What’s new

A goal of Citrix is to deliver new features and product updates to Endpoint Management customers when they are available. New releases provide more value, so there’s no reason to delay updates.

  • Rolling updates to Endpoint Management release approximately every two weeks.
  • These updates don’t result in any downtime for your instance or device users.
  • Not every release has new features and some updates include fixes and performance enhancements.

To you, the customer, this process is transparent. We apply initial updates to Citrix internal sites only, and then to customer environments gradually. Delivering updates incrementally in waves helps to ensure product quality and to maximize availability.

You also receive Endpoint Management updates and communications directly from the Endpoint Management Cloud Operations Team. Those updates keep you current with new features, known issues, fixed issues, and so on.

For more details, including cloud scale and service availability, see the Endpoint Management Service Level Agreement. To monitor service interruptions and scheduled maintenance, see the Service Health Dashboard.

Endpoint Management 20.7.1

The following features are now rolling out to commercial customers. Releases to US government customers begin within three months. For feature differences between the commercial and US government offerings, see Endpoint Management service for US Government.

Changed the profile name in enrollment screens to Citrix Workspace. When users enroll their device to Endpoint Management, the profile name that displays is now Citrix Workspace. You can customize this name and display your organization name instead. To customize the name, change the value for the new server property apple.mdm.enrollment.profile.organization.name. See Server properties.

Fixed issues in Endpoint Management 20.7.1

On some cloud sites, the Monitor page of the Endpoint Management console does not load. [CXM-83365]

Endpoint Management 20.7.0

The following features are now rolling out to commercial customers. Releases to US government customers begin within three months. For feature differences between the commercial and US government offerings, see Endpoint Management service for US Government.

Endpoint Management supports authentication with an on-premises Citrix Gateway as a preview feature. You can now configure an on-premises Citrix Gateway as your identity provider for users enrolling through Citrix Secure Hub. For more information, see Authentication with an on-premises Citrix Gateway through Citrix Cloud (Preview).

Customize the list of optional Active Directory user attributes. A new server property, optional.user.identity.attributes, enables you to remove and restore optional attributes that Endpoint Management uses to identify a user account in Active Directory. For more information, see Customize Active Directory user attributes.

Fixed issues in Endpoint Management 20.7.0

Apple iTunes volume purchase apps can’t synchronize with Endpoint Management. [CXM-81271]

When you install multiple LDAP Active Directories (AD) on Endpoint Management using Citrix Cloud Connector, only the first installed AD populates in the Endpoint Management settings. As a workaround, you can check Citrix Cloud. If those domains are marked as unused, manually mark them as Used. Marking the domain as used makes it available in Endpoint Management. [CXM-81697]

If you onboarded Endpoint Management in 19.12.0 (December 2019) or later: When you add multiple LDAP authentication domains, you cannot change the default domain. [CXM-82952]

Endpoint Management 20.6.0

The following features are now rolling out to commercial customers. Releases to US government customers begin within three months. For feature differences between the commercial and US government offerings, see Endpoint Management service for US Government.

If you onboarded Endpoint Management after the 19.8.0 release (August 1, 2019), sign in to Citrix Cloud and click the Endpoint Management service tile to access the console. All customers who onboarded before 19.8.0 will soon transition to Citrix Cloud sign-in. To provide enhanced security, Citrix recommends that you configure single sign-on. For assistance, contact Citrix Technical Support.

The Secure Hub Apple Push Notification Service (APNs) certificate for Endpoint Management expires on July 12, 2020. As a result, the Agent Notification fails and the application push might be delayed on iOS devices. This update renews the Secure Hub APNs certificate, which expires on June 18, 2021.

Easier use of the certificate alias in Android Enterprise managed configurations. Use the new Certificate alias setting in the Credentials device policy with the Android Enterprise managed configuration device policy. Doing so allows apps to authenticate on the VPN without user action. Instead of finding the credential alias in the app logs, you create the credential alias. Create the alias by typing it in the Certificate alias field of the Android Enterprise managed configuration device policy. Then you type the same certificate alias in the Certificate alias setting in the Credentials device policy. See Android Enterprise managed configurations policy and Credentials device policy.

