Citrix Endpoint Management

Endpoint Management

Citrix Endpoint Management is a solution for managing endpoints, offering mobile device management (MDM) and mobile application management (MAM) capabilities. With Endpoint Management, you manage device and app policies and deliver apps to users. Your business information stays protected with strict security for identity, devices, apps, data, and networks.

Citrix and customer responsibilities

Citrix Cloud Operations handles various infrastructure and monitoring tasks. As a result, you can focus on the user experience and on managing devices, apps, and policies.

Citrix responsibilities:

  • Endpoint Management server nodes
  • Citrix Gateway (service or on-premises) initial integration and configuration
  • Citrix Gateway Load Balancer
  • Database
  • Cloud Connector software configuration
  • SAML authentication integration with Citrix Content Collaboration
  • Endpoint Management site monitoring: Instance, database, enterprise connectivity (LDAP), VPN tunnel (if applicable), public SSL certificate, Endpoint Management licensing

Customer responsibilities:

  • Citrix Gateway (on-premises) management and updates
  • Machines where Cloud Connectors and Gateway Connector (for Citrix Gateway service) are installed
  • LDAP/Active Directory
  • DNS
  • Citrix Content Collaboration: Initial Citrix Content Collaboration configuration, on-premises storage zones controller installation, Citrix Files updates
  • Endpoint Management configuration: Devices, policies, apps, delivery groups, actions, and client certificates

Integration with Citrix Workspace experience

Endpoint Management customers can opt to integrate Endpoint Management with the Citrix Workspace experience. You make that choice in Citrix Cloud > Workspace Configuration > Service Integrations. By default, Workspace integration is disabled.

Currently, this integration is publicly available for the Android platform. It’s available as a preview for Windows 10 desktops and tablets.

About the integration

Citrix hosts the Cloud environment in data centers located throughout the world to deliver high performance, rapid response, and support. With Endpoint Management, you pay a subscription fee instead of purchasing and managing licenses.

Endpoint Management integration with Citrix Workspace differs for new and existing customers.

For new Endpoint Management customers (as of August 27, 2018)

  • If you enable the integration, the Citrix Workspace app aggregates resources. Those resources come from Endpoint Management and other configured sources. Your users access resources from the Citrix Workspace app. Other configured sources might include Citrix Content Collaboration and Citrix Virtual Apps and Desktops.

  • If you leave the integration disabled, Citrix Secure Hub aggregates mobile apps. Your users access apps from Secure Hub.


After you configure your integration choice and enroll users: If you later change your integration choice, re-enrollment is required for all users.

Endpoint Management supports auto-enrollment of any desktop and tablet running Windows 10 or Windows 11 using the Citrix Workspace app. This support means that you can enroll any desktop or tablet running Windows 10 or Windows 11, regardless of hardware. For more information about the Citrix Workspace app, see Citrix Workspace app for Windows.

For customers who onboarded before August 27, 2018

You can enable Workspace integration (Citrix Cloud > Workspace Configuration > Service Integrations). Devices that are already enrolled in Secure Hub continue to use Secure Hub.

New devices enroll in Workspace. However, if you prefer to enroll only selected devices in Workspace, you must create a delivery group called Workspace.

  • For devices already enrolled in Secure Hub and then added to the Workspace delivery group, a user must re-enroll the device. The user then accesses resources from the Citrix Workspace app.
  • For new devices added to the Workspace delivery group, users enroll in Workspace.
  • If you move a device from the Workspace delivery group to any other delivery group, a user must re-enroll the device. The user then accesses resources from Secure Hub.
  • Citrix notifies you when migration to Workspace is supported without requiring re-enrollment.

To enable Citrix Workspace integration with Citrix Endpoint Management:

  1. Sign in to Citrix Cloud.
  2. Click Manage on the Endpoint Management tile. You can request a 30-day trial if the Manage tab is unavailable.
  3. In the upper-left menu, navigate to Workspace Configuration > Service Integration.
  4. Click Enable to integrate Citrix Workspace app with Endpoint Management.

Endpoint Management supports auto-enrollment of any desktop and tablet running Windows 10 or Windows 11 by using the Citrix Workspace app. This support means that you can enroll any desktop or tablet running Windows 10 or Windows 11, regardless of hardware. For more information about the Citrix Workspace app, see Citrix Workspace app for Windows.

Single sign-on support

Endpoint Management integration with Citrix Workspace supports mobile single sign-on (SSO).

Citrix Gateway service (Preview)

The Citrix Gateway service is available as a preview for customers who meet these requirements:

  • Citrix Workspace experience enabled
  • Citrix Gateway service subscription

If you already use on-premises Citrix Gateway and want to switch to Citrix Gateway service, contact your Citrix Support representative. For more information, see Configure Citrix Gateway use with Endpoint Management.

