For this feature, we have included binaries that allow to install Citrix Workspace app on ARM64-based devices in the installer package. This installer package supports only resource enumeration, ICA launch, and audio redirection. The prerequisites and system requirements remain the same as installing the app on other architectures.

You can provide feedback for this technical preview by using the Podio form.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Addition of client-side jitter buffer mechanism

This feature ensures clear audio even when the network latency fluctuates. By default, this feature is enabled. To disable this feature, navigate to the /opt/Citrix/ICAClient/config/module.ini configuration file and edit JitterBufferEnabled=FALSE.

Webcam redirection for 64-bit

With this release, webcam redirection is supported for 64-bit applications. For more information, see Webcams.

Support for more than 200 groups in Azure AD

With this release, an Azure AD user who is part of more than 200 groups can view apps and desktops assigned to the user. Previously, the same user wasn’t able to view these apps and desktops.

NOTE:

Users must sign out from Citrix Workspace app and sign in back to enable this feature.

Support for App Protection on Ubuntu 22.04

Starting with Citrix Workspace app for Linux version 2305, you can start protected virtual apps and desktops from the Citrix Workspace app on Ubuntu 22.04.

Hardware acceleration support for optimized Microsoft Teams[Technical Preview]

Citrix Workspace app for Linux provides an improved performance experience for Microsoft Teams video calls.

Earlier only the CPU was used for encoding purposes. With this release, GPU also can be used to encode the outgoing video frames and thus reducing CPU usage. This feature benefits when you use a thin client with limited CPU resources and a spare GPU.

Prerequisite:

Ensure you have the latest GPU driver. If not, install the latest GPU driver using the following command:

sudo apt install va-driver-all
 

This feature is disabled by default. To enable this feature, do the following:

1. Navigate to /var/.config/citrix/hdx_rtc_engine/config.json file.
2. Set the following configuration:{ "VideoHwEncode": 1, }

You can provide feedback for this technical preview by using the Podio form.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Enhancement to sleep mode for optimized Microsoft Teams call

Previously, when you are in an optimized Microsoft Teams meeting, if there is no mouse or keyboard interaction, Citrix Workspace app or the optimized Microsoft Teams screen might go into sleep mode.

Starting with this release, Citrix Workspace app or the optimized Microsoft Teams screen doesn’t go into sleep mode even if there is no mouse or keyboard interaction during an optimized Microsoft Teams meeting.

Improved experience for optimized Microsoft Teams video conference calls

Starting with this release, by default simulcast support is enabled for optimized Microsoft Teams video conference calls. With this support, the quality and experience of video conference calls across different endpoints are improved by adapting to the proper resolution for the best call experience for all callers.

With this improved experience, each user might deliver multiple video streams in different resolutions (for example, 720p, 360p, and so on) depending on several factors including endpoint capability, network conditions, and so on. The receiving endpoint then requests the maximum quality resolution that it can handle thereby giving all users the optimum video experience.

NOTE:

This feature is available only after the roll-out of an update from Microsoft Teams. For information on ETA, go to and search for the Microsoft 365 roadmap. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.

Citrix Workspace App 2305 for Android

This release addresses a few issues that help to improve overall performance and stability. In addition, this release enhances the user experience related to the frequency of the Rate your experience pop-up.

Introducing picture-in-picture mode [Technical Preview]

Citrix Workspace app for Android now supports picture-in-picture (PiP) mode, enabling you to shrink your desktop session, SaaS app, or web app, to a floating window that you can move freely around the screen and place anywhere. PiP mode frees up the home screen of the Citrix Workspace app for you to complete other tasks.

To use this feature:

• In your desktop session, tap the Home button on the session toolbar.or
• While using SaaS or web app, tap the ellipsis menu (…) > Minimize.

Tap on the floating window to view the app in full screen and close the app by tapping the X icon on the floating window. The floating window appears automatically in full screen when you minimize another app.

NOTE:

• This feature is a request-only preview. To get it enabled in your environment, fill out the Podio form.

