About this release

Learn about new features, enhancements, fixed issues, and known issues for Citrix Workspace app for Windows.

Note:

  • Looking for features in Technical Preview? We have curated a list so that you can find them in one place. Explore our Features in Technical Preview page and share your feedback using the attached Podio form link.
  • The Workspace UI updates with new features regularly. For more information about the new features on Workspace UI, see What’s new for Workspace UI.

What’s new in 2405.12

Version upgrade for Chromium Embedded Framework

The version of the Chromium Embedded Framework (CEF) is upgraded to 128.0.6613.120. This upgraded version includes fixes for known security vulnerabilities.

Fixed issues in 2405.12

This release addresses a few issues that help to improve overall performance and stability.

Known issues in 2405.12

There are no known issues in this release.

Note:

For a complete list of issues in the earlier releases, see Known issues.

Earlier releases

This section provides information about the new features and fixed issues in the previous releases that we support as per the Lifecycle Milestones for Citrix Workspace app.

2405.11

What’s new

Note:

The Enable MPR notifications for the System policy in the Group Policy Object template must be enabled to support the domain pass-through (single sign-on) authentication feature on Windows 11. By default, this policy is disabled on Windows 11 24H2. So, if upgraded to Windows 11 24H2, you must enable the Enable MPR notifications for the System policy.

This release addresses a few issues that help to improve overall performance and stability.

Fixed issues

Session launch might fail when the anti-keylogging feature of App Protection is enabled. This issue occurs only on Windows 11 24H2. [CVADHELP-26231]

2405.10

What’s new

Note:

The minimum Microsoft Visual C++ Redistributable version required for Citrix Workspace app for Windows 2405.10 is 14.40.33810.0.

This release addresses issues that help to improve overall performance, security, and stability.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 126.1.1.23, based on Chromium version 126. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Fixed issues

  • The enhanced domain pass-through for single sign-on feature might not support Windows 11 22H2. For more information, see Enhanced domain pass-through for single sign-on documentation. [HDX-63918]

  • You might fail to sign in to Citrix Workspace with Workspace Environment Management (WEM) tool hub when you use Active Directory and token for authentication. [CVADHELP-25836],[RFWIN-35974]

  • You might fail to add Citrix Gateway URL using Storebrowse and might fail to open sessions when using EPIC WarpDrive. This issue occurs due to case sensitivity of Storebrowse process name given while creating. [RFWIN-35687], [CVADHELP-25736]

  • When Citrix Workspace app uses Fast Connect 3 Credential Insertion API for authentication, you might notice that the CtxCredApi.dll, which is used to inject credentials in SSON server, is present only for x64 systems. As a result, you might not be able to use the CtxCredApi.dll when running on x86 apps. [RFWIN-35818]

  • Browser Data Encryption might not work if the user data isn’t stored on the same drive where the OS is installed. [DATAP-896]

  • Copying files from a virtual session and pasting it to your local system doesn’t work after upgrading Citrix Workspace app to 2405 version. [CVADHELP-26010]

  • You might fail to open apps and desktops and might get a connection timeout error. This issue occurs in Citrix Workspace app for Windows version 2405. [CVADHELP-25900]

  • You might fail to add Citrix Gateway URL using Storebrowse and might fail to open sessions when using EPIC WarpDrive. This issue occurs due to case sensitivity of Storebrowse process name given while creating. [CVADHELP-25736]

  • The App Protection USB Filter Driver exclusion list might not work when configured using GACS. [APPP-3229]

2405

What’s new in 2405

Compatibility with the higher versions of .NET

Citrix Workspace app for Windows version 2405 is compatible with the higher versions of .NET that are supported on your system. To ensure this compatibility, Citrix Workspace app follows these installation rules:

  • If .NET 6.0.20 or any supported higher version of .NET is installed on the system, Citrix Workspace app does not install any additional .NET versions.
  • If.NET isn’t installed on the system or a version less than 6.0.20 is installed on the system, Citrix Workspace app installs .NET version 6.0.25.
  • If you install any supported higher version of .NET, Citrix Workspace app is compatible with the highest available .NET version. For example, you can install .NET 8.x and uninstall .NET 6.0.25. In this case, Citrix Workspace app uses the .NET 8.x version.

Single sign-on support for ARM64-based devices

From this 2405 release, Citrix Workspace app for Windows supports the single sign-on feature on the ARM64-based devices. For more information on single sign-on, see the Authentication page.

New Add-ons and packaging

From Citrix Workspace app for Windows 2405 version, you can choose the following from the Add-on(s) page during the upgrade of Citrix Workspace app:

  • Start App Protection after installation
  • Enable single sign-on
  • Install Microsoft Teams VDI Plugin

You can uninstall Microsoft Teams Optimization VDI plug-in independent of Citrix Workspace app.

Note:

If a plug-in is already installed on your system, that plug-in option is selected automatically for upgrade. Also, if you don’t have sufficient privileges to download the plug-in, that option won’t be visible on the Add-on(s) page.

Add-ons

Configure store names for your store URL

With this feature, admins can give the stores a user friendly name to recognize. In addition, admins can enable or disable the ability for end users to modify the store name on their Citrix Workspace app.

For more information, see Configure store names for your store URL.

Improved Beacon checker tool

As part of the Configuration Checker utility, Citrix Workspace app allows you to do a beacon test using the Beacon checker tool.

Earlier the Beacon test supported only the ping.citrix.com beacon. Starting from Citrix Workspace app for Windows 2405 version onwards, beacon test works for all the beacons configured in the store added in Citrix Workspace app.

For more information, see Configuration Checker and Beacon test.

Option to prevent endpoint from going to sleep when a session is active

When a user with an active session stays away from the virtual desktop without any mouse or keyboard activity, the endpoint device might go into sleep mode after completing the set time for Windows sleep mode. As a result, the Citrix session might be disconnected and when the user returns to the session, the user might be unable to reconnect to the existing session.

With this release, a new policy named Power Management is introduced to prevent the endpoint devices from going to sleep when a session is active.

For more information, see Option to prevent endpoint from going to sleep when a session is active.

Enhancement to relative mouse

With this release you can restrict the usage of the mouse to the window using the preferences UI available from the toolbar. This enhancement helps you to use the apps that need to monitor mouse movement extending to or beyond the boundaries of the virtual desktop’s screen. These apps include third-party apps or those apps that scroll a view in response to mouse movement. For more information, see Enhancement to relative mouse.

Share system audio

You can now share the audio playing on your VDA with participants in a meeting. Select the Include computer sound option to make your meetings more engaging. This feature is enabled by default. For end users, to use the feature, turn on Include computer sound on before sharing their screen.

Include computer sound

Limitations:

  • Audio cannot be shared using this feature when sharing the screen with RAVE and BCR redirected apps or tabs.
  • This feature is supported only on published desktops.

Upgraded version of WebRTC for the optimized Microsoft Teams

The version of WebRTC that is used for the optimized Microsoft Teams is upgraded.

Support for MJPEG webcams

Starting with the 2405 version, MJPEG webcams are supported in the H264 stream. The webcam performs MJPEG compression internally which provides better image quality and a higher frame rate.

This feature is enabled by default. However, if certain Webcam doesn’t support MJPEG, this feature is disabled.

Version upgrade for Chromium Embedded Framework

The version of the Chromium Embedded Framework (CEF) is upgraded to 124. This upgraded version includes fixes for known security vulnerabilities.

Enhanced System Logs for browser content redirection

With the enhancements to the System Logs, browser content redirection now allows admins to monitor the feature status. For more information, see Browser content redirection.

App Protection support for double-hop scenario

Starting with the Citrix Workspace app for Windows 2405 version, App Protection is supported for the double-hop scenario when installed on a workstation VDA (such as Windows 10 or Windows 11) for a single-session VDA.

The following features are currently supported:

For more information, see App Protection with double-hop scenario.

