Citrix Endpoint Management

Custom XML device policy

You can create custom XML policies in Citrix Endpoint Management to customize the following features on supported Windows devices:

  • Provisioning, which includes configuring the device, and enabling or disabling features
  • Device configuration, which includes allowing users to change settings and device parameters
  • Software upgrades, which include providing new software or bug fixes to be loaded onto the device, including apps and system software
  • Fault management, which includes receiving error and status reports from the device

Note:

When creating your XML content, use the \% character with caution. The \% character is an XML reserved character, used only to escape XML special characters. To use \% in a name, encode it as \%25.

For Windows devices: You create your custom XML configuration by using the Open Mobile Alliance Device Management (OMA DM) API in Windows. Creating custom XML with the OMA DM API is beyond the scope of this topic. For more information about using the OMA DM API, see OMA DM protocol support on the Microsoft Developer Network site.

For Android Enterprise devices: You create your custom XML configuration by using the MX Management System (MXMS). Creating custom XML with the MXMS API is beyond the scope of this article.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

Windows Desktop/Tablet settings

XML content: Type, or cut and paste, the custom XML code you want to add to the policy.

After you click Next, Citrix Endpoint Management checks the XML content syntax. Any syntax errors appear below the content box. Fix any errors before you continue.

If there are no syntax errors, the Custom XML Policy assignment page appears.

Use Windows AutoPilot to set up and configure devices

Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can use Windows AutoPilot to reset, repurpose, and recover devices. AutoPilot helps to remove some of the complexity of your current operating system deployment. Using AutoPilot reduces the task to a set of simple settings and operations that can get your devices ready to use quickly and efficiently.

For a brief overview of using Windows AutoPilot with Citrix Endpoint Management, watch this video.

Prerequisites

  • Company branding configured in the Azure Active Directory portal.
  • Company has an Azure Active Directory Premium P1 or P2 subscription.
  • Configure Azure Active Directory as the IdP type for Citrix Endpoint Management. In the Citrix Endpoint Management console, go to Settings > Identity Provider (IDP).
  • Network connectivity to cloud services used by Windows AutoPilot.
  • Devices pre-installed with Windows 10 Professional, Enterprise, or Education (version 1703 or later) or Windows 11 Professional, Enterprise, or Education.
  • Devices have access to the internet.

For more information about configuring prerequisites, see the Microsoft Windows documentation on AutoPilot: https://docs.microsoft.com.

To configure Windows Automatic Redeployment in Citrix Endpoint Management for AutoPilot devices

  1. Follow the steps to add a custom XML policy at the Custom XML Device Policy. Add the following in XML Content:

    
    <Add>
    <CmdID>_cmdid_</CmdID>
    <Item>
    <Target>
    <LocURI>./Vendor/MSFT/Policy/Config/CredentialProviders/DisableAutomaticReDeploymentCredentials</LocURI>
    </Target>
    <Meta>
    <Format xmlns="syncml:metinf">int</Format>
    </Meta>
    <Data>0</Data>
    </Item>
    </Add>
    
    <!--NeedCopy-->
    
  2. On the Windows lock screen, type the keystroke CTRL + Windows key + R.

  3. Log in with an Azure Active Directory account.

  4. The device verifies that the user has the right to redeploy the device. The device then redeploys.

  5. After the device updates with the AutoPilot configuration, the user can then log into the freshly configured device.

Deploy a single-app kiosk on Windows 11 devices

Note:

Windows 11 devices support only the single-app Kiosk mode.

In the XML content text box, copy and paste the following XML script, and then replace the following strings with your settings:

  • your_username_here(two instances): user name you want to create on the device. Keep the same settings for both instances.
  • your password_here: password for the user.
  • your_UWP_app_id_here: AUMID for the UMP app you want to deploy on the device.

XML script:


<Add>
    <CmdID>_cmdid_</CmdID>
    <Item>
        <Target>
            <LocURI>./Device/Vendor/MSFT/Accounts/Users/your_username_here/Password</LocURI>
        </Target>
        <Meta>
            <Format xmlns="syncml:metinf">chr</Format>
        </Meta>
        <Data>your_password_here</Data>
    </Item>
</Add>
<Replace>
    <CmdID>_cmdid_</CmdID>
    <Item>
        <Target>
            <LocURI>./Device/Vendor/MSFT/AssignedAccess/Configuration</LocURI>
        </Target>
        <Meta>
            <Format xmlns="syncml:metinf">chr</Format>
        </Meta>
        <Data><![CDATA[<AssignedAccessConfiguration
        xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
        xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config">
            <Profiles>
                <Profile Id="{AFF9DA33-AE89-4039-B646-3A5706E92957}">
                    <KioskModeApp AppUserModelId="your_UWP_app_id_here"/>
                </Profile>
            </Profiles>
            <Configs>
                <Config>
                    <Account>your_username_here</Account>
                    <DefaultProfile Id="{AFF9DA33-AE89-4039-B646-3A5706E92957}"/>
                </Config>
            </Configs>
        </AssignedAccessConfiguration>]]></Data>
    </Item>
</Replace>
<!--NeedCopy-->
Custom XML device policy