The PiP feature is supported on both on-premises and cloud deployments. However, for cloud deployments, web apps can be minimized to a PiP and you can also switch between a desktop session and a web app by tapping on the floating window.

NOTE:

You can keep only two apps active at a time. One in full screen mode and the other minimized as a PiP:

• 2 web or SaaS apps
• 1 web or SaaS app and 1 virtual app or desktop session

Rapid scan [Technical Preview]

If you’re signed into Citrix Workspace app, you can use the Rapid scan feature to scan many documents and transfer those scanned documents into the desktop session.

NOTE:

• This feature is a request-only preview. To get it enabled in your environment, fill out the Podio form.

Prerequisites

• Client drive mapping (CDM) must be enabled for the store.
• Rapid Scan requires read and write access on your device. To enable access, follow these steps:
  1. From your profile, tap application Settings > Store settings.
  2. Tap your current store.
  3. Tap Device Storage and then select Full access.

For more information on how to configure, see Rapid scan.

Citrix Workspace App 2305 for Apple OSX

Support for horizontal scroll

Previously, Citrix Workspace app for Mac supported only vertical scroll on a trackpad. Starting with the 2305 release, a horizontal scroll is also supported. For more information see, Support for horizontal scroll.

Improved audio echo cancellation support

Citrix Workspace app now supports echo cancellation in adaptive audio and legacy audio codecs. This feature is designed for real time audio use cases, and it improves the user experience. Citrix recommends using adaptive audio. For more information see, Improved audio echo cancellation support.

Improved graphics performance [Technical Preview]

Starting with the 2305 release, the performance of graphics is significantly improved for seamless sessions. This feature also reduces the load on CPU usage.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give them an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix may or may not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds not be deployed in production environments.

Support for Certificate-based authentication

Starting with the 2305 release, Workspace administrators can configure and enforce Azure Active Directory conditional access policies for users authenticating to Citrix Workspace app.

The following methods can be used to enable the authentication using conditional access:

• Mobile Device Management (MDM)
• Global App Config Service (GACS)

The flag values read by Citrix Workspace app take precedence in the following order:

• Mobile Device Management (MDM)
• Global App Config Service (GACS)

For more information see, Support for Certificate-based authentication.

Channel support for Global App Configuration Service

The Global App Configuration Service for Citrix Workspace allows a Citrix administrator to deliver Workspace service URLs and Workspace App settings through a centrally managed service. Global App Configuration service now allows administrators to test the settings before rolling it out to all users. This feature allows to resolve any issues before applying the global app configurations to the entire user base. For more information see, Channel support for Global App Configuration Service.

Improved auto-update experience

The auto-update feature automatically updates the Citrix Workspace app to the latest version without the need for any user intervention.

Citrix Workspace app periodically checks and downloads the latest available version of the app. Citrix Workspace app determines the best time to install based on user activity not to cause any disruptions.

For more information see, Improved auto-update experience.

Opened apps appear in the dock with native app icons

Previously, clicking virtual apps in the Citrix Workspace app triggered the Citrix Viewer where these apps would be available. If you open many apps, the apps or its instances are opened in the Citrix Viewer. You can view the open apps by right-clicking the Citrix Viewer icon.

Starting with the 2305 release, when you open virtual apps, they appear in the Dock (bottom-right corner of the screen) with their respective icons and are easily identifiable. You can then access the virtual app from the dock itself. If you open multiple instances of an app, these instances are not duplicates in the Dock but are grouped within one instance in the Dock.

For more information see, Opened apps appear in the dock with native app icons.

Improved Mission Control and App Expose experience

Previously, using the Mission Control or App Expose feature in a virtual app session resulted in the overlapping of many windows that were opened.

Starting with the 2305 release, when you use the Mission Control or App Expose feature in a virtual app session and open many windows, the windows do not overlap, and you can easily choose from among them.

For more information see, Improved Mission Control and App Expose experience.

Enhancement to sleep mode for optimized Microsoft Teams call

Previously, when you are in an optimized Microsoft Teams meeting, if there is no mouse or keyboard interaction, Citrix Workspace app or the optimized Microsoft Teams screen might go to sleep mode.