Integration with Microsoft Endpoint Manager

Endpoint Management integrates with Microsoft Endpoint Manager (MEM). That integration adds the value of Endpoint Management micro VPN to Microsoft Intune aware apps, such as Microsoft Edge browser. With the integration, you can:

  • Secure Office 365 applications with conditional access with Azure AD. For more information, see Integrate with Azure AD Conditional Access.
  • Wrap your own line of business apps with Intune and Citrix to provide micro VPN capabilities inside an Intune mobile app management (MAM) container.
  • Manage and deliver Office 365 apps, line of business apps, and Citrix Secure Mail in one container. This management method provides ultimate security and productivity. For example, you can:

    • Block individual devices or operating systems
    • Customize ActiveSync policies based on devices, users, or user groups
    • Quarantine at the device level
    • Monitor individual connections or devices
    • Avoid the security risks of credential and data caching

Use Endpoint Management MDM+MAM or Intune MDM to manage devices. For more information, see Citrix Endpoint Management integration with Microsoft Endpoint Manager.

Cloud Connector and resource locations

You connect to Endpoint Management through Cloud Connector. Cloud Connector serves as a channel for communication between Citrix Cloud and your resource locations. Cloud Connector enables cloud management without requiring any complex networking or infrastructure configuration such as VPNs or IPsec tunnels.

Resource locations contain the resources required to deliver services to your subscribers. For Endpoint Management, resource locations are your Citrix Gateway, LDAP, DNS, and PKI servers.

Resource locations

For more information about Cloud Connector and resource locations, see About Endpoint Management.

Get started with Endpoint Management


XenMobile Migration Service

If you’re using XenMobile Server on premises, our XenMobile Migration Service can get you started with Endpoint Management. Migration from XenMobile Server to Citrix Endpoint Management doesn’t require you to re-enroll devices.

For more information, contact your local Citrix salesperson, Systems Engineer, or Citrix Partner.

To learn more about our migration service, see 3 reasons to move to Citrix Endpoint Management service.

To see why to migrate, how to migrate, and the benefits of migrating to Citrix Endpoint Management, visit the CEM Migration Service Course Catalog.

When you are evaluating or purchasing Endpoint Management, the Endpoint Management Operations team provides ongoing onboarding help. The Operations team also communicates with you to ensure that the core Endpoint Management services are running and configured correctly. This figure shows the onboarding steps.

Onboarding workflow

To sign up for a Citrix account and request an Endpoint Management trial, contact your Citrix Sales Representative. When you’re ready to proceed, go to

For a quick overview of Endpoint Management onboarding and configuration, watch this video.

Want to learn more before starting? Try these resources:

Endpoint Management documentation: Provides full Endpoint Management documentation, from onboarding to initial configuration to advanced configuration. A “What’s new” article describes new features and fixes. Citrix notifies you when that article is available for a new release.

Citrix Endpoint Management Onboarding Handbook: Consolidates all the available information around Endpoint Management, so you can proceed in smoothly enabling and onboarding Endpoint Management. You can use the document to record changes for your internal processes and to document your high-level and functional designs.

Endpoint Management Deployment Handbook: Planning an Endpoint Management deployment involves many considerations. The handbook includes recommendations, common questions, and use cases for your Endpoint Management environment.

SalesIQ: More resources for our Citrix Partners.

Next steps

For information about the Endpoint Management onboarding process, see Onboarding and resource setup.

After you complete onboarding, see Prepare to enroll devices and deliver resources.

Deprecation announcements

For advanced notice of the Citrix Endpoint Management features that are being phased out, see Deprecation.

Endpoint Management support

For details on how to access supported related information and tools in the Endpoint Management console, see Monitor and support.

Rolling updates to the Endpoint Management release occur approximately every two weeks. To you, the customer, this process is transparent. Initial updates are applied to Citrix internal sites only, and are then applied to customer environments gradually. We deliver updates incrementally in waves to ensure product quality and to maximize availability.

Endpoint Management customers receive updates and communications directly from the Endpoint Management Cloud Operations Team. Those updates keep you current with new features, known issues, fixed issues, and so on.

The Citrix Cloud Operations team maintains the Endpoint Management environments with the latest Endpoint Management rolling patches. To obtain specific patches or fixes that are required before the rolling patch, contact Citrix Technical Support.

If you have any issues with your environment, contact Citrix Technical Support or your Citrix Account Team. Such issues might include mobile device enrollment, Endpoint Management console access, or Secure Mail issues.

If you need any integration or changes made on Citrix Gateway in the Cloud or Endpoint Management, submit a request through Citrix Technical Support.

Examples of changes that you might request are:

  • Citrix Files integration with Citrix Gateway in the Cloud
  • Change Citrix Gateway authentication type
  • Validate connectivity to customer data center resources
  • Change split tunnel configuration for micro VPN
  • Restart Endpoint Management components due to some server configuration changes

Service level agreement

Citrix Endpoint Management uses industry best practices to achieve cloud scale and a high degree of service availability.

For complete details about Citrix’s commitment for availability of Citrix Cloud services, see the Service Level Agreement.