Features in Technical Preview

Features in Technical Preview are available to use in non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for features in technical preview but welcomes feedback for improving them. Citrix might act on feedback based on its severity, criticality, and importance.

Support for TLS protocol version 1.3

This feature is in technical preview from 2311.1 release.

Starting with this release, Citrix Workspace app supports Transport Layer Security protocol (TLS) version 1.3.

Note:

This enhancement requires VDA version 2203 or later.

This feature is disabled by default. To enable it, do the following:

  1. Open the Registry Editor using regedit on the Run command.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\TLS1.3.
  3. Create a DWORD key by the name EnableTLS1.3 and set the value of the key to 1.

Limitation:

  • Connections using Access Gateway or NetScaler Gateway Service attempts to use TLS 1.3. However, these connections fallback to TLS 1.2 because Access Gateway and NetScaler Gateway Service doesn’t support TLS 1.3 yet.
  • Direct connection to a VDA version that doesn’t support TLS 1.3 fallback to TLS 1.2.

Enhanced domain pass-through for single sign-on

This feature is in technical preview from 2309 release.

Previously, Citrix Workspace app for Windows supported only SSON or domain pass-through authentication for single sign-on to Citrix Virtual Apps and Desktops environments using user credentials. This authentication enables the user to authenticate to the domain on their device and use their virtual apps and desktops without having to reauthenticate again.

For more information on this feature, see Introducing enhanced domain pass-through for single sign-on – Technical Preview.

This approach of domain pass-through using user credentials has the following limitations:

  • Doesn’t support passwordless authentication with modern authentication methods such as Windows Hello or FIDO2. An additional component called the Federated Authentication Service (FAS) is required for single sign-on (SSO).
  • Installation or upgrade of Citrix Workspace app with SSON enabled requires a reboot of the device.
  • Requires Multi Provider Router (MPR) notifications to be enabled on Windows 11 machines.
  • Must be on the top of the list of network providers order.
  • With this release, Citrix Workspace app supports enhanced domain pass-through which is a new method of SSO. It leverages Kerberos authentication instead of user credentials and helps to overcome the previously mentioned limitations. Now user can sign in to Citrix Virtual Apps and Desktops and to StoreFront using integrated windows authentication.

Note: This feature isn’t supported on 32-bit Windows 10 and on Windows Server 2016.

System requirements:

  • Citrix Workspace app 2309 or later
  • Citrix Virtual Apps and Desktops 2308 or later

Supported VDA OS versions:

  • For multi-session:

    • Windows Server 2019
    • Windows Server 2022
  • For single-session:

    • Windows 10 version 22H2
    • Windows 11 version 22H2

Prerequisites:

  • The client or endpoint must be connected to the domain.
  • Requires a direct line of sight of Active Directory.

StoreFront and DDC settings

Setup domain pass-through environment using the following settings:

Note:

You can skip this step if you have already configured domain pass-through in your environment.

  1. When Citrix Workspace app is configured on the StoreFront:

    1. Open StoreFront Studio.
    2. Go to Store > *Manage Authentication methods.
    3. Enable Domain pass-through.

Or,

  1. When using Citrix Workspace app through the browser:

    1. Open StoreFront.
    2. Open Stores > Receiver for Websites > Manage Authentication methods.
    3. Enable Domain pass-through.

      Enable domain pass-through -Storefront

  2. Enable Remote Credential Guard mode policy on DDC.

    VDA policy

  3. Click OK.

VDA settings

  1. Navigate to Computer Configuration\Administrative Templates\System\Credentials Delegation on VDA.
  2. Enable Remote host allows delegation of non-exportable credentials windows policy on VDA.

    VDA policy

  3. Reboot the VDA machine.

Client settings

  1. Ensure that the client machine is domain joined.
  2. Ensue that the client machine is 64-bit.
  3. Open Group Policy Editor.
  4. Navigate to Computer Configuration\Administrative Templates\Citrix Components\Citrix Workspace\User Authentication.
  5. Configure the Enable Remote Credential Guard group policy.

    client policy

    Client policy enabled

  6. Modify the Internet Options settings on the client.

Note:

You can skip this step if you have already configured the domain pass-through in your environment.