App Data Protection [Technical Preview]

App Data Protection is a feature that provides enhanced security when using the Citrix Enterprise Browser.

When you are using the Citrix Enterprise Browser enabled with the App Data Protection feature, it protects the following by encrypting them:

  • Auto-fill data
  • Bookmarks
  • Browser cache
  • Browser storage folders

    Note:

    Browser storage folders don’t include user downloads.

  • Cookies
  • History
  • Network cache
  • Password vault
  • Settings

Note:

You can only access the encrypted data by opening them using the Citrix Enterprise Browser.

App Data Protection doesn’t protect the following:

  • Downloaded files
  • Extensions

To configure the App Data Protection feature, see App Data Protection.

Disclaimer:

Browser encryption policies provide device level encryption for data generated through Citrix Enterprise Browser. Please note however that we do not guarantee such device level encryption through Citrix Enterprise Browser will protect any end user device. While we continue to identify and address changes to encryption technology to better optimize our product, we also do not guarantee protection of specific configurations and deployments or for users with elevated privileges.

Limitations
  • If the App Data Protection feature isn’t enabled in the primary store, the App Data Protection will not be enabled for any store. As a workaround, you can limit users to add only one store to your Citrix Workspace app. This ensures that the App Data Protection remains enabled for the connected store always.
  • When App Data Protection is disabled on GACS, the encrypted items (as listed in the preceding section) are deleted.
  • Admin user can access other system users’ cache data through Citrix Enterprise Browser.

For more information, see App Data Protection.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 126.1.1.20, based on Chromium version 126. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Modify the user-agent of Citrix Enterprise Browser

Administrators can now modify the Citrix Enterprise Browser’s user-agent for any internal web or SaaS apps. You can configure this through Global App Configuration service. This feature provides the flexibility to create different variations of the user-agent for Citrix Enterprise Browser, which you can use for various uses.

One such use-case is the ability to restrict the internal web or SaaS apps to open only in Citrix Enterprise Browser. In addition to modifying the user-agent, you need to configure the Identity Provider (IdP) to perform a conditional check that verifies whether the end user is trying to open the app using Citrix Enterprise Browser or a native browser. The IdP opens the app only if end user tries to access it using Citrix Enterprise Browser. This restriction prevents users from accessing sensitive information in these apps from other browsers.

For more information, see Use Case 3c - Restrict apps to Citrix Enterprise Browser by modifying its user-agent.

Additional security restrictions for the Citrix Enterprise Browser

Citrix introduces additional access restrictions to enhance the security and user experience of Citrix Enterprise Browser with Secure Private Access and Global App Configuration service (GACS).

Restrictions managed through Secure Private Access

Copy:

Administrators can enable or disable copying of data from a SaaS or internal web app with this access policy when accessed via Citrix Enterprise Browser. The default value is Enabled.

For more information, see the Copy restriction in Secure Private Access product documentation.

Paste:

Administrators can enable or disable pasting of copied data into the SaaS or internal web app with this access policy when accessed via Citrix Enterprise Browser. The default value is Enabled.

For more information, see the Paste restriction in Secure Private Access product documentation.

Personal data masking:

Administrators can use the Personal data masking restriction to mask various types of sensitive information such as credit card numbers, social security numbers, and dates. Additionally, you have the flexibility to define custom rules for detecting specific types of sensitive information and masking it accordingly. The Personal data masking restriction has the option to fully or partially mask the information.

For more information, see Personal data masking.

Upload restriction by file type:

Administrators can restrict file uploads based on MIME (multi-purpose internet mail extensions) types. Unlike the Uploads policy, which allows you to enable or disable all file uploads, the Upload restriction by file type restriction allows you to enable or disable file uploads for specific MIME types.

For more information, see Upload restriction by file type.

Download restriction by file type:

Administrators can restrict file downloads based on MIME (multi-purpose internet mail extensions) types. Unlike the Downloads policy, which allows you to enable or disable all file downloads, the Download restriction by file type restriction allows you to enable or disable file downloads for specific MIME types.

For more information, see Download restriction by file type.

Printer management:

Enterprises can now prevent the printing of confidential documents and unauthorized data sharing. Admins can configure this policy through Secure Private Access. Admins can configure the behavior for network printers, local printers, and print using the Save as PDF option.

The following options are available for administrators to control access to printers for the end users:

  • Network printers: A network printer is a printer that can be connected to a network and used by multiple users.
    • Disabled: Printing from any network printers in the network is disabled.
    • Enabled: Printing from all network printers is enabled. If printer hostnames are specified, then all other network printers apart from the ones specified are blocked.

    Note:

    Printers are identified by their hostnames.

  • Local printers: A local printer is a device directly connected to an individual computer. This connection is typically facilitated through Bluetooth, USB, parallel ports, or other direct interfaces.

    • Disabled: Printing from all local printers is disabled.

    • Enabled: Printing from all local printers is enabled.

  • Print using Save as PDF

    • Disabled: The Save as PDF option for saving the content in PDF format is disabled.

    • Enabled: The Save as PDF option for saving the content in PDF format is enabled.

Note:

  • If the admin has disabled certain printing options, then those options appear grayed out to the end users.
  • End users can’t use the network printer if it is renamed on their device.

Clipboard restriction for Security groups:

In Secure Private Access, administrators can restrict clipboard access to any designated group of apps. These designated group of apps are created as Security groups in Secure Private Access, so that the end users are permitted to copy and paste contents only within that Security groups. There is also an Advanced option to enable copy and paste contents between Security groups and other local apps on the machines or unpublished web apps.

For more information, see Clipboard restriction for Security groups.

Restrictions managed through Global App Configuration service

Clipboard restriction:

In GACS, administrators can use the Enabled Sandboxed Clipboard option to manage clipboard access. When you restrict clipboard access through GACS, all content copied from any website accessed within the Citrix Enterprise Browser can’t be pasted outside the Enterprise Browser. Similarly, any content copied from native apps can’t be pasted into any website accessed within the Enterprise Browser.

For more information, see Clipboard restriction.

Audio Capture Allowed:

Administrators can use this setting to enable or disable audio capture access. When an administrator enables this setting, or leaves it unset, users are prompted to allow audio capture access. When an administrator disables this setting, these prompts are turned off, and audio capture is blocked.

For more information, see Audio Capture Allowed.

Video Capture Allowed:

Administrators can use this setting to enable or disable video capture access. When an administrator enables this setting, or leaves it unset, users are prompted to allow video capture access. When an administrator disables this setting, these prompts are turned off, and video capture is blocked.

For more information, see Video Capture Allowed.

Technical Preview

  • Browser Content Redirection and Microsoft Teams Optimization support for ARM64-based devices

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues

  • When the ICA-prefix keywords are set for a cloud hybrid session and when a user reconnects to the disconnected desktop, the user might fail to see the prompt that appears to sign out from the desktop session. [WSP-24115]

  • You might fail to add a custom portal store using the group policy editor when the storeAdditionAllowType is set to single in the Global App Config service. [RFWIN-35218]

  • When you enable the VPrefer policy, the apps that require User Account Control (UAC) elevation might fail to open. [RFWIN-35169]

  • When the NetScaler Gateway store is configured through the command line or Group Policy Editor, you might not be able to sign in to the store and might get the following error message:

    “Unable to connect to the Server check your network connection” [RFWIN-35180]

  • You might be able to click the resources in Citrix Workspace app for Windows multiple times in a short duration before the resource is successfully launched. [RFWIN-35268]

  • When an admin enables the Name enforced by admin property and then updates the store name, the updated name might not appear on the UI when you reopen the Citrix Workspace app. [RFWIN-32918]

  • You might notice that the echo cancellation might not be supported with Citrix Workspace app. [HDX-63363]

  • H265 444 on Intel might result in artifacts being visible in the session. [HDX-60061]

  • You might fail to add a custom portal store using the group policy editor when the storeAdditionAllowType is set to single in the Global App Config service. [RFWIN-35218]