Disable the ability to print on the Android Enterprise work profiles or fully managed devices. In the Restrictions device policy, the Don’t allow printing setting lets you specify whether users can print to any printer accessible from the Android Enterprise device. For more information, see Android Enterprise settings.

Configure the connection mode and network priority for macOS. In the Wi-Fi device policy, enable the Connection mode setting for macOS devices to choose how users join the network. The device can use the system credentials or credentials entered at the login window to authenticate the user. If you have multiple networks, type a number in the Priority field to set the priority of the network connection. The device chooses the network with the lowest number. For more information, see the macOS settings in Wi-Fi device policy.

Enable a proxy configured on iOS devices. Endpoint Management now requires that you enable a new client property, ALLOW_CLIENTSIDE_PROXY, if you want to allow iOS users to use proxy servers that they configure in Settings > Wi-Fi. For more information, see ALLOW_CLIENTSIDE_PROXY in Client property reference.

Fixed issues in Endpoint Management 20.6.0

In the Endpoint Management console, you can’t see the package ID for MDX wrapped iOS and Android apps. [CXM-81021]

When Endpoint Management sends the queries for the Active Directory group members, the identity service runs the queries recursively. These queries consume more resources. Therefore, sites with many Active Directory users might experience a disturbance in daily operations. [CXM-81112]

On the Endpoint Management console, some apps’ status displays as “Pending” even though they are already installed. This limitation is due to macOS and is specific to PKG files with different pkg and app identifiers. [CXM-72203]

Current known issues

Known issues in Endpoint Management 20.7.0

Right after enrolling a device running macOS 10.14+, the device properties don’t always populate in the Endpoint Management console. Restart the device to view the properties. [CXM-84106]

Deployed resources sometimes don’t take effect on macOS 10.14+ devices until the device restarts. [CXM-84110]

When you edit the values in the optional.user.identity.attributes server property and save the changes, an error message appears. [CXM-84209]

Known issues in Endpoint Management 20.6.0

If you onboarded Endpoint Management in 19.12.0 or later, to remove the Android Enterprise subscription, unenroll Android Enterprise from the console. Then remove the configuration from Google Play. If you click Remove Enterprise in the Google Play store first, the Android Enterprise subscription remains active in the Endpoint Management console. [CXM-83601]

Known issues in Endpoint Management 20.5.0

At the beginning of June 2020, the Google Play EMM API had an outage. During the outage, if you went to Settings > Android Enterprise, Endpoint Management removed the Android Enterprise configuration from the console. As a result, currently enrolled devices don’t receive the policy and app updates. To fix the issue, contact Citrix Technical Support for assistance. [XMHELP-2811]

Known issues in Endpoint Management 20.4.1

When you install multiple LDAP Active Directories (AD) on Endpoint Management using Citrix Cloud Connector, only the first installed AD populates in the Endpoint Management settings. As a workaround, you can check Citrix Cloud. If those domains are marked as unused, manually mark Used. Marking the domain as used makes it available in Endpoint Management. [CXM-81697]

Known issues in Endpoint Management 20.2.1

When you enroll a WEM enabled Windows Desktop/Tablet device and then enroll the same device in MDM, the Endpoint Management console displays two separate entries for the device. [CXM-77412]

For customers using a cloud hosting service and the new Citrix enhanced enrollment profiles: New devices may not successfully enroll. As a work-around, create a default enrollment profile that includes all delivery groups. See To create an enrollment profile. You might see an enrollment profile titled “FactoryDefault”. We use this enrollment profile for special logic. If you see the “FactoryDefault” enrollment profile, don’t modify or delete it. [CXM-79019]

After configuring Citrix Content Collaboration with a ShareFile URL in the Citrix Endpoint Management console, clicking the Test Connection button results in an error. To resolve this issue, disable multifactor authentication for ShareFile. Learn more about this issue and the workaround on this support page. [CXM-79240]

Sorting devices by Last access or Inactivity days results in a 500 internal server error. [CXM-79414]