Starting with the 2305 release, Citrix Workspace app or the optimized Microsoft Teams screen doesn’t go to sleep mode even if there is no mouse or keyboard interaction during an optimized Microsoft Teams meeting.

For more information, see Enhancement to sleep mode for optimized Microsoft Teams call.

Support for continuity camera

With the Continuity Camera, you can now use iPhone as your webcam. For a seamless connection, mount your iPhone such that its camera is available to the Mac device. You must select Webcam > Automatic Camera Selection for the iPhone to appear automatically on the Mac device as an external camera. You can switch to any other camera manually, for example by selecting Webcam > FaceTime HD Camera. The Continuity Camera works wired or wirelessly and provides a high-quality image. For more information see, Support for continuity camera.

Increase in the number of supported virtual channels [Technical Preview]

In earlier versions of the client, sessions supported up to 32 virtual channels. Starting with 2305 release, you can use up to 64 virtual channels in a session.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give them an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix may or may not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds not be deployed in production environments.

Client App Management [Technical Preview]

Citrix Workspace app 2305 for Mac now offers Client App Management capability that makes the Citrix Workspace app a single client app required on the end point to install and manage agents such as End Point Analysis (EPA) plug-in.

With this capability, administrators can easily deploy and manage required agents from a single management console.

NOTE:

• This feature is applicable to Workspace (cloud) sessions only.
• Global App Configuration Service is a prerequisite for this feature.

Client App Management includes the following steps:

• Administrators must specify the agents required on end users’ devices in the Global App Configuration Service. With this technical preview, administrators can specify Endpoint Analysis (EPA) agent.
• Citrix Workspace app fetches the list of agents from Global App Configuration Service.
• Based on the list fetched from Global App Configuration service, Citrix Workspace app downloads the agent packages through the auto-update service. If the agent is not previously installed on the end point, Citrix Workspace app triggers the installation of the agent. If the agent is already installed, Citrix Workspace app triggers an update to the agent (if the version of the downloaded agent is higher than the installed version.)

Citrix Workspace app ensures to automatically update the agents whenever an update is available in the future.

The following diagram illustrates the workflow:

Example JSON file in Global App Config Service:

{
    "serviceURL": {
        "url": "https://serviceURL:443"
    },
    "settings": {
        "name": "Client App management",
        "description": "Client App management",
        "useForAppConfig": true,
        "appSettings": {
            "macos": [
                {
                    "category": "AutoUpdate",
                    "userOverride": false,
                    "assignedTo": [
                        "AllUsersNoAuthentication"
                    ],
                    "settings": [
                        {
                            "name": "Auto update plugins settings",
                            "value": [
                                {
                                    "pluginName": "Citrix Endpoint Analysis",
                                    "pluginId": "7303CB73-42EE-42BB-A908-9E6575912106",
                                    "pluginSettings": {
                                        "deploymentMode": "InstallAndUpdate",
                                        "upgradeToLatest": true,
                                        "minimumAllowedVersion": "1.0",
                                        "maximumAllowedVersion": "24.0",
                                        "delayGroup": "Medium",
                                        "stream": "",
                                        "isFTU": true,
                                        "isBlocking": true,
                                        "detectRule": ""
                                    }
                                }
                            ]
                        }
                    ]
                }
            ]
        }
    }
}

 

The following table lists the Client App Management settings schema, values, and description.

Schema setting	Value	Description
isBlocking	True or False	When the isBlocking parameter is set to true, the plug-in is considered mandatory, and the sign-in page appears only when the required plug-in is installed. Citrix recommends you set EPA as the mandatory plug-in.
pluginName		Friendly name for the plug-in. The pluginName can be modified.
pluginId		ID of the plug-in and must not be modified.
deploymentMode	InstallAndUpdate/Update
maximumAllowedVersion		Maximum allowed version of the plug-in.
minimumAllowedVersion		Minimum allowed version of the plug-in.
upgradeToLatest	True or False

This feature is a request-only preview. To get it enabled in your environment, fill out the Podio form.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give them an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix may or may not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds not be deployed in production environments.

