Endpoint Management

Citrix Endpoint Management is a solution for managing endpoints, offering mobile device management (MDM) and mobile application management (MAM) capabilities. With Endpoint Management, you manage device and app policies and deliver apps to users. Your business information stays protected with strict security for identity, devices, apps, data, and networks.

Citrix hosts the Cloud environment in data centers located throughout the world to deliver high performance, rapid response, and support. With Endpoint Management, you pay a subscription fee instead of purchasing and managing licenses.

Integration with Citrix Workspace experience

Endpoint Management customers can opt to integrate Endpoint Management with the Citrix Workspace experience. You make that choice in Citrix Cloud > Workspace Configuration > Service Integrations. By default, Workspace integration is disabled.

Endpoint Management integration with Citrix Workspace differs for new and existing customers.

  • For new Endpoint Management customers (as of August 27, 2018):

    During Workspace configuration (Citrix Cloud > Workspace Configuration > Service Integrations), you choose whether to enable Endpoint Management integration with Citrix Workspace. By default, the integration is disabled.

    • If you enable the integration, the Citrix Workspace app aggregates resources from Endpoint Management and other configured sources. Your users access resources from the Citrix Workspace app. Other configured sources might include Citrix Content Collaboration and Citrix Virtual Apps and Desktops.

    • If you leave the integration disabled, Citrix Secure Hub aggregates mobile apps. Your users access apps from Secure Hub.


    After you configure your integration choice and enroll users: If you later change your integration choice, re-enrollment is required for all users.

  • For customers who onboarded before August 27, 2018:

    You can enable Workspace integration (Citrix Cloud > Workspace Configuration > Service Integrations). Devices that are already enrolled in Secure Hub continue to use Secure Hub.

    New devices enroll in Workspace. However, if you prefer to enroll only selected devices in Workspace, you must create a delivery group called Workspace.

    • For devices already enrolled in Secure Hub and then added to the Workspace delivery group, a user must re-enroll the device. The user then accesses resources from the Citrix Workspace app.
    • For new devices added to the Workspace delivery group, users enroll in Workspace.
    • If you move a device from the Workspace delivery group to any other delivery group, a user must re-enroll the device. The user then accesses resources from Secure Hub.
    • Citrix will notify you when migration to Workspace is supported without requiring re-enrollment.

    To enable Citrix Workspace integration with Citrix Endpoint Management:

    1. Sign in to Citrix Cloud.
    2. Click Manage on the Endpoint Management tile. You can request a 30-day trial if the Manage tab is unavailable.
    3. In the upper-left menu, navigate to Workspace Configuration > Service Integration.
    4. Click Enable to integrate Citrix Workspace app with Endpoint Management.

Citrix and customer responsibilities

Citrix Cloud Operations handles various infrastructure and monitoring tasks. As a result, you can focus on the user experience and on managing devices, apps, and policies.

Citrix responsibilities:

  • Endpoint Management server nodes
  • Citrix Gateway (service or on-premises) initial integration and configuration
  • Citrix Gateway Load Balancer
  • Database
  • Cloud Connector software configuration
  • SAML authentication integration with Citrix Content Collaboration
  • Endpoint Management site monitoring: Instance, database, enterprise connectivity (LDAP), VPN tunnel (if applicable), public SSL certificate, Endpoint Management licensing

Customer responsibilities:

  • Citrix Gateway (on-premises) management and updates
  • Machines where Cloud Connectors and Gateway Connector (for Citrix Gateway service) are installed
  • LDAP/Active Directory
  • DNS
  • Citrix Content Collaboration: Initial Citrix Content Collaboration configuration, on-premises storage zones controller installation, Citrix Files updates
  • Endpoint Management configuration: Devices, policies, apps, delivery groups, actions, and client certificates

Integration with Microsoft Intune/EMS

Endpoint Management integrates with Microsoft Enterprise Mobility + Security (EMS)/Intune. That integration adds the value of Endpoint Management micro VPN to Microsoft Intune aware apps, such as Microsoft Managed Browser. With the integration, you can:

  • Wrap your own line of business apps with Intune and Citrix to provide micro VPN capabilities inside an Intune mobile app management (MAM) container.
  • Manage and deliver Office 365 apps, line of business apps, and Citrix Secure Mail in one container. This management method provides ultimate security and productivity. For example, you can:

    • Block individual devices or operating systems
    • Customize ActiveSync policies based on devices, users, or user groups
    • Quarantine at the device level
    • Monitor individual connections or devices
    • Avoid the security risks of credential and data caching

Use Endpoint Management MDM+MAM or Intune MDM to manage devices. For more information, see Endpoint Management integration with Microsoft Intune/EMS.