  • When you switch from a desktop session to the endpoint native session of another user and then switch back to the desktop session, you might observe a gray screen. This issue occurs when using the desktop lock feature and when using multiple monitors. [CVADHELP-24582]

  • After you perform the Cylance Antivirus update, you might notice a Blue Screen of Death (BSOD) on users device. This issue occurs when the Citrix Workspace app is installed on user device. [CVADHELP-24776]

  • You might notice that the shortcut keys that are used internally in your organization don’t work in the virtual session when using Citrix Workspace app 2311. These shortcut keys include any combination of Windows key + modifier keys such as (Ctrl/ Alt/ Shift) + L or U. For example: Windows key + Alt + L. [CVADHELP-25150]

  • Citrix HDX session might get in to an unresponsive state when the virtual channel for scanners is initiated. [CVADHELP-24681]

  • App Protection anti-keylogging bypass when using special keys. [CVADHELP-24452]

  • Installation of Crestron app might fail, if you have installed DG Solutions and Citrix Workspace app for Windows with App Protection feature enabled. [CVADHELP-24476]

  • Microsoft Teams might fail to optimize due to time out issue. This issue occurs randomly and from Citrix Workspace app version 2210 or later. [CVADHELP-22867]

  • When you open Citrix Workspace app on an endpoint device, the store configuration might be incomplete and the apps might fail to enumerate intermittently. [CVADHELP-25179]

  • When Citrix Workspace app is running and configured with a store, you might notice a timeout issue with the third-party app due to flushing of DNS cache by Citrix Workspace app. [CVADHELP-24594]

  • When Citrix Workspace app uses Fast connect 3 credential insertion API for authentication, you might notice that the apps and desktops corresponding to the previous user are loaded. [CVADHELP-24011]

  • If you’re using multiple monitors and the Desktop Viewer is maximized across them, the VDA might receive an incorrect mouse position when you start dragging. This issue occurs on the Citrix Workspace app for Windows 2203 LTSR version and on the Citrix Workspace app for Windows version 2402. [CVADHELP-24688]

  • When you uninstall Citrix Workspace app for Windows as an admin and then install the Citrix Workspace app’s 2402 LTSR version in a user mode, you might fail to open a session. [CVADHELP-25341], [HDX-65644]

  • In a double-hop scenario, the ALT +TAB key might not work on macOS clients. [CVADHELP-23085]

  • If a full-screen HDX session is on focus, and the endpoint is locked using Ctrl+Alt+Del, users might be unable to type anything after unlocking. [CVADHELP-24512]

2403.1

What’s new

This release addresses issues that help to improve overall performance, security, and stability.

Fixed issues in 2403.1

  • When you are using a virtual desktop session, the keyboard shortcuts with Alt might not work as expected. For example, Ctrl + Alt + Break, which is used to access the menu options of desktop viewer toolbar and to toggle between the windowed and the full-screen modes. [RFWIN-31815]
  • If you have Real-Time Media Engine (RTME) older than 2.9.700 version installed on the end point device, you might fail to open published apps or desktops. This issue occurs on Citrix Workspace app for Windows 2403 and on Citrix Workspace app for Windows 2402 LTSR versions. [HDX-63684]

2403

What’s new

The following features are added in this release:

Sustainability initiative for cloud hybrid launch

Note:

This feature was previously available for native launches (cloud and on-premises) from the Citrix Workspace app 2309 version onwards.

From the Citrix Workspace app 2403 version, this feature is available for hybrid launches on cloud. After this feature is enabled, a prompt appears to sign out from the desktop session when a user closes a virtual desktop. This feature helps conserve energy if there are Windows OS policies that are used to shut down VMs when no users are logged in. You can also customize the text that appears on the Save energy screen. For more information, see Sustainability initiative for cloud hybrid launch.

Enhanced domain pass-through for single sign-on (Enhanced SSO)

Previously, Citrix Workspace app for Windows supported only SSON or domain pass-through authentication for single sign-on to Citrix Virtual Apps and Desktops environments using user credentials. This authentication enables the user to authenticate to the domain on their device and use their virtual apps and desktops without having to reauthenticate again.

With this release, Citrix Workspace app supports enhanced domain pass-through which is a new method of SSO. It leverages Kerberos authentication instead of user credentials. Users can now sign in to Citrix Virtual Apps and Desktops and to StoreFront using integrated windows authentication. For more information, see Enhanced domain pass-through for single sign-on (Enhanced SSO).

Support for advanced NetScaler policies for Storebrowse on Windows

Citrix Workspace app for Windows now supports advanced policies on NetScaler Gateway with Storebrowse. The supported authentication protocol is LDAP authentication. Storebrowse is a command-line utility that interacts between the client and the server. It’s used to authenticate all the operations within StoreFront and with Citrix Gateway. For more information, see the Storebrowse page.

Note:

The nFactor authentication protocol isn’t supported with Storebrowse on Windows.

Install Microsoft Teams VDI plug-in for Citrix

You can now install Microsoft Teams VDI plug-in during the installation of Citrix Workspace app using one of the following options.

Note:

For version compatibility with VDI and configuration details, see Microsoft Teams 2.1 supported for VDI/DaaS and New Teams VDI requirements.

Hide Troubleshooting and Send Feedback options for end users

Admins can now hide the troubleshooting and send feedback options for their end users using the GPO editor. Once this setting is enabled, the Troubleshooting and Send Feedback options which were previously visible to the end users on the system tray is hidden. For more information, see Hide Troubleshooting and Send Feedback options for end users.

App Protection

Screen Capture Allow List

If Citrix Workspace app, virtual apps and desktops, or SaaS apps are enabled with the App Protection Anti-screen capture policy, then you can’t capture their screens using any screen-capturing tool.

However, starting from the Citrix Workspace app for Windows 2403 release, the Screen Capture Allow List feature enables you to add an app to the screen capture allow list. This feature enables you to use the allow listed app and capture the screen of the resource enabled with the App Protection Anti-screen capture policy. For more information, see Screen Capture Allow List.

Process exclusion list

When you launch any process or application on your device, App Protection DLLs are injected into each process if the App Protection is enabled. Sometimes, this might cause the process or application not to work due to compatibility issues with the DLL.

Starting from the Citrix Workspace app for Windows 2403 release, you can add any process to the Process exclusion list to avoid the injection of the App Protection DLL into that particular process and recover from any compatibility issues caused by the presence of App Protection DLLs. For more information, see Process exclusion list.

USB Filter Driver Exclusion List

Sometimes, when you’re using specialized external keyboards such as gaming keyboards with the Citrix Workspace app, the App Protection USB Filter Driver might cause compatibility issues and block you from using the keyboard.

Starting from the Citrix Workspace app for Windows 2403 release, the USB Filter Driver Exclusion List feature allows you to exclude any USB device that has compatibility issues with the Citrix Workspace app using the device Vendor ID and Product ID. For more information, see USB Filter Driver Exclusion List.

Version upgrade for Chromium Embedded Framework

The version of the Chromium Embedded Framework (CEF) is upgraded to 120. This version upgrade helps to resolve security vulnerabilities.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 123.1.1.9, based on Chromium version 123. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Security indicator when visiting websites

Citrix Enterprise Browser now displays a security indicator on the address bar when users visit any websites. The indicator aims to inform users about the security aspects of the websites, such as whether it’s an internal site or if there are any potential security restrictions. The indicator provides more information when you click it. The indicator appears on the Enterprise browser by default, and it enhances the user experience.

Security indicator restrictions

Security indicator internal

Citrix Enterprise Browser introduces more settings in the Global App Configuration service

More settings have been added into the Global App Configuration service (GACS) for configuring Citrix Enterprise Browser.

