About this release

What’s new in 1912

Cumulative Update 7 (CU7) is the most recent update to the 1912 LTSR.

Microsoft Teams enhancement

The following Microsoft Teams enhancement is supported for CU6 and later releases:

When Desktop Viewer is in full-screen mode, the user can select one from all screens covered by Desktop Viewer to share. In window mode, the user can share the Desktop Viewer window. In seamless mode, the user can select one from all screens to share. When Desktop Viewer changes the window mode (maximized, restore, or minimize), the screen share stops.

The following Microsoft Teams enhancements are supported for CU5 and later releases:

  • Screen sharing improvements - Now when you share your screen, only the Desktop Viewer screen is captured in native bitmap format.

  • Peers can now see the presenter’s mouse pointer in a screen sharing session.

  • Improved video rendering.

  • Performance and reliability improvements.

  • The WebRTC media engine now honors the proxy server configured on the client device.

  • Enhancement to echo cancellation, auto gain control, noise suppression configurations: If Microsoft Teams configures these options, Citrix-redirected Microsoft Teams honors the values as configured. Otherwise, these options are set to True by default.

  • You can now configure a preferred network interface for media traffic.

    Navigate to \HKEY_CURRENT_USER\SOFTWARE\Citrix\HDXMediaStream and create a key called NetworkPreference(REG_DWORD).

    Select one of the following values as required:

    • 1: Ethernet
    • 2: Wi-Fi
    • 3: Cellular
    • 5: Loopback
    • 6: Any

    By default and if no value is set, the WebRTC media engine chooses the best available route.

  • You can now disable the audio device module 2 (ADM2) so that the legacy audio device module (ADM) is used for quad-channel microphones. This helps in resolving issues related to microphones in a call.

    To disable ADM2, navigate to \HKEY_CURRENT_USER\SOFTWARE\Citrix\HDXMediaStream and create a key named DisableADM2 (REG_DWORD) and set the value to 1.

  • DirectWShow is now the default renderer.

    To change the default renderer, do the following:

    • Launch the Registry editor.
    • Navigate to the following key location: HKEY_CURRENT_USER\SOFTWARE\Citrix\HDXMediaStream.
    • Update the following value: "UseDirectShowRendererAsPrimary"=dword:00000000

      Other possible values:

      • 0: Media Foundation
      • 1: DirectShow (Default)
    • Relaunch the Citrix Workspace app.


  • The enhancements are supported only on Microsoft Windows 10 Desktop operating system endpoints.
  • The enhancements are not supported on Microsoft Windows 7 and 8 operating system endpoints.
  • The enhancement support is determined during Citrix Workspace app package installation. We recommend that you uninstall Citrix Workspace app when you upgrade the operating system from Microsoft Windows version 7 to version 10.

App Protection


App Protection policies work by filtering access to required functions of the underlying operating system (specific API calls required to capture screens or keyboard presses). This means that App Protection policies can provide protection even against custom and purpose-built hacker tools. However, as operating systems evolve, new ways of capturing screens and logging keys can emerge. While we continue to identify and address them, we cannot guarantee full protection in specific configurations and deployments.

App Protection is an add-on feature that provides enhanced security when using Citrix Virtual Apps and Desktops. The feature restricts the ability of clients to be compromised by keylogging and screen capturing malware. App Protection prevents exfiltration of confidential information such as user credentials and sensitive information displayed on the screen. The feature prevents users and attackers from taking screenshots and from using keyloggers to glean and exploit sensitive information.


Citrix recommends that you only use the native Citrix Workspace app to launch a protected session.

App Protection is configured between StoreFront and the Controller using the Controller. For information about configuring App Protection on the Controller, see App Protection documentation. This configuration is then applied to Citrix Workspace app by including the App Protection component using any of the following methods:

  • Graphical user interface
  • Command-line interface

You can include the App Protection component both during the Citrix Workspace app installation or on-demand installation.


  • This feature is supported only on Microsoft Windows Desktop operating systems such as Windows 10, Windows 8.1, and Windows 7.
  • This feature is not supported over Remote Desktop Protocol (RDP).

For information about configuring App Protection in Citrix Workspace app, see App Protection.

Enhancement to App Protection

Previously, when you are trying to take a screenshot of a protected window, the entire screen, including the non-protected apps in the background, are blacked out.

Now, when you are taking a screenshot using a snipping tool, only the protected window is blacked out or hidden. You can take a screenshot of the area outside the protected window except in non-Aero mode where the entire screen is blacked out.

However, if you are using the PrtScr key to capture a screenshot, you must exit the Citrix Workspace app.

Additionally, this release addresses issues to improve the App Protection feature.