  1. Add the StoreFront server to the list of trusted sites using Internet Options. To add:

    1. Open Internet Options from the Control Panel > Network and Internet.
    2. Click Security > Local Intranet and click Sites.
    3. The Local Intranet window appears.
    4. Click the Advanced tab.
    5. Add the URL of the StoreFront FQDN with the appropriate HTTP or HTTPS protocols.
    6. Click Close and OK.
  2. Modify the User Authentication settings in Internet Explorer. To modify:

  3. Open Internet Options from the Control Panel > Network and Internet.
  4. Click Security tab > Local Intranet.
  5. Click Custom level. The Security Settings – Local Intranet Zone window appears.
  6. In the User Authentication pane, select Automatic logon with current user name and password.

    User authentication pane

  7. Click OK.

You can provide feedback on this feature via the Podio form.

Client App Management for WebEx plug‑in

This feature is in technical preview from 2303 release.

Starting with the 2303 version, download, install, and auto‑update of the WebEx plug‑in is supported and handled the same way as the Zoom plug‑ins. The following Global App Configuration setting needs to be onboarded for the store/account to use this feature:


{
    "serviceURL":
    {
        "url": "https://storefront.acme.com:443"
    },
    "settings":
    {
        "description": "Install and update plugins",
        "name": "Install and update plugins",
        "useForAppConfig": true,
        "appSettings":
        {
            "windows":
            [
                {
                    "assignedTo":
                    [
                        "AllUsersNoAuthentication"
                    ],
                    "category": "AutoUpdate",
                    "settings":
                    [
                        {
                            "name": "Auto Update plugins settings",
                            "value":
                            [
                                {
                                    "pluginId": "C03BAE37-F3AC-4D63-8BC1-3C9CD2BC9E8D",
                                    "pluginName": "WebEx VDI AutoUpgrade Plugin",
                                    "pluginSettings":
                                    {
                                        "delayGroup": "Fast",
                                        "deploymentMode": "InstallAndUpdate",
                                        "detectRule": "UpgradeCode:{AA2AACDC-D30B-433F-A602-3E25975010A6}",
                                        "isBlocking": false,
                                        "isFTU": false,
                                        "maximumAllowedVersion": "3.1.0.24263",
                                        "minimumAllowedVersion": "0.0.0",
                                        "stream": "Current",
                                        "upgradeToLatest": true
                                    }
                                }
                            ]
                        }
                    ],
                    "userOverride": false
                }
            ]
        }
    }
}

<!--NeedCopy-->

You can provide feedback on this feature via the Podio form.

Quick Launch of Disconnected Desktops

This feature is in technical preview from 2209 release.

By enabling this feature, you can open your previously disconnected desktops instantly. Once this feature is enabled, Citrix Workspace app launches the disconnected sessions in hidden mode. The session is instantly presented as soon as you launch the desktop.

Quick launch of disconnected desktops

You can register for this technical preview by using the Podio form.

Local App Protection

This feature is in technical preview from 2210 release.

App Protection offers enhanced security to defend our customers against Keyloggers, accidental and malicious screen capture at endpoints. Currently, App Protection capabilities are only offered for Workspace resources. With Local App Protection, App Protection capabilities are extended to local apps on endpoints. Starting with Citrix Workspace app 2210 for Windows, App Protection can be applied to local apps on Windows devices.

You can register for this technical preview by using this Podio form.

Support for an enhanced single sign-on (SSO) experience for web and SaaS apps

This feature is in technical preview from 2204.1 release.

This feature simplifies the configuration of SSO for internal web apps and SaaS apps while using third-party identity providers (IdPs). The enhanced SSO experience reduces the entire process to a few commands. It eliminates the mandatory prerequisite to configure Citrix Secure Private Access in the IdP chain to set up SSO. It also improves the user experience, provided the same IdP is used for authentication to both the Citrix Workspace app and the particular web or SaaS app being launched.

You can register for this technical preview by using this Podio form.

Technical Preview to General Availability (GA)

Service or feature General availability version
Introducing new installer for Citrix Workspace app 2311.1
Loss tolerant mode for audio 2311.1
Improved virtual apps and desktops launch experience 2309
Sustainability initiative from Citrix Workspace app 2309