Citrix HDX Plus for Windows 365

September 26, 2023

Contributed by:

Citrix HDX Plus for Windows 365 allows you to integrate Citrix Cloud with Windows 365 to use Citrix HDX technologies for an enhanced and more secure Windows 365 Cloud PC experience in addition to other Citrix Cloud services for enhanced manageability.

Pre-requisites

Following are the pre-requisites for the solution:

Citrix

Citrix Cloud tenant with HDX Plus for Windows 365 entitlement.
- Citrix DaaS Premium.
- Citrix DaaS Premium Plus.
- Citrix DaaS Advanced Plus.
- Citrix DaaS Standard for Azure.
Citrix administrator account with full administrator rights.
Cloud PCs must have access to:
- https://*.xendesktop.net on TCP 443. If you can’t allow all subdomains in that manner, you can use https://<customer_ID>.xendesktop.net, where <customer_ID> is your Citrix Cloud customer ID as shown in the Citrix Cloud administrator portal.
- https://*.apps.cloud.com on TCP 443.
- https://*.*.nssvc.net on TCP 443 for the control connection with Gateway Service.
- https://*.*.nssvc.net on TCP 443 and UDP 443 for HDX sessions over TCP and EDT, respectively.
  
  Note
  
  If you can’t allow all subdomains using https://*.*.nssvc.net, you can use https://*.c.nssvc.net and https://*.g.nssvc.net instead. For more information, see Knowledge Center article CTX270584.
- https://*.dl.delivery.mp.microsoft.com for downloading Microsoft Edge WebView2 Runtime during the Citrix Workspace app installation (see Allow list for Microsoft Edge endpoints for details).
- https://msedge.api.cdp.microsoft.com for Microsoft Edge WebView2 Runtime update checks.
For hybrid Azure AD joined deployments:
- The Azure AD domain must be synchronized from the AD domain the machines belong to.
- Cloud Connectors to allow Citrix Cloud to connect to your Active Directory domain. Refer to Cloud Connectors for details on how to configure.

Microsoft

Microsoft Intune entitlement
Azure Active Directory domain in the same tenant as Microsoft Intune
Windows 365 Enterprise licenses in the same tenant as Microsoft Intune
Azure administrator account:
- Azure AD Global administrator
- Intune Global administrator

Supported Configurations

Citrix HDX Plus for Windows 365 supports integrating with Windows 365 deployments with pure Azure AD joined Cloud PCs and Hybrid Azure AD joined Cloud PCs. Following are details of the supported configurations for each scenario.

Supported infrastructure

Machine identity	Citrix Cloud	CVAD On-prem	Citrix Workspace	Citrix StoreFront	Citrix Gateway Service	Citrix Gateway
Azure AD joined	Yes	No	Yes	No	Yes	No
Hybrid Azure AD joined	Yes	No	Yes	Yes	Yes	Yes

Note

Neither Local Host Cache nor Service Continuity are available for Hybrid Azure AD joined Cloud PCs when using Storefront.

Supported identity providers

Machine identity	Azure Active Directory	Active Directory	Active Directory + Token	Okta	SAML	Citrix Gateway	Adaptive Authentication
Azure AD joined	Yes	No	No	No	No	No	No
Hybrid Azure AD joined	Yes	Yes	Yes	Yes	Yes	Yes	Yes

Note

If using an identity provider other than Active Directory or Active Directory + Token with hybrid AD joined deployments, you need Citrix Federated Authentication Service (FAS) to achieve single sign-on (SSO) to the Cloud PC. Refer to the FAS documentation for details.

Please note that the resource locations created for Windows 365 are Citrix-managed and cannot be modified in the Citrix Cloud administrator portal. Therefore, to use FAS with hybrid AD joined deployments, you must register the FAS server with the Windows 365 resource locations through the FAS administrator console. Refer to Connect to Citrix Cloud in the FAS documentation for details.

Hybrid Azure AD Joined

If you are planning to deploy Cloud PCs that are Hybrid Azure AD joined, you must add Cloud Connectors to your Citrix Cloud environment before you continue with the configuration. This allows your Citrix Cloud tenant to access your Active Directory domain for resource and policy assignments.

You can use either the Windows-based Cloud Connector or the Connector Appliance. Details for configuring these are available in Citrix Cloud Connector and Connector Appliance for Cloud Services.

If you plan to use FAS for SSO into the Cloud PC, consider configuring Azure AD certificate-based authentication to ensure that a Primary Refresh Token (PRT) is generated upon user logon to allow SSO into Azure AD based applications inside the session.

Configuration Overview

To configure W365, complete the following steps in order:

Once Citrix licenses are assigned to users, Citrix communicates to the Windows 365 service that the selected users are entitled to use Citrix to access their Cloud PCs. If the selected users already have Cloud PCs provisioned, Windows 365 automatically installs the Citrix Virtual Delivery Agent (VDA) on those Cloud PCs and switches the user’s access to Citrix. If the selected users do not have Cloud PCs assigned, the VDA is installed immediately after the Cloud PC is provisioned at the time of Windows 365 license assignment.

After the VDA is installed, it registers with Citrix Cloud and any necessary Machine Catalogs and Delivery Groups are created automatically. Cloud PCs are then available through Citrix Workspace. A Citrix policy is also created for each Windows 365 delivery group to enable required features.

The next sections provide detailed instructions for each of the above configuration steps.

Limitations and Known Issues

Citrix HDX Plus for Windows 365 is not available in Citrix Cloud Japan, Citrix Cloud Gov, or CSP tenants.
Single sign-on for Azure AD joined Cloud PCs is not available at this time.
Windows Hello is not supported to log into the virtual desktop. For more information, see Provision Cloud PCs.
Nested groups are not supported for Citrix license assignment.
If performing in-place Windows upgrades, you must upgrade to one of the following Windows versions. Otherwise, the VDA will not be able to register with the Citrix site after the upgrade, and users will not be able to launch their desktops.
- Windows 11 with 2023-07 Cumulative Update for Windows 11 (KB5028185) or later installed (build 22621.1992 or later).
- Windows 10 with 2023-07 Dynamic Update for Windows 10 (KB5028311) installed.

Additional resources

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Citrix HDX Plus for Windows 365

September 26, 2023

Contributed by:

September 26, 2023

Contributed by:

Citrix HDX Plus for Windows 365

Pre-requisites

Citrix

Microsoft

Supported Configurations

Supported infrastructure

Supported identity providers

Hybrid Azure AD Joined

Configuration Overview

Limitations and Known Issues

Additional resources

In this article