  • Enable autofill address - Allows administrators to enable or disable the autofill suggestions for addresses.
  • Enable autofill credit card - Allows administrators to enable or disable the autofill suggestions for credit card information.
  • Auto launch protocols from origins - Allows administrators to specify a list of protocols that can launch an external app from the listed origins without prompting the user.
  • Enable command-line flag security warnings - Allows administrators to display or hide security warnings, which appear when potentially dangerous command-line flags try to launch the Enterprise Browser.
  • Manage default cookies setting - Allows administrators to manage cookies for a website.
  • Manage default pop-ups setting - Allows administrators to manage pop-ups from a website.
  • Extension install sources - Allows administrators to specify valid sources for users to install extensions, apps, and themes.
  • Disable lookalike warning pages - Allows administrators to specify the preferred domains where lookalike warning pages don’t display when the user visits pages on that domain.
  • Enable payment method query - Allows administrators to enable websites to check whether the users have saved payment methods.
  • Manage saving browser history - Allows administrators to manage the saving of Enterprise browser history.
  • Manage search suggestion - Allows administrators to enable or disable search suggestions in the Enterprise browser’s address bar.
  • Enable export bookmark - Allows administrators to enable an option to export the bookmarks in the Enterprise Browser.
  • Force ephemeral profiles - Allows administrators to clear or persist user profile data when users close the Enterprise Browser.

For more information, see the Manage Citrix Enterprise Browser through Global App Configuration service page in the Citrix Enterprise Browser documentation.

For more information on example JSON data, see Example JSON data.

Citrix Endpoint Analysis

With this release, the EPA Client is bundled with the Citrix Workspace app installer. To install the client, Citrix Workspace app must be installed with the command line option InstallEPAClient.

Example: ./CitrixworkspaceApp.exe InstallEPAClient

Note:

EPA isn’t installed by default.

In this release, the EPA version packaged is 23.11.1.20.

Deprecation of PNAgent support

Starting from the 2403 release, support for XenApp Services URLs (also known as PNAgent) for connecting to stores is deprecated. Use Citrix Workspace app to connect to stores using the store URL. For reference, see:

Technical Previews in 2403

  • Share sytem audio

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues in 2403

  • You might notice that there’s no automatic focus inside the virtual desktop that is opened in full-screen mode. You must click inside the session to regain focus. [RFWIN-32051]

  • On reconnecting published apps an extra instance of a published app gets opened. [CVADHELP-24485]

  • The Windows Surface touch pad and soft keyboard might not be supported on the Citrix Workspace app sign-in screen. This issue occurs when you sign in to a session that is published from Windows VDA in full-screen mode. [RFWIN-32050]

  • Two instances of a published application, for example app1, are observed after app1 is disconnected and another app is launched from the same VDA. [RFWIN-32517]

  • For the Windows 10 32bits x86 version, the Enable Background blur checkbox is removed as the background blur effect isn’t supported on this version. [HDX-60308]

  • You might notice visual artifacts when attempting to split the screen or adjust the primary monitor within the Monitor Layout tab on the Preferences screen. [HDX-59798]

  • Windows Media Player (WMP) shows a black screen with rave enabled on one monitor when the primary monitor isn’t the leftmost monitor (when multiple GPUs are involved). [HDX-60494]

  • When you share a screen and include the computer sound, if multiple audio output devices are playing sound, one or more receivers might notice sound artifacts. [HDX-48213]

  • BCR might play multiple audio streams at the same time instead of one active stream. [HDX-61600]

  • If you use external monitors and then switch to a single monitor (for example laptop), the size of Citrix Workspace app menu options, UI text, and dialog boxes might appear smaller than the normal display size. [HDX-47575]

  • If you’re using mono audio for stereo audio streams, you might hear only one audio channel in one earpiece instead of receiving both channels on both ears. [HDX-56344]

  • While uninstalling Citrix Workspace app 2403 for Windows - Preview version from the Control Panel > Programs > Programs and Features, the following pop-up appears:

Uninstall

The issue occurs intermittently on Windows 11 machines. Also, this issue doesn’t occur in any other uninstallation methods including uninstall from Start > Apps > Apps & Features. The uninstallation is completed successfully even though you get the preceding error message. [RFWIN-32669]

  • Screensharing from chat in Microsoft Teams is not supported. [HDX-62146]

  • Citrix Workspace app installer stops responding during fresh installation if unicode characters are specified in command line during installation. [RFWIN-32987]

  • When you upgrade to Citrix Workspace app 2403 version, the InstallEmbeddedBrowser=N command is not executed if Citrix Enterprise Browser is already installed. [RFWIN-33169]

  • Citrix Workspace app startup process might run within published app sessions by default. If you want to run the startup process in a published app session, configure the registry key RunCWAInPublishedAppSession of type DWORD in HKLM/Software/Wow6432Node/Citrix/ICA Client. [CVADHELP-24070]

2311.1

What’s new

The following features are added in this release:

Note:

Starting with Citrix Workspace app for Windows version 2311.1, Internet Explorer-based browser content redirection is deprecated. The alternate option is to use Google Chrome-based browser content redirection.

Introducing new installer for Citrix Workspace app

The user interface of the Citrix Workspace app installer is revamped to give a modern, easy outlook, and a better user experience. By default, the new installer is enabled.

Prerequisites:

.Net Desktop Runtime 6.0.20 or later is an additional pre-requisite for the new installer. For other requirements, see System requirements section.

The new installer is enabled by default. For more information, see User interface based installation.

Note:

Starting with Citrix Workspace app for Windows 2311.1 version, the TrolleyExpress is replaced with CWAInstaller-<date and timestamp>. For example, the log is recorded at C:\Program Files (x86)\Citrix\Logs\CTXWorkspaceInstallLogs-20231225-093441.

Support for Activity Manager on cloud stores

Citrix Workspace app for Windows supports the Activity Manager feature. This feature lets end users view and interact with all their active apps and desktop sessions in one place. To view active sessions in the Activity Manager, click the Activity Manager icon. You can perform the following actions on an app or desktop by clicking the respective ellipsis(…) button from the Activity Manager:

  • Log out: Logs out from the current session. All the apps in the session are closed, and any unsaved files are lost.
  • Disconnect: The remote session is disconnected but the apps and desktops are active in the background.
  • Restart: Shuts down your desktop and start it again.
  • Shutdown: Closes your disconnected desktops.
  • Force quit: Forcefully power off your desktop if there is a technical issue.
  • Click the X button to terminate the active app session from the Activity Manager.

For more information, see Activity manager.

Note:

This feature is available in Citrix Workspace app for Windows only if the new Workspace experience is enabled.

Automatic selection of video codec

With this release, Citrix Workspace app for Windows now automatically detects the best video codec to use. During installation of the Citrix Workspace app for Windows, the decoding capabilities of the endpoint are evaluated. Based on this information, Citrix Workspace app for Windows selects the best codec to use with the VDA when the session starts. The order in which the video codecs are evaluated is as follows:

  1. AV1
  2. H.265
  3. H.264

This feature is available when the Use video codec for compression policy is set to one of the following:

  • Use when preferred
  • For the entire screen
  • For actively changing regions

For more information on the Use video codec for compression policy, see Use video codec for compression.

The automatic selection only applies to YUV 4:2:0 variants of these codecs. YUV 4:2:0 uses less bandwidth compromising quality. If the Visual Quality policy setting is set to Build-to-Lossless or Always Lossless and if the Allow Visually Lossless policy is set to enabled, the automatic selection of the video codec is disabled and instead YUV 4:4:4 H.264 or H.265 is used.

For more information on these policies, see the following:

This feature is enabled by default.

For more information, see Automatic selection of video codec.

H.265

Citrix Workspace app supports the use of the H.265 video codec for hardware acceleration of remote graphics and videos. H.265 video codec must be supported and enabled on both the VDA and Citrix Workspace app.

Starting with Citrix Workspace app 2311.1, this feature is enabled automatically with the introduction of the Automatic selection of video codec feature.

For more information, see the H.265 documentation.