Store-based configuration of microphone and webcam access levels [Technical Preview]

Starting with the 2305 release, the per-store microphone and webcam access are included as a part of client-selective trust feature. This enhancement allows you to change the settings based on a per-store basis. You can click a store to enable the required microphone or camera access. The selected setting for microphone or camera access is applied on a per-store basis.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give them an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix may or may not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds not be deployed in production environments.

Support for authentication using FIDO2 when connecting to cloud stores [Technical Preview]

Starting with the 2305 release, users can authenticate using passwordless FIDO2 security keys when connecting to Citrix Workspace app for Mac. Users can sign into the cloud stores using the FIDO2 security keys. The security keys support different types of security inputs such as security pins, biometrics, card swipe, smart card, Public Key Certificates. This feature is supported on macOS 12 and later versions. For more information about FIDO2 see FIDO2 Authentication.

Citrix Workspace app uses the user’s default browser for FIDO2 authentication (Webauthn). Administrators can configure the type of browser to authenticate to Citrix Workspace app. The configured setting can be pushed using the Mobile Device Management (MDM), Global App Config Service (GACS), or the command line interface methods. The FIDO2 feature is currently not supported for on-premises stores. For more information on the web browser settings see, the Global App Configuration Service documentation.

The following settings allow you to select the type of browser used for authenticating an end user into Citrix Workspace app:

Embedded: Allows you to authenticate within Citrix Workspace app. Citrix Workspace app saves the session data or cookies for single sign-on (for example, SaaS apps) when the enhanced single sign-on feature is enabled. This authentication method does not support passwordless authentications such as FIDO2.

EmbeddedWithPrivateSession: This setting is similar to the Embedded setting. Single sign-on is not supported as session data or cookies are not present in Citrix Workspace app.

System: Allows you to use the user’s default browser for authentication (for example, Safari or Chrome). Authentication occurs outside Citrix Workspace app. Use this setting to support passwordless authentication. This setting tries to use the existing user session from the user’s browser.

SystemWithPrivateSession: This setting is like the System setting. Citrix Workspace app uses a private session in the browser for authentication. The browser doesn’t save authentication cookies or data. Single sign-on is not supported in this option.

Enabling authentication using MDM

To enable authentication through MDM, administrators must use the following setting:

<key>WebBrowserForAuthentication</key> <string>System</string>

Enabling authentication using GACS

To enable authentication through GACS, administrators must use the following setting:

{
    "serviceURL": {
      "url": "https://serviceURL:443"
    },
    "settings": {
      "name": "Productivity Apps",
      "description": "Provides access to MS Office and other basic apps",
      "useForAppConfig": true,
      "appSettings": {
        "macos": [
          {
            "assignedTo": [
              "AllUsersNoAuthentication"
            ],
            "category": "authentication",
            "settings": [
              {
                "name": "web browser for authentication",
                "value": "SystemWithPrivateSession"
              }
            ],
            "userOverride": false
          }
        ]
      }
    }
  }

 

Enabling authentication using the command-line interface

To enable authentication using the command-line interface, administrators must run the following command:

defaults write com.citrix.receiver.nomas WebBrowserForAuthentication System

This feature is a request-only preview. To get it enabled in your environment, fill out the Podio form.

NOTE:

Technical previews are available for customers to test in their non-production or limited production environments, and to give them an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix may or may not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds not be deployed in production environments.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 112.1.1.23, based on Chromium version 112. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Modification in SPA policy implementation on internal Web and SaaS apps

This feature enhances the security policies implementation on Web and SaaS apps. When a webpage and iframes within the webpage have different policies, we now have a stricter policy implementation where a union of all policies are applied on the entire webpage, including the iframes. However, the watermark is applied to the webpage only.

Support for browser extensions

You can add extensions that are provided by your administrator to the Citrix Enterprise Browser in a secure way. An administrator can deploy, manage, and control the extensions. End users can view and use the extension under citrixbrowser://extensions as required. For more settings, see Global App Configuration Service.

For information on how to configure, see Support for browser extensions documentation.

