Citrix Workspace app

Scenario 3

February 28, 2024

Contributed by:

This scenario covers how to enable App Protection based on Device Posture results.

Configure Device Posture service:
1. Sign in to Citrix Cloud.
2. Navigate to Identity and Access Management > Device Posture and click Manage.
3. Click Create device policy.
  
  Create devicy policy page appears.
4. Under Policy rules, click the Select Rule drop-down menu and select Citrix Workspace app Version.
5. Click the Select a rule drop-down menu and select Greater or equal to >=.
6. Enter the Citrix Workspace app version that you want to set as the condition. In this example, it is 23.7.0.19.
7. Under Policy result, select Compliant.
8. In the Name field, enter a name for the policy.
9. In the Priority field, enter the priority of the policy.
10. Select the Enable when created checkbox to enable the policy since you created it.
11. Click Create.
Configure the Broker Access policy rules:
1. Install the Citrix PowerShell SDK and connect to the cloud API as explained in the Citrix blog Getting started with PowerShell automation for Citrix Cloud.
2. Run the command Get-BrokerAccessPolicyRule.
  
  A list of all the broker access policies for all the delivery groups which are present is displayed.
3. Find the DesktopGroupUid for the delivery group that you want to change.
4. Get the policies that are applied only to a particular delivery group using the command:
  
  Get-BrokerAccessPolicyRule -DesktopGroupUid 7
5. To apply App Protection to the compliant devices, run the following command:
  
  Set-BrokerAccessPolicyRule "Contextual App Protection Delivery Group_AG" -IncludedSmartAccessFilterEnabled $true -IncludedSmartAccessFilterEnabled Workspace:COMPLIANT
6. To apply App Protection to the non-compliant devices, run the following command:
  
  New-BrokerAccessPolicyRule "Contextual App Protection Delivery Group_AG_NonCompliant"-DesktopGroupUid 7 -AllowedConnections ViaAG -AllowedProtocols HDX, RDP -Enabled $true -AllowRestart $true -ExcludedSmartAccessFilterEnabled $true -ExcludedSmartAccessTags Workspace:COMPLIANT-IncludedSmartAccessFilterEnabled $true
Verification:

Sign out of Citrix Workspace app. Sign in from a Citrix Workspace app version that is compliant with the device policy. You see that the App Protection policies are not applied. Again, sign out from the Citrix Workspace app and sign in from a Citrix Workspace app version that is not complaint with the device policy. You see that the App Protection policies are applied.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Scenario 3

February 28, 2024

Contributed by:

February 28, 2024

Contributed by:

Scenario 3

In this article