AV1

Citrix Workspace app supports the use of the AV1 video codec for hardware acceleration of remote graphics and videos. AV1 video codec must be supported and enabled on both the VDA and Citrix Workspace app.

Starting with Citrix Workspace app 2311.1, this feature is enabled automatically with the introduction of the Automatic selection of video codec feature.

For more information, see the AV1 documentation.

Loss tolerant mode for audio

With this release, Citrix Workspace app supports Loss tolerant mode (EDT lossy) for audio redirection. This feature improves the user experience for real-time streaming when users are connecting through networks with high latency and packet loss.

You need to use VDA version 2311 or later. By default, this feature is enabled on Citrix Workspace app for Windows. However, it is disabled on VDA.

For more information, see the Loss tolerant mode for audio documentation.

Synchronize multiple keyboards at session start

Previously, only the active keyboard on the client was synchronized with VDA after the session started in full-screen mode. In this scenario, if you configured Sync only once - when session launches on your Citrix Workspace app, and you had to change to a different keyboard, you have to manually install the keyboard on your remote desktop. Similarly, if you configured Allow dynamic sync on your Citrix Workspace app, you have to move to windowed mode, change the keyboard on your client, and then move back to full-screen mode.

With this release, all available keyboards on the client are synchronized with VDA after the session starts in full-screen mode. You can select the required keyboard from the list of installed or available keyboards on the client after the session starts in full-screen mode. The feature Synchronize multiple keyboards at session start is enabled by default on VDA, and disabled by default on the Citrix Workspace app.

For more information, see the Synchronize multiple keyboards at session start documentation.

Improved performance of BCR

Previously, BCR used client-side disk space cache and the cached information wasn’t deleted during an upgrade. This setting resulted in higher disk space usage over time and inconsistent behavior while a page is redirected using BCR.

With this release, to resolve this issue, BCR uses an in-memory cache. This enhancement helps to improve the performance of BCR.

This feature is disabled by default.

For more information, see Improved performance of BCR.

Version upgrade for Chromium Embedded Framework

The version of the Chromium Embedded Framework (CEF) is upgraded to 117. This version upgrade helps to resolve security vulnerabilities.

Important update on App Protection file and driver names

Starting with Citrix Workspace app for Windows 2311.1, the following file and driver names are updated as follows:

Existing name New name
EntryProtect.dll ctxapdotnet.dll
entryprotect.sys ctxapdriver.sys
epclient32.dll ctxapclient32.dll
epclient64.dll ctxapclient64.dll
epinject.sys ctxapinject.sys
epusbfilter.sys ctxapusbfilter.sys
entryprotectdrv ctxapdriver
epinject6 ctxapinject

These files are installed at %ProgramFiles(x86)%\Citrix\ICA Client by default.

If you’ve added any of the preceding file or driver names to the allow list in your environment, update the allow list.

Enhancement to background blurring and effects for Microsoft Teams optimization with HDX

Starting with Citrix Workspace app version 2311.1, you can select the following options for background blurring and effects:

  • No background effect
  • Select Background Blurring
  • Select Background Image

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 119.1.1.60, based on Chromium version 119. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Improved user experience

Previously, Citrix Enterprise Browser displayed a reconnection modal when you attempted to perform an action after your session expired. Starting with Citrix Workspace app for Windows version 2311.1 (which corresponds to the Chromium version 119.1.1.60), there is no longer a reconnection modal. Instead, a loading icon now appears on the browser tab when you attempt to perform any action after your session expires.

Improved watermark design

Citrix Enterprise Browser now has a new watermark design that is less intrusive and provides a better user experience.

Support for custom browser extension

Citrix Enterprise Browser has expanded its extension capabilities. Previously, only extensions from the Chrome Web Store were permitted. Citrix Enterprise Browser now allows you to add custom extensions securely. Administrators can configure custom extensions as part of the mandatory list. End users can access and use these extensions either via citrixbrowser://extensions or by clicking the Extensions option under the More button as needed. For more information on how to configure the custom extensions, see Mandatory custom extension.

Simplified SSO for Web and SaaS apps through the Global App Configuration service

Previously, single sign-on (SSO) was configured for Citrix Enterprise Browser using the PowerShell module. Now, this simplified SSO feature allows you to configure SSO in Citrix Enterprise Browser by using a newly introduced setting in the Global App Configuration service (GACS). Administrators can use this new setting to enable SSO for all web and SaaS apps in Citrix Enterprise Browser. This method eliminates the need for the complex PowerShell module. For more information on how to manage SSO through GACS, see Manage single sign‑on for Web and SaaS apps through the Global App Configuration service.

Note:

We recommend you to restart Citrix Workspace app when you modify the Citrix Enterprise Browser settings in GACS. However, you can also wait for the automatic refresh to complete. For more information on the sync duration of policies fetched from GACS, refer Frequency of settings update.

Extending simplified single sign-on functionality to StoreFront

The single sign-on (SSO) feature is now available for StoreFront, which assures a unified SSO experience. This new capability eliminates the need for users to authenticate separately when accessing apps through StoreFront. To facilitate this SSO feature, use the same Identity Provider (IdP) for both Web and SaaS apps, and for StoreFront. For more information on how to manage SSO through GACS, see Manage single sign‑on for Web and SaaS apps through the Global App Configuration service.

Manage pass-through authentication in Citrix Enterprise Browser

Pass-through authentication (PTA) is a feature of Azure AD Connect. PTA is an authentication method where the user credentials are passed from the client machine to the server. You never see it as it happens on the back end. In this method, the client machine directly communicates with the authentication server to validate the user’s credentials. PTA is typically used when your client machine and the authentication server trust each other, and your client machine is considered to be secure. For more information on Microsoft Azure AD pass-through authentication, see Microsoft Entra seamless single sign-on.

To facilitate pass-through authentication, you need the Windows Accounts extension to interact with applications that require Azure AD based access within the Enterprise Browser. Administrator need to configure this Windows Accounts extension as part of the mandatory list under ExtensionInstallForcelist. For more information on the configuration of mandatory extensions, see Mandatory extension.

Enhanced capabilities on monitoring end user activities

Previously, administrators were unable to monitor end user activities such as App accessed and Traffic type. Starting with Citrix Workspace app for Windows 2311.1 (corresponding to Chromium version 119.1.1.60), you can now monitor these details as well.

  • App accessed: Enterprise Browser provides information about all the apps accessed by the end user, provided the app is listed in the policy document.
  • Traffic type: Enterprise Browser provides information about whether data is sent directly or through Secure Private Access authentication.

To monitor the end user activities from the Enterprise Browser, use the Citrix Analytics service using your Citrix Cloud account. After signing in to Citrix Cloud, navigate to Analytics > Security > Search. There, you can refer to Apps and Desktops under the Self-Service Search section. For more information on Citrix Analytics, see Getting started.

Technical Previews in 2311.1

  • Support for TLS protocol version 1.3

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues in 2311.1

  • For a fresh install, the option to enable SSON is not available on the Installer UI. For more information, see User interface based installation. [RFWIN-32482]

  • Launch of a second seamless app fails if SSL is enabled and session reliability is turned off. If a seamless app is launched, the subsequent launch of another seamless app to the same sever should be launched in the existing session (session sharing), while the client tends to launch the app in new session causing an unexpected validate request to be sent to the broker. [CVADHELP-24549]

Session/Connection

  • If connection lease was enabled for a cloud store, Citrix Workspace app for Windows started sessions successfully even after the session limit is exceeded. [CVADHELP-23771]
  • You might fail to add a store when the top-level-domain (TLD) of the store URL is less than two characters or when there is no TLD. [CVADHELP-23973]
  • When you use smartcard authentication, adding a store might fail with the following error message:

    “This store doesn’t exist. Please retry or contact support.”

