Microsoft Endpoint Manager integration with Device Posture - Preview

Microsoft Endpoint Manager (MEM) classifies a user’s device as compliant or registered based on its policy configuration. During user login into Citrix Workspace, device posture can check with Microsoft Endpoint Manager about the user’s device status and use this information to classify the devices within Citrix Cloud as compliant, non-compliant (partial access), or even deny access to the user login page. Services like Citrix DaaS and Citrix Secure Private Access in turn use device posture’s classification of devices to provide contextual access (Smart Access) to virtual apps and desktops, and SaaS and Web apps respectively.

To configure MEM integration

MEM integration configuration is a two-step process.

Step1: Integrate device posture with Microsoft Endpoint Manager service. This is a one-time activity that you do to establish trust between device posture and MEM.

Step 2: Configure policies to use Microsoft Endpoint Manager information.

Step 1: Integrate device posture with and Microsoft Endpoint Manager service

  1. To access the Integrations tab, use one of the following methods:
    • Access the URL https://device-posture-config.cloud.com on your browser, and then click the Integrations tab.
    • Secure Private Access customers - On the Secure Private Access GUI, on the left side navigation pane, click Device Posture, and then click the Integrations tab.

    MEM integration not connected

  2. Click the ellipsis button, and then click Connect. The admin is redirected to Azure AD to authenticate.

    MEM integration permissions

    After the integration status changes from Not Configured to Configured, admins can create a device posture policy.

    MEM integration connected

If the integration is not successful, the status appears as Pending. You must click the ellipsis, button and then click Reconnect.

Step 2: Configure device posture policies

  1. Click the Device Scans tab and then click Create device policy.

    MEM integration policy configuration

  2. Enter the name for the policy and set the priority.
  3. Select the platform for which this policy is created.
  4. In Select Rule, select Microsoft Endpoint Manager.
  5. Select a condition, and then select the MEM tags to be matched.
    • For Matches any of, an OR condition is applied.
    • For Matches all of, an AND condition is applied.

    Note:

    You can use this rule with other rules that you configure for device posture.

  6. In Then the device is: based on the conditions that you have configured, select one of the following.

    • Compliant (full access is granted)
    • Non-compliant (Restricted access is granted)
    • Denied login

For more details about creating a policy, see Configure device posture policy.

Microsoft Endpoint Manager integration with Device Posture - Preview