Citrix DaaS™

Overview
What's new
Known issues
Deprecation
Features in Technical Preview
System requirements
Limits
Technical security overview
- Technical security overview for Citrix Managed Azure
- Virtual channel allow list
Delivery methods
Plan and build a deployment
- Sign up
- Citrix DaaS for Microsoft Azure
- Citrix HDX™ Plus for Windows 365
- Citrix DaaS for Amazon WorkSpaces Core Bundles
- Citrix DaaS for Google Cloud
- Use DaaS get-started guide
- Machine identities
  - Active Directory joined
  - Microsoft Entra joined
  - Microsoft Intune
  - Microsoft Entra hybrid joined
  - Non-domain-joined
- Session authentication
  - Microsoft Entra single sign-on
  - Federated Authentication Service
  - Smart Cards
- Set up resource location
  - Amulet Hotkey CoreStation virtualization environments
  - AWS virtualization environments
  - Google Cloud virtualization environments
  - HPE Moonshot virtualization environments
  - Microsoft Azure Resource Manager virtualization environments
  - Microsoft SCVMM virtualization environments
  - Nutanix virtualization environments
  - Nutanix cloud and partner solutions
  - Red Hat OpenShift virtualization environments
  - VMware virtualization environments
  - VMware cloud and partner solutions
  - XenServer® virtualization environments
  - Size and scale considerations for Cloud Connectors
- Install VDAs
  - Install VDAs using the command line
- WebSocket communication between VDA and Delivery Controller™
- Create and manage connections
  - Connection to Amulet Hotkey CoreStation
  - Connection to AWS EC2
  - Connection to Amazon WorkSpaces Core Managed Instances
  - Connection to Google cloud environments
  - Connection to HPE Moonshot
  - Connection to Microsoft Azure Resource Manager
  - Connection to Microsoft SCVMM
  - Connection to Nutanix
  - Connection to Nutanix cloud and partner solutions
  - Connection to Red Hat OpenShift
  - Connection to VMware
  - Connection to VMware cloud and partner solutions
  - Connection to XenServer
- Service accounts
  - On-premises Active Directory service accounts
  - Microsoft Entra service accounts
  - Manage service accounts
- Image management
  - Create catalogs using prepared images in Amazon WorkSpaces Core Managed Instances
  - Create catalogs using prepared images in AWS EC2
  - Create catalogs using prepared images in Azure
  - Create catalogs using prepared images in Nutanix AHV Prism Central
  - Create catalogs using prepared images in Red Hat OpenShift
  - Create catalogs using prepared images in VMware
  - Create catalogs using prepared images in XenServer
  - Manage catalogs created using prepared images
- Create machine catalogs
  - Create an Amulet Hotkey CoreStation machine catalog
  - Create an AWS EC2 catalog
  - Create a Google Cloud Platform catalog
  - Create an HPE Moonshot machine catalog
  - Create a Microsoft Azure catalog
  - Create a Microsoft SCVMM catalog
  - Create a Nutanix catalog
  - Create a Red Hat OpenShift catalog
  - Create a VMware catalog
  - Create a XenServer catalog
- Identity pools of different machine identity join types
  - Identity pool of on-premises Active Directory joined machine identity
  - Identity pool of Microsoft Entra joined machine identity
  - Identity pool of Microsoft Entra hybrid joined machine identity
  - Identity pool of Microsoft Intune enabled machine identity
  - Identity pool of non-domain-joined machine identity
- Manage machine catalogs
  - Manage an AWS EC2 catalog
  - Manage a catalog of Amazon WorkSpaces Core Managed Instances
  - Manage a Google Cloud Platform catalog
  - Manage an HPE Moonshot catalog
  - Manage a Microsoft Azure catalog
  - Manage a Microsoft SCVMM catalog
  - Manage a Nutanix catalog
  - Manage a VMware catalog
  - Manage a XenServer catalog
- Power Management
  - Power manage Amulet Hotkey CoreStation VMs
  - Power manage AWS VMs
  - Power manage Azure VMs
- Security policies
  - Security group
  - Secure Boot and vTPM
  - Encryption capabilities
- Service Window
- Load balance machines
- Create delivery groups
- Manage delivery groups
- Create application groups
- Manage application groups
- Remote PC Access
- Standalone Citrix Secure Ticketing Authority (STA) service
- Remove components
- User personalization layer
Backup or Migrate your configuration
- Backup and Restore configuration
- Migrate configuration to Citrix Cloud™
- Automated configuration tool cmdlets for migration
- Automated configuration tool cmdlets for backup and restore
- Troubleshoot Automated Configuration and additional information
Print
Policies
- Overview
- Create templates
- Create policies
- Create policy sets
- Prioritize policies
- Manage policy assignment exceptions
- Simulate and evaluate policies
- Policy settings reference
HDX overview
Citrix ICA® virtual channels
Double-hop sessions
HDX connectivity
- Adaptive transport
  - Enlightened Data Transport
  - Troubleshooting
- Rendezvous protocol
  - Rendezvous V1
  - Rendezvous V2
- HDX Direct
- Secure HDX
- Network telemetry
- Virtual channel allow list
Devices
- Scanning
  - TWAIN Redirection
  - WIA Devices
- USB Devices
Graphics
- HDX 3D Pro
  - GPU acceleration for Windows multi-session OS
  - GPU acceleration for Windows single-session OS
- Thinwire
- Text-based session watermark
Multimedia
- Audio features
- Browser content redirection
- HDX video conferencing and webcam video compression
- HTML5 multimedia redirection
- Optimization for Microsoft Teams (New)
  - Citrix HDX Optimizaiton
  - Microsoft SlimCore Optimization
- Optimization for Microsoft Teams (Classic)
  - Monitor, troubleshoot, and support Microsoft Teams
- Windows Media redirection
- Virtual Channel Plugin Manager
  - Virtual Channel Plugin Manager Overview
  - Virtual Channel Plugin Manager Configuration
- Unified Communications SDK Optimization
General content redirection
- Client folder redirection
- Bidirectional content redirection configuration
  - Host to client redirection
  - Bidirectional content redirection
- Local app access and URL redirection
- Generic USB redirection and client drive considerations
Manage
- Adaptive access
  - Device Posture service
  - Adaptive Authentication service
  - Adaptive access based on user's network location
- Applications
  - App packages
- Autoscale™
  - Get started
  - Schedule-based and load-based settings
  - Dynamic session timeouts
  - Autoscaling tagged machines (cloud burst)
  - Dynamic machine provisioning
  - Autoscale plug-in
  - User logoff notifications
  - Analyze effectiveness of Autoscale settings
  - Broker PowerShell SDK commands
- Cloud Health Check
- Configuration logging
- Delegated administration
- Home page
- Licenses
  - Multi-type licensing
- Local Host Cache
- Log server settings
- Machines and sessions (Search > Default view)
  - Machine actions and columns
  - Session actions and columns
- MCS-provisioned machines (Search > Hardware view)
- Multi-site management and user resource aggregation
- Personal preferences in Studio
- Security keys
- Session resilience settings
- Tags
- Tasks in Task Center
- Citrix Troubleshoot Connection
- Troubleshoot VDA registration and session launch issues
- User access
- Virtual IP and virtual loopback
- Zones
- Remove broker user from the cache
Monitor
- Site analytics
- Troubleshoot deployments
- Infrastructure monitoring [Preview]
- Application and Desktop Probing
- Cost optimization
- Feature compatibility matrix
- Delegated Administration
- Data granularity and retention
- Integrations and data exports
- Session launch diagnostics
- Insights
- Geo Map visualization
Advisor
VDA Upgrade Service (VUS)
- Prerequisites for upgrading VDAs using VUS
- Upgrade VDAs using VUS
- Monitor and Troubleshoot VUS
For Citrix Service Providers (CSPs)
- Partner service administration
- Tenant service administration
Citrix Gateway
SDKs and APIs
Document History