    This issue occurs with Citrix Workspace app for Windows 2309 and later versions. [CVADHELP-24127]

  • You might fail to add a cloud store that uses Azure AD authentication and you might get the following error message:

    “Unable to connect to the server”

    This issue occurs with Citrix Workspace app versions 2309 and 2309.1. [CVADHELP-24187]

  • Citrix Workspace app with SAML2 and FAS authentication might fail to sign in automatically on session unlock even when the WSCReconnectMode for Workspace control is set to reconnect on Windows sign‑on and when the Silent authentication to Citrix Workspace policy is enabled. [CVADHELP-23018]
  • Bloomberg Keyboard 5 Biometric Module might fail to connect automatically even when automatic redirection of client USB devices is on. [CVADHELP-22673]
  • Citrix Workspace might fail to enumerate the published resources for a brief amount of time when connecting to a Global server load balancing (GSLB) URL. This issue occurs when the established StoreFront server encounters any issues that cause a GSLB controlled Virtual IP (VIP) address change in the endpoint. [CVADHELP-22467]

User experience

  • Attempts to refresh might fail on custom domain stores. [CVADHELP-23733]
  • When you change the store configuration using the Group Policy Object Template or using the command-line, you might notice a white screen. [CVADHELP-23801]
  • When multiple accounts are configured through GPO and you activate any disabled account, Citrix Workspace app always switches to all accounts view instead of the selected single account. [CVADHELP-24018]
  • The arrow keys, function keys, and number keys on Numpad don’t work on the Corsair K70 Keyboard when Citrix Workspace app for Windows version 2309 is installed by selecting the Start App Protection after installation checkbox. [CVADHELP-23450]
  • In high latency environments, a jittery movement might be observed in the mouse cursor on Citrix Workspace app when the Use relative mouse setting is enabled.

    To enable the fix, modify the default.ica file in StoreFront at C:\inetpub\wwwroot\Citrix\Store\App_Data\default.ica.

    Add RelMouseSyncTimeout=xxx(min 10 to max 1000) to the [WFClient] section.

    Or

    Set the following registry key on the endpoint:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WFClient

    Name: RelMouseSyncTimeout

    Type: STRING

    Value: The minimum value is 10 and the maximum value is 1000

    [CVADHELP-21829]

  • You might notice that the app opens even after closing Citrix Workspace app when you highlight an app using the tab, then close Citrix Workspace app, and then press Enter. [CVADHELP-22700]
  • In certain scenarios, when Citrix Workspace app fails to start apps or desktops, you might get two error messages, where one message appears in a dialog box and the other is a toast notification. [RFWIN-31561]
  • When you sign in as an administrator after the desktop lock feature is enabled, you might be signed off from Citrix Workspace app if you click OK in the following pop-up message: “Administrator sign-in is detected. An elevated action is required to restore the shell for normal access.” [RFWIN-31949]
  • After visiting a browser content redirected site, if you sign out from the user session, an error message might appear. [HDX-54552]
  • Webcams in double-hop sessions don’t work as expected. This issue occurs when you use Citrix Workspace app for Windows to open virtual desktops or apps from within a virtual desktop session. [HDX-47317]
  • You might notice visual artifacts on playing a video in a published application. The issue occurs when the system where Citrix Workspace app is installed has a GPU that doesn’t support hardware decoding. [HDX-57621]
  • After installing Citrix Workspace app for the 2311.1 release, you might fail to open the product documentation link on the Installation successful screen using Citrix Enterprise Browser. This issue occurs because Citrix Enterprise Browser supports after you signed on to Citrix Workspace app. [CTXBR-6386]

User interface

  • The WebView status bar might appear at the bottom of Citrix Workspace app when you hover the mouse over any published app or desktop icon. [CVADHELP-22108]
  • The name of the audio devices is truncated to 32 characters while passing from Citrix Workspace app to VDA. As a result, the device might not be recognized in the client session by some apps. [HDX-53084]

2309.1

What’s new

This release addresses issues that help to improve overall performance and stability.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 117.1.1.13, based on Chromium version 117. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Fixed issues

  • You might fail to start sessions if the ICA file or the folder where the ICA file is downloaded is named with Unicode or non-English characters. This issue occurs only when you access and authenticate a store using a browser and then start any app or desktop using native Citrix Workspace app. [HDX-55649]
  • You might get errors with the following parameters, while installing the Citrix Workspace app for Windows version 2009 using the command line:

    • STORE0 parameter - An error message appears when a space character is included in the store name mentioning to use the correct format for the store.
    • STARTMENUDIR and DESKTOPDIR - Ignores the name after space and creates the directory with the name before the space.

    [RFWIN-31704]

  • If .NET Runtime 6.0.20 or later version is installed on the system and .NET Desktop Runtime 6.0.20 or later version isn’t installed, you get an error message during Citrix Workspace app installation. [RFWIN-31817]
  • The anti-screen capture feature doesn’t function as intended on Citrix Enterprise Browser version 117.1.1.9, when running on Windows 11. [CTXBR-6181]
  • You might notice visual artifacts on playing a video in a published application. The issue occurs when the system where Citrix Workspace app is installed has a GPU that doesn’t support hardware decoding. [HDX-57621]

2309

What’s new

Note:

From this release onwards, ensure that the Microsoft Edge WebView2 Runtime version is 117 or later. We recommend you to install the latest version to get newer functionalities and security-related fixes.

The following features are added in this release:

Additional .NET prerequisites

In addition to .NET Framework 4.8, Citrix Workspace app requires the x86 version of.NET Desktop Runtime 6.0 for both x86 and x64 systems with admin privileges. For more information, see .NET requirements.

Improved virtual apps and desktops launch experience

Note:

From Citrix Workspace app version 2305.1 and later, this feature is generally available for cloud stores and from 2309 for on-premises stores.

Previously, the launch progress dialog box wasn’t intuitive to the users. It made the users assume that the launch process isn’t responding and they closed the dialog box, as the notification messages were static.

The improved app and desktop launch experience is more informative, modern, and provides a user-friendly experience on Citrix Workspace app for Windows. This feature helps to keep the users engaged with timely and relevant information about the launch status.

For more information, see Improved virtual apps and desktops launch experience.

Addition of the Troubleshooting option in the system tray of Citrix Workspace app

The Troubleshooting option is introduced to improve the user experience and to easily proceed with the troubleshooting. You can right-click on the Citrix Workspace app icon in the system tray that is placed in the bottom-right corner of your screen and then select Troubleshooting to access it.

The options available under Troubleshooting are:

  • Send Feedback
  • Collect Logs
  • Check Configuration
  • Reset App Data
  • Help
Send feedback on Citrix Workspace app

The Send feedback option allows you to inform Citrix about any issues that you might run into while using Citrix Workspace app. You can also send suggestions to help us improve your Citrix Workspace app experience.

For more information, see Addition of the Troubleshooting option in the system tray of Citrix Workspace app.

Sustainability initiative from Citrix Workspace app

When this feature is enabled, a prompt appears to sign out from the desktop session when a user closes a virtual desktop. This feature might help conserve energy if there are Windows OS policies that are used to shut down VMs when no users are logged in.

For more information, see Sustainability initiative from Citrix Workspace app.

Commands to configure keyboard layout synchronization using command-line interface

Previously, you could configure keyboard layout synchronization using the GUI or by updating the configuration file only. With this release, the new commands are introduced to configure keyboard layout synchronization using the command-line-interface.

For more information, see Configure keyboard layout synchronization using command-line interface.

Command to cleanup and install Citrix Workspace app

Use the /CleanInstall command to cleanup any leftover traces such as files and registry values from a previous uninstall and then freshly install the new version of the Citrix Workspace app.

For example:

CitrixWorkspaceApp.exe /CleanInstall
<!--NeedCopy-->

Optimized Microsoft Teams updates

Upcoming Microsoft Teams Single-Window EOL

On January 31, 2024, Microsoft will retire the Microsoft Teams support for Single-window UI when using VDI Microsoft Teams optimization and support only the Multi-Window experience. You must use a version of Citrix Virtual Apps and Desktops and Citrix Workspace app that support the Multi-Window feature to continue using certain optimized Microsoft Teams functionalities. For more information, see Upcoming Microsoft Teams Single-Window EOL.