Use GACS to manage Citrix Enterprise Browser

The administrator can use the Global App Configuration service (GACS) for Citrix Workspace to deliver Citrix Enterprise Browser settings through a centrally managed service.

The GACS is designed for administrators to easily configure Citrix Workspace and manage the Citrix Workspace app settings. This feature allows admins to use GACS to apply various settings or system policies to the Citrix Enterprise Browser on a particular store. The administrator can now configure and manage the following Citrix Enterprise Browser settings using APIs or the GACS Admin UI:

• “Enable CEB for all apps” – Makes the Citrix Enterprise Browser the default browser for opening web and SaaS apps from the Citrix Workspace app.
• “Enable save passwords” – Allow or deny end users the ability to save passwords.
• “Enable incognito mode” – Enable or disable incognito mode.
• “Managed Bookmarks” – Allow administrator to push bookmarks to the Citrix Enterprise Browser.
• “Enable developer tools” – Enable or disable developer tools within the Enterprise Browser.
• “Delete browsing data on exit” – Allow the administrator to configure what data the Citrix Enterprise Browser deletes on exit.
• “Extension Install Force list” – Allow the administrator to install extensions in the Citrix Enterprise Browser.
• “Extension Install Allow list” – Allow the administrator to configure an allowed list of extensions that users can add to the Citrix Enterprise Browser. This list leverages the Chrome Web Store.

For more information, see Use Global App Configuration service to manage Citrix Enterprise Browser.

NOTES:

• The name and value pair are case-sensitive.
• All the browser settings in Global App Configuration Service are under the following category:

{
    "category": "browser",
    "userOverride": false,
    "assignedTo": [
    "AllUsersNoAuthentication"
    ]
}

 

• The administrator can apply the settings to unmanaged devices as well. For more information, see the Global App Configuration Service documentation.

User interface

To configure Citrix Enterprise Browser through the GACS Admin UI, do the following:

1. Sign in to citrix.cloud.com with your credentials.NOTE:
   • Refer to the Sign Up for Citrix Cloud article for step-by-step instructions to create a Citrix Cloud account.
2. Upon authentication, click the menu button in the top left corner and select Workspace Configuration.The Workspace Configuration screen appears.
3. Click App Configuration > Citrix Enterprise Browser.You can now configure, modify, and publish Citrix Enterprise Browser feature settings.

For more information, see Use Global App Configuration service to manage Citrix Enterprise Browser.

Citrix Workspace App 2305 for HTML5

Improved virtual apps and desktops launch experience

Starting with the 2306 release, the improved app and desktop launch experience provide timely and relevant information about the launch status.

NOTE:

Administrators must upgrade HDX SDK files to use Citrix Workspace app for HTML5 2306 version. The older HDX SDK files are incompatible with the 2306 version and later. To download the latest HDX SDK files, click here. For more information, see the Citrix Workspace app for HTML5 HDX SDK developer docs.

Citrix Workspace App 2305 for Chrome OS

This release is compatible with ChromeOS version 114, which Google has designated as a Long Term Support (LTS) version. As such, Citrix continues to support this release to the end of the LTS lifecycle. Please refer to the Citrix Compatibility Statement for details and exclusions.

Configure Composite USB Redirection through DDC policies

Previously, administrators could use Google Admin policies to configure the client-side USB redirection.

Starting with the 2306 release, you can configure USB redirection through the DDC policies as well. Configurations through DDC policies allows administrators to have a unified and centralized way of defining policies and behavior. These policies are applicable for on-premises and cloud deployments on managed devices and users. This feature is supported on VDA versions 2212 and later.

For information on how to configure, see Configure Composite USB Redirection through DDC policies documentation.

Enhancements to Composite USB device UI

Starting with the 2306 release, when the configuration of a Composite USB device is set to “split”: true, the USB Devices UI displays the components based on interface numbers instead of interface classes.

For more information, see Composite USB redirection article.

User interface

Following is an example:

Improved virtual apps and desktops launch experience

Starting with the 2306 release, the improved app and desktop launch experience provides timely and relevant information about the launch status.

Source

Citrix Virtual Apps & Desktop 7 2305