Installer enhancement

In earlier releases, if an administrator tried to install Citrix Workspace app on a system that has a user-installed instance of the app, the installation was blocked.

With this release, the administrators can now override the user-installed instance of Citrix Workspace app and continue with the installation successfully.

Enhancement to Citrix Workspace Updates

In earlier releases, if Citrix Workspace app is installed by an administrator, a non-administrator could not update it.

With this release, a non-administrator can update Citrix Workspace app on an admin-installed instance. You can do that by right-clicking the Citrix Workspace app icon in the notification area and selecting Check for Updates.


The Check for Updates option is now available on both the user-installed and the admin-installed instances of Citrix Workspace app.

Support for outbound proxy

Smart Control allows administrators to define granular policies to configure and enforce user environment attributes for virtual apps and desktops using Citrix Gateway. For instance, you might want to prohibit users from mapping drives to their remote desktops. This can be achieved using the Smart Control feature on Citrix Gateway.

However, the scenario changes when Citrix Workspace app and Citrix Gateway belong to separate enterprise accounts. In such scenarios, the client domain cannot apply the Smart Control feature because the gateway does not exist on the client domain. Instead, you can leverage the, Outbound ICA Proxy. Outbound ICA Proxy lets you use the Smart Control feature even when Citrix Workspace app and Citrix Gateway are deployed in different organizations.

Citrix Workspace app supports session launches using the Citrix ADC LAN proxy. Either a single, static proxy can be configured or the proxy server can be selected at runtime using the outbound proxy plug-in.

You can configure outbound proxies using the following methods:

  • Static proxy: Proxy server is configured by providing a proxy host name and port number.
  • Dynamic proxy: A single proxy server can be selected among one or more proxy servers using the proxy plug-in DLL.

You can configure the outbound proxy using the Group Policy Object administrative template and the Registry editor.

For more information about outbound proxy, see Outbound ICA Proxy support in the Citrix Gateway documentation.

For more information about configuring outbound proxy in Citrix Workspace app, see Outbound proxy.

Citrix Embedded Browser binaries

This release no longer installs the Citrix Embedded Browser. In cases where you upgrade to Version 1912, the Citrix Embedded Browser is removed.

In the absence of Citrix Embedded Browser, the following functionalities change:

  • Browser content redirection does not function.
  • SaaS and Web apps are not launched using the Citrix Embedded Browser. Instead they are launched in the Citrix Secure Browser Service.

Enhancement to desktop sharing with Microsoft Teams

When you share your workspace using Microsoft Teams, Citrix Workspace app displays a red border that surrounds the area of the monitor that is currently being shared. You can share only the Desktop Viewer window, or any local window overlaid on top of it. When you minimize the Desktop Viewer window, screen sharing is paused.

Endpoint encoder performance estimator on Microsoft Teams

When the HdxTeams.exe process (the WebRTC media engine embedded in Citrix Workspace app that handles Microsoft Teams redirection)is launched, it estimates the best encoding resolution that the endpoint’s CPU can sustain without overloading. Possible values are 240p, 360p, 720p and 1080p.

The performance estimation process (also called webrtcapi.EndpointPerformance) runs when HdxTeams.exe initializes. The macroblock code determines the best resolution that can be achieved with the particular endpoint. The highest possible resolution is then included during the codec negotiation between the peers, or between the peer and the conference server.

For information on configuring endpoint encoder, see Endpoint encoder performance estimator on Microsoft Teams.

For information, see Optimization for Microsoft Teams in Citrix Virtual Apps and Desktops documentation.

Enhancement to Citrix Analytics Service

With this release, Citrix Workspace app is instrumented to securely transmit the public IP address of the most recent network hop to Citrix Analytics Service. This data is collected per session launch. It helps Citrix Analytics Service to analyze whether poor performance issues are tied to specific geographic areas. By default, the IP address logs are sent to Citrix Analytics Service. However, you can disable this option on the Citrix Workspace app using the Registry editor.

To disable IP address log transmissions, navigate to the following registry path and set the SendPublicIPAddress key to Off.

  • On 64-bit Windows machines, navigate to : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Dazzle.
  • On 32-bit Windows machines, navigate to: HKEY_LOCAL_MACHINE\SOFTWARE \Citrix\Dazzle.


  • Although Citrix Workspace app transmits every IP address that it is launched on, IP address transmissions are best-case efforts. Some of the addresses might not be accurate.
  • In closed customer environments, where the endpoints are operating within an intranet, ensure that the URL https://locus.analytics.cloud.com/api/locateip is whitelisted on the endpoint.

For more information on how Performance Analytics uses this information, see Self-Service for Performance.

About this release