Cloud Connector and resource locations

You connect to Endpoint Management through Cloud Connector. Cloud Connector serves as a channel for communication between Citrix Cloud and your resource locations. Cloud Connector enables cloud management without requiring any complex networking or infrastructure configuration such as VPNs or IPsec tunnels.

Resource locations contain the resources required to deliver services to your subscribers. For Endpoint Management, resource locations are your Citrix Gateway, LDAP, DNS, and PKI servers.

Resource locations

For more information about Cloud Connector and resource locations, see About Endpoint Management.

Get started with Endpoint Management

Tip: XenMobile Migration Service

If you’re using XenMobile Server on premises, our XenMobile Migration Service can get you started with Endpoint Management. Migration from XenMobile Server to Citrix Endpoint Management doesn’t require you to re-enroll devices.

For more information, contact your local Citrix salesperson, Systems Engineer, or Citrix Partner. These blogs discuss the XenMobile Migration Service:

New XenMobile Migration Service

Making the Case for XenMobile in the Cloud

When you are evaluating or purchasing Endpoint Management, the Endpoint Management Operations team provides ongoing onboarding help. The Operations team also communicates with you to ensure that the core Endpoint Management services are running and configured correctly. This figure shows the onboarding steps.

Onboarding workflow

To sign up for a Citrix account and request an Endpoint Management trial, contact your Citrix Sales Representative. When you’re ready to proceed, go to https://onboarding.cloud.com.

For a quick overview of Endpoint Management onboarding and configuration, watch this video.

Video icon

Want to learn more before starting? Try these resources:

Endpoint Management documentation: Provides full Endpoint Management documentation, from onboarding to initial configuration to advanced configuration. A “What’s new” article describes new features and fixes. Citrix notifies you when that article is available for a new release.

Citrix Endpoint Management Onboarding Handbook: Consolidates all the available information around Endpoint Management, so you can proceed in smoothly enabling and onboarding Endpoint Management. You can use the document to record changes for your internal processes and to document your high-level and functional designs.

Endpoint Management Deployment Handbook: Planning an Endpoint Management deployment involves many considerations. The handbook includes recommendations, common questions, and use cases for your Endpoint Management environment.

SalesIQ: More resources for our Citrix Partners.

Next steps

For information about the Endpoint Management onboarding process, see Onboarding and resource setup.

After you complete onboarding, see Prepare to enroll devices and deliver resources.

Endpoint Management support

For details on how to access supported related information and tools in the Endpoint Management console, see Monitor and support.

Rolling updates to the Endpoint Management release occur approximately every two weeks. To you, the customer, this process is transparent. Initial updates are applied to Citrix internal sites only, and are then applied to customer environments gradually. We deliver updates incrementally in waves to ensure product quality and to maximize availability.

If you are an Endpoint Management customer, you also receive Endpoint Management updates and communications directly from the Endpoint Management Cloud Operations Team. Those updates keep you current with new features, known issues, fixed issues, and so on.

The Citrix Cloud Operations team maintains the Endpoint Management environments with the latest Endpoint Management rolling patches. To obtain specific patches or fixes that are required before the rolling patch, contact Citrix Technical Support.

If you have any issues with your environment, contact Citrix Technical Support or your Citrix Account Team. Such issues might include mobile device enrollment, Endpoint Management console access, or Secure Mail issues.

If you need any integration or changes made on Citrix Gateway in the Cloud or Endpoint Management, submit a request through Citrix Technical Support.

Examples of changes that you might request are:

  • Citrix Files integration with Citrix Gateway in the Cloud
  • Change Citrix Gateway authentication type
  • Validate connectivity to customer data center resources
  • Change split tunnel configuration for micro VPN
  • Restart Endpoint Management components due to some server configuration changes

Service level agreement

Citrix Endpoint Management uses industry best practices to achieve cloud scale and a high degree of service availability.

For complete details about Citrix’s commitment for availability of Citrix Cloud services, see the Service Level Agreement.