Known issues in Endpoint Management 20.1.0

You can’t delete duplicate certificate files from Settings > Certificates. [CXM-72630]

When adding users to a library in Citrix Cloud, Endpoint Management reports success, but the users aren’t added. [CXM-73726]

Known issues in Endpoint Management 19.11.0

MDX and Public apps can’t be deleted from the console. As a workaround, select the app you want to delete and then click Edit. Deselect Android Enterprise and select any other platforms from the platform list. Save the app. You can then delete the app. [CXM-74468]

For sites with Workspace Environment Management (WEM) integrated with Endpoint Management: A Windows GPO configuration device policy created with User Configuration doesn’t deploy to user devices. A policy created with Device Configuration deploys as expected. [CXM-74762, WEM-6319]

Known issues in Endpoint Management 19.9.0

Enterprise apps deployed from Endpoint Management fail to install on macOS devices. This third-party issue is Apple bug #50311461. [CXM-65957]

The Settings > Apple Deployment Program page doesn’t include skip options for the new iOS 13 Setup Assistant screens. During enrollment, users must click through screens for Express Language, Preferred Language, Get Started, and Appearance. [CXM-71370]

Known issues in Endpoint Management 19.5.0

When enrolling a Citrix Ready workspace hub device, define the Ethernet (eth0) MAC address in the allow list to avoid failed enrollment. [CXM-43141]

Known issues in Endpoint Management 19.4.1

The Monitor tab doesn’t appear. [DIR-7483]

When tabbing through options in the Windows GPO device policy, radio buttons and check boxes get skipped. [CXM-58277]

Known issues in Endpoint Management 19.2.1

If you unenroll an Android Enterprise enterprise by deleting it through the Google admin console: Attempts to re-enroll the enterprise might fail. Always use the Endpoint Management console to unenroll an Android Enterprise enterprise, as described in Unenroll an Android Enterprise enterprise. G Suite customers, follow the instructions in Unenrolling an Android Enterprise enterprise. [CXM-62709] [CXM-62950]

Known issues in Endpoint Management 19.2.0

When creating a public store app in Endpoint Management 10.18.3: On the iPad App Settings page, if you click Back without searching for apps, and then you click Next, the following issue occurs. The navigation buttons appear unresponsive and don’t allow you to search for apps. The issue occurs when creating public store apps for both iOS or Android. [CXM-46820]

Known issues in Endpoint Management 10.19.1

After you complete the registration process on the Settings > Android Enterprise page, the following error message appears: “A configuration error occurred. Please try again”. When you close the error message, your Android Enterprise configuration is saved, however Enable Android Enterprise is Off. To work around this issue, reduce the number of app categories to 30 or fewer. [CXM-60899]

Known issues in Endpoint Management 10.18.19

When tabbing through options in the Windows GPO device policy, radio buttons and check boxes get skipped. [CXM-58277]

Known issues in Endpoint Management 10.18.5

When a Chrome app is configured as a required app for Chrome OS devices: Users might need to log off and log back on to install the app. This third-party issue is Google bug ID #76022819. [CXM-48060]

Known issues in Endpoint Management 10.18.3

After you delete a Citrix Cloud administrator who has a device enrolled: Endpoint Management doesn’t update the User Role in the Endpoint Management console until after the administrator logs in again from Secure Hub or the Self-Help Portal. [CXM-45730]

Known issues in Endpoint Management 10.7.4

If you configure Endpoint Management for single sign-on using the Citrix identity provider with Azure Active Directory: When an Endpoint Management administrator or user gets redirected to the Azure Active Directory sign-in screen, the screen includes the message “Sign-in page for Citrix Secure Hub.” The correct message is “Sign-in page for Citrix Endpoint Management console.” [CXM-42309]

Known issues in Endpoint Management 10.7.3

For devices running Windows 10 RS3 Version 1709 build 16299.19: App Configuration device policies created by importing a Citrix Receiver ADMX file might fail when pushed to those devices. This third-party issue is Microsoft bug ID #14280113. [CXM-40521]