Deprecation announcement of the SDP format (Plan B) from WebRTC

Citrix is planning to deprecate the current SDP format (Plan B) support from WebRTC in future releases. You must use a version of Citrix Workspace app that supports the Unified Plan to continue using certain optimized Microsoft Teams functionalities. For more information, see Deprecation announcement of the SDP format (Plan B) from WebRTC.

App Protection

Important update on file names

In a future release for Citrix Workspace app for Windows, the following file names will be updated as follows:

Existing file name New file name
EntryProtect.dll ctxapdotnet.dll
entryprotect.sys ctxapdriver.sys
epclient32.dll ctxapclient32.dll
epclient64.dll ctxapclient64.dll
epinject.sys ctxapinject.sys
epusbfilter.sys ctxapusbfilter.sys
entryprotectdrv ctxapdriver
epinject6 ctxapinject

These files are installed at %ProgramFiles(x86)%\Citrix\ICA Client by default.

If you’ve added any of the preceding file names to the allow list in your environment, update the allow list.

Policy tampering detection

Policy tampering detection feature prevents the user from accessing the Virtual App or Desktop session if the App Protection anti-screen capture and anti-keylogging policies are tampered. If policy tampering is detected, the virtual app or desktop session will be terminated displaying the following error message:

Policy tampering error

Note:

This feature will be available only after the release of the upcoming version of Citrix Virtual Apps and Desktops.

For more information about the policy tampering detection feature, see Policy tampering detection.

Full desktop sharing capability from the VDA with Citrix Workspace app

Previously when App Protection is enabled, desktop sharing is disabled for Optimized Microsoft Teams as App Protection doesn’t allow you to capture the screen.

From Citrix Workspace app for Windows 2309 version and later, desktop sharing is enabled for Optimized Microsoft Teams even if App Protection is enabled.

For more information, see Compatibility with HDX optimization for Microsoft Teams.

App Protection with DoubleHop scenario

App Protection features aren’t supported in a double hop scenario. Double hop means a Citrix Virtual Apps or Virtual Desktops session running within a Citrix Virtual Desktops session. You were allowed to launch virtual apps and desktops enabled with App Protection policies in a double hop scenario. However, the App Protection features weren’t applied.

Now, a Windows Group Policy is introduced which allows you to block opening virtual apps and desktops enabled with App Protection policies in a double hop scenario. For more information about enabling the Block DoubleHop Launch setting, see Enable Block DoubleHop Launch setting.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 117.1.1.9, based on Chromium version 117. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Authentication through Citrix Enterprise Browser

Previously, if the authentication token for Citrix Workspace app expired, you weren’t able to use the Enterprise Browser. You had to switch to Citrix Workspace app and reauthenticate to continue using the Enterprise Browser.

Starting with the Citrix Workspace app for Windows 2309 version (which corresponds to the Chromium version 117.1.1.9), you can authenticate within the Enterprise Browser itself only when the store remains the same. It ensures authentication to Citrix Workspace app as well. In addition, this feature provides a seamless login experience.

Note:

  • This feature applies to Workspace stores.

Authentication using Citrix Enterprise Browser

Technical Preview

  • Introducing new installer for Citrix Workspace app
  • Support for EDT Lossy protocol
  • Enhanced domain pass-through for single sign-on

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues

Session/Connection

  • The SelfService executable might run even though no account is added in the Citrix Workspace app. [CVADHELP-23124]

  • Attempts to start a published application through Citrix Workspace app on an endpoint with more than eight monitors might fail with the following error message:

    This version of Workspace doesn’t support the selected encryption. Please contact your administrator.

    [CVADHELP-20555]

  • When connecting through Citrix Gateway, if there’s high latency, sessions might fail to connect using EDT and fallback to TCP. If HDX Adaptive Transport policy is set to Diagnostic mode, the sessions might fail to start. [HDX-49878]
  • When using Host to Client URL Redirection a specific URL might fail to open on the client as expected and might open on the VDA. This issue occurs because the Host to Client Content Redirection feature includes a ping check to ensure that the client can actually reach the URL being redirected. If the ping checks fail, it rejects the URL redirection request and the URL opens on the VDA. With the fix, you can prevent ping check in host to client redirection. To prevent ping check-in host to client redirection, set the following registry key.

    HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/Citrix/ICA Client/SFTA Name: OverridePingCheck Type: REG_DWORD Value: 1

    [CVADHELP-22824]

  • The session might disconnect if you click the Desktop Viewer and resize a published desktop continuously. [CVADHELP-22063]
  • After Citrix Workspace app installation completes, when you configure a store using GPO or command line, you might get a fatal error prompt. [CVADHELP-23345]
  • Attempts to reconnect to certain non-English language desktop versions using Auto Client Reconnect might fail with an error message. [CVADHELP-22507]
  • When the self-service mode is set to False and the desktop lock feature is enabled, you might fail to add a store and might fail to start a desktop. [CVADHELP-23052]
  • When the Global App Config server isn’t reachable, the account addition might be timed out and you might fail to add an account. [CVADHELP-22999]
  • You might fail to start apps or desktops session using the API from ICO SDK after upgrading to Citrix Workspace app version 2112 or later. [CVADHELP-22940]
  • You might fail to start apps or desktops from Citrix Workspace when the cloud store is integrated with StoreFront. [CVADHELP-23606]

User experience

  • Attempts to copy and paste .msg files from local Microsoft Outlook to a published explorer might fail. [CVADHELP-22542]
  • When you sign out from Citrix Workspace app, you might not be signed out from the store. This issue occurs if you have set the disableiconhide registry value to ‘true’. [CVADHELP-22916]
  • When you try to open Citrix Workspace app, SelfService UI might be closed unexpectedly and you might fail to open Citrix Workspace app. This issue occurs only when some files are missing in the install location. [CVADHELP-22683]
  • When you open a desktop, the Desktop Viewer name might appear garbled. [CVADHELP-22925]
  • When you connect to a desktop using Cache Redirection mode, if ADC High Availability fails, you might not be able to reconnect to a desktop using Cache Redirection mode. [CVADHELP-22881]
  • After you upgrade from Citrix Workspace app version 2305–2307, you might fail to create desktop shortcuts. [CVADHELP-23429], [CVADHELP-15550]
  • When accessing a webserver using Integrated Windows authentication, the website content might not render on the client and might fall back to the server side. This issue occurs when the BCR proxy configuration is set to DIRECT mode. [HDX-51739]
  • When you sign out from the Citrix Workspace app and sign in again, Citrix Workspace app starts without entering the sign-in credentials. This issue occurs only when you sign in to Citrix Workspace app using custom domain. [RFWIN-31415]

System exceptions

  • The wfica32.exe process might exit unexpectedly during a user session. [CVADHELP-22249], [CVADHELP-22234]
  • Citrix Workspace app for Windows 2212 version might fail to follow the conditions set in the proxy PAC file. [CVADHELP-22503]

App Protection

  • When you are using Corsair K70 Keyboard with Citrix Workspace app versions 2212 or later, then incorrect keystrokes might be sent to Anti-Keylogging enabled windows. [CVADHELP-23157]

2307.1

What’s new

This release addresses issues that help to improve overall performance and stability.

Fixed issues

  • In Microsoft Teams, while you share a screen or app and resize it, the aspect ratios displayed might not be correct on the recipient’s (other meeting participants) side. This issue also occurs when you share screen or apps that are ordered using the Snap Windows feature option. [HDX-54395]

2307

What’s new

Added support for playing short tones in optimized Microsoft Teams

Earlier, with the secondary ringtone feature enabled, short tones such as beeps or notifications were playing repeatedly. For example, the tone that was played when a guest joins the Microsoft Teams meeting was repeated. The only workaround was to quit and restart Microsoft Teams. This issue resulted in a poor end-user experience.

