Citrix HDX Plus for Windows 365

Citrix HDX Plus for Windows 365 allows you to integrate Citrix Cloud with Windows 365 to use Citrix HDX technologies for an enhanced and more secure Windows 365 Cloud PC experience in addition to other Citrix Cloud services for enhanced manageability.

Pre-requisites

Following are the pre-requisites for the solution:

Citrix

• Citrix DaaS
• Citrix administrator account with full administrator rights.
• Cloud PCs must have access to the following:
  • https://*.xendesktop.net on TCP 443. If you can’t allow all subdomains in that manner, you can use https://<customer_ID>.xendesktop.net, where <customer_ID> is your Citrix Cloud customer ID as shown in the Citrix Cloud administrator portal.
  • https://*.*.nssvc.net on TCP 443 for the control connection with Gateway Service.
  • https://*.*.nssvc.net on TCP 443 and UDP 443 for HDX sessions over TCP and EDT, respectively.

    Note:

    If you can’t allow all subdomains using https://*.*.nssvc.net, you can use https://*.c.nssvc.net and https://*.g.nssvc.net instead. For more information, see Knowledge Center article CTX270584.

  • https://*.infra.windows365.microsoft.com and https://cpcstprovprod*.blob.core.windows.net for downloading the VDA and VDA Registration Tool.
  • https://*.dl.delivery.mp.microsoft.com for downloading Microsoft Edge WebView2 Runtime during the Citrix Workspace app installation (see Allow list for Microsoft Edge endpoints for details).
  • https://msedge.api.cdp.microsoft.com for Microsoft Edge WebView2 Runtime update checks.
• If deploying Entra hybrid joined Cloud PCs, see Entra hybrid joined deployments for additional requirements specific to Entra hybrid joined environments.

Microsoft

• Microsoft Intune entitlement
• Entra ID directory in the same tenant as Microsoft Intune
• Windows 365 Enterprise licenses in the same tenant as Microsoft Intune
• Azure administrator account:
  • Entra ID Global administrator
  • Intune Global administrator
• Cloud PCs must have the appropriate PowerShell Execution Policy configuration to allow the automatic installation and configuration of the VDA
  • The execution policy must be one of the following: AllSigned, Bypass, RemoteSigned, or Unrestricted
  • The scope must be MachinePolicy or LocalMachine

    Note:

    Keep in mind that the MachinePolicy scope takes precedence over LocalMachine. Therefore, ensure that the execution policy configuration is set so that the effective execution policy is adequate. For more information, see PowerShell execution policies.

Supported Configurations

Citrix HDX Plus for Windows 365 supports integrating with Windows 365 deployments with Entra joined, and Entra hybrid joined Cloud PCs. Following are details of the supported configurations for each scenario.

Supported infrastructure

Note

Neither Local Host Cache (LHC) nor Service Continuity are available for Entra hybrid joined Cloud PCs when using StoreFront with the default connector-less VDA model. See Entra hybrid joined deployments if you want to leverage LHC when using StoreFront and Entra hybrid joined Cloud PCs.

Supported identity providers

Note

If using an identity provider other than Active Directory or Active Directory + Token with Entra hybrid joined deployments, you need Citrix Federated Authentication Service (FAS) to achieve single sign-on (SSO) to the Cloud PC. Refer to the FAS documentation for details.

If you plan to use SAML as your identity provider, see the Citrix Cloud documentation for information on configuring SAML with Entra ID identities.

Configuration Overview

To configure W365, complete the following steps in order:

1. Enable the Citrix connector for Windows 365
2. Connect Azure Active Directory to Citrix Cloud
3. Configure Citrix Workspace
4. Connect Windows 365 to Citrix Cloud
5. Assign Citrix licenses to your users
6. Provision Cloud PCs

Once Citrix licenses are assigned to users, Citrix communicates to the Windows 365 service that the selected users are entitled to use Citrix to access their Cloud PCs. If the selected users already have Cloud PCs provisioned, Windows 365 automatically installs the Citrix Virtual Delivery Agent (VDA) on those Cloud PCs and switches the user’s access to Citrix. If the selected users do not have Cloud PCs assigned, the VDA is installed immediately after the Cloud PC is provisioned at the time of Windows 365 license assignment.

After the VDA is installed, it registers with Citrix Cloud and any necessary Machine Catalogs and Delivery Groups are created automatically. Cloud PCs are then available through Citrix Workspace. A Citrix policy is also created for each Windows 365 delivery group to enable required features.

The next sections provide detailed instructions for each of the above configuration steps.

Note:

Citrix recommends leveraging the VDA Upgrade Service to manage VDA upgrades in your Cloud PCs. For more information, see the following:

• Upgrade VDAs using the Full Configuration interface
• Citrix VDA Upgrade service Tech Brief

Limitations and Known Issues

• Citrix HDX Plus for Windows 365 is not available in Citrix Cloud Japan, Citrix Cloud Gov, or CSP tenants.
• Single sign-on for Entra joined Cloud PCs is not available at this time.
• Windows Hello is not supported to log into the virtual desktop. For more information, see Provision Cloud PCs.
• If performing in-place Windows upgrades, you must upgrade to one of the following Windows versions. Otherwise, the VDA will not be able to register with the Citrix site after the upgrade, and users will not be able to launch their desktops.
  • Windows 11 with 2023-07 Cumulative Update for Windows 11 (KB5028185) or later installed (build 22621.1992 or later).
  • Windows 10 with 2023-07 Dynamic Update for Windows 10 (KB5028311) installed.

Additional resources

• Windows 365 Enterprise
• Citrix Cloud
• Citrix DaaS
• Citrix HDX policies
• HDX virtual channel security
• HDX device support
• HDX graphics
• HDX multimedia
• HDX content redirection
• HDX printing
• HDX Adaptive Transport and Enlightened Data Transport (EDT)
• HDX Rendezvous V2