View PDF

This content has been machine translated dynamically.

Give feedback here

Thank you for the feedback

Citrix DaaS™

This content has been machine translated dynamically.

Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)

Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)

Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)

此内容已经过机器动态翻译。放弃

このコンテンツは動的に機械翻訳されています。免責事項

이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인

Este texto foi traduzido automaticamente. (Aviso legal)

Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))

This article has been machine translated.

Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)

Ce article a été traduit automatiquement. (Clause de non responsabilité)

Este artículo ha sido traducido automáticamente. (Aviso legal)

この記事は機械翻訳されています.免責事項

이 기사는 기계 번역되었습니다.책임 부인

Este artigo foi traduzido automaticamente.(Aviso legal)

这篇文章已经过机器翻译.放弃

Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))

Switch to english Auf Englisch anzeigen Lire en anglais Leer en inglés 英語に切り替え 영어로 전환 Mudar para ingles 切换到英文 Passa all'inglese

Translation failed!

Manage policy assignment exceptions

June 1, 2026

Contributed by:

When you assign policies to groups of users, user devices, or machines using filters, some members of the group might need different settings. You can handle these cases without creating entirely separate policies for each individual.

You can make exceptions for certain users or machines within a group by:

Creating a separate policy only for those group members and giving it higher priority
Using the Deny mode for an assignment added to the policy

Use Deny mode for exceptions

An assignment with the mode set to Deny means that the policy applies to connections that don’t match the assignment criteria. For example, a policy includes the following assignments:

Assignment A: Client IP address assignment range 208.77.88.*, mode = Allow.
Assignment B: Specific user account, mode = Deny.

This policy applies to users connecting from the specified IP range, except the user defined in Assignment B.

Note:

In the Assign Policy step, if you clear the Enable checkbox, the assignment is disabled. If a policy has no enabled assignments, it applies to all objects in the site.

Manage policy assignment exceptions

Use Deny mode for exceptions

Related content

In this article