With this release, Citrix Workspace app supports playing the short tones as desired. This support also enables the secondary ringtone feature.

Prerequisites:

Update to the latest version of Microsoft Teams.

Note:

The preceding feature is available only after the roll-out of a corresponding update from Microsoft Teams. Check the documentation update and the announcement in CTX253754.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 112.1.1.24, based on Chromium version 112. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Citrix Enterprise Browser shortcut

Starting with the Citrix Workspace app for Windows 2307 version, an administrator can configure and control the presence of the Citrix Enterprise Browser shortcut on the Start menu.

Note:

By default, this setting is enabled for Workspace stores.

Configuration

An IT administrator can configure the presence of the Citrix Enterprise Browser shortcut in one of the following ways:

  • Group Policy Object (GPO)
  • Global App Configuration Service (GACS)
  • web.config.file.

Notes:

  • All the configuration methods have equal priority. Enabling any one of them enables the shortcut.
  • If you haven’t configured the shortcut but have one or more Workspace stores, the shortcut gets automatically enabled.
  • For end users, the Citrix Enterprise Browser shortcut appears if the user makes it as a favorite app irrespective of the configuration.
  • To disable this feature for Workspace stores, administrators must apply the following settings in any one of the following:

    • set the CEBShortcutEnabled attribute to false in the web.config file.
    • disable the Enable Citrix Enterprise Browser shortcut property in GPO and GACS.
Using Group Policy Object

Administrators can use the Enable Citrix Enterprise Browser shortcut property to control the display of the Citrix Enterprise Browser shortcut on the Start menu.

Note:

Configuration through GPO is applicable on Workspace and StoreFront.

To enable the Citrix Enterprise Browser shortcut, do the following:

  1. Open the Citrix Workspace app Group Policy Object administrative template by running gpedit.msc.
  2. Under the Computer Configuration node, go to Administrative Templates > Citrix Components > Citrix Workspace > Citrix Enterprise Browser.
  3. Select the Enable Citrix Enterprise Browser shortcut option.

Enable Citrix Enterprise Browser shortcut

For more information on how to use the GPO, see the Group Policy Object administrative template page.

Global App Configuration service (GACS)

Navigate to Workspace Configuration > App Configuration > Citrix Enterprise Browser and enable Enable Citrix Enterprise Browser shortcut.

For more information on how to use the GACS UI, see the User interface article in the Citrix Enterprise Browser documentation.

Note:

This way of configuration is applicable on Workspace and StoreFront.

web.config file:

Enable the attribute CEBShortcutEnabled under the properties.

<properties>  

            <property name="CEBShortcutEnabled" value="True" />

</properties>
<!--NeedCopy-->

Note:

Configuration through web.config is applicable on StoreFront.

Using web.config:

To enable the Citrix Enterprise Browser shortcut, do the following:

  1. Use a text editor to open the web.config file, which is typically at C:\inetpub\wwwroot\Citrix\Roaming directory.
  2. Locate the user account element in the file (Store is the account name of your deployment) For example: <account id=... name="Store">

  3. Before the </account> tag, navigate to the properties of that user account and add the following:

    <properties>
    
            <property name="CEBShortcutEnabled" value="True" />
    
    </properties>
    <!--NeedCopy-->
    

Following is an example of the web.config file:

<account>

      <clear />

          <account id="d1197d2c-ac82-4f13-9346-2ee14d4b0202" name="F84Store"

          description="" published="true" updaterType="Citrix" remoteAccessType="None">
         <annotatedServices>
     <clear />
     <annotatedServiceRecord serviceRef="1__Citrix_F84Store">
            <metadata>  
                   <plugins>  
                        <clear />
                    </plugins>
             <trustSettings>
                        <clear />
              </trustSettings>
              <properties>
                        <property name="CEBShortcutEnabled" value="True" />
               </properties>
            </metadata>
       </annotatedServiceRecord>
</annotatedServices>
<metadata>
          <plugins>
                  <clear />
          </plugins>
         <trustSettings>
                     <clear />
         </trustSettings>
         <properties>
                <clear />
         </properties>
      </metadata>
</account>

<!--NeedCopy-->

Fixed issues

  • On Citrix Workspace app for Windows version 2212 and later, the first launch of the anti-screen capture enabled virtual desktop in a custom web store is not protected in the following case: If you haven’t selected the Start App Protection after installation checkbox, and launch the virtual desktop. The desktop is protected from the subsequent launches. [CVADHELP-23189]
  • Citrix Workspace app sessions might get disconnected due to a possible failure in wfica32.exe. This issue occurs rarely and you might get an error message with event ID 1000. [CVADHELP-23341]
  • When you access Linux VDA from the Citrix Workspace app for Windows version 2303 or later, the Wfica32.exe might fail. This issue occurs when the session is left opened for a long time. [CVADHELP-23037]
  • If you use the Citrix Workspace app version 2305.1 or earlier to personalize the app as per your organization, the brand personalization might not be reflected. This issue occurs due to a certificate update in Citrix Workspace app done recently. [RFWIN-30798]

2305.1

What’s new

Improved virtual apps and desktops launch experience

Note:

This feature is generally available for cloud stores and it is in technical preview for on-premises stores.

Previously, the launch progress dialog box wasn’t intuitive to the users. It made the users assume that the launch process isn’t responding and they closed the dialog box, as the notification messages were static.

Citrix Virtual Apps and Desktops Launch

The improved app and desktop launch experience is more informative, modern, and provides a user-friendly experience on Citrix Workspace app for Windows. This feature helps to keep the users engaged with timely and relevant information about the launch status. The notification appears in the bottom-right corner of your screen.

Citrix Virtual Apps and Desktops Launch New

Users can view meaningful notifications about the launch progress, instead of just a spinner. If a launch is in progress and the user attempts to close the browser, a warning message is shown.

Starting with Citrix Workspace app for Windows 2305.1, this feature is enabled by default in cloud sessions.

You can enable this feature using the registry key for the StoreFront (on-premises) session. For more information, see Improved virtual apps and desktops launch experience.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

You can provide feedback on this feature via the Podio.

Tracking Storebrowse command status

You can track the execution status of a Storebrowse command in a file. To track the success status, provide a unique file name with the -f launch command. This command generates a file with the name that you have provided. The failure status is present in the ica.error file, which is created automatically.

Note:

Ensure that you add an .ica extension to the file name with -f launch command. Otherwise, the file isn’t generated.

The files to track both success and failure are present at %LOCALAPPDATA%\citrix\selfservice\cache and you can monitor these files as needed.

This enhancement is enabled by default.

Following is an example to use the launch command with -f option:


-launch -f <uniqueFileName.ica> "launchcommandline"
For example:
SelfService.exe storebrowse -launch -f uniqueFileName.ica -s store0-5c3ec017 -CitrixID store0-5c3ec017@@a9a8e3ac-099d-4577-b84e-e33d0695df39.Notepad -ica "https://cwawiniwstest.cloudburrito.com/Citrix/Store/resources/v2/YTlhOGUzYWMtMDk5ZC00NTc3LWI4NGUtZTMzZDA2OTVkZjM5Lk5vdGVwYWQ-/launch/ica" -cmdline

<!--NeedCopy-->

Support for modern authentication methods for StoreFront stores

Citrix Workspace app 2305.1 for Windows support modern authentication methods for StoreFront stores. You can authenticate to Citrix StoreFront stores using any of the following ways:

  • Using Windows Hello and FIDO2 security keys. For more information, see Other ways to authenticate.
  • Single sign-on to Citrix StoreFront stores from Azure Active Directory (AAD) joined machines with AAD as the identity provider. For more information, see Other ways to authenticate.
  • Workspace administrators can configure and enforce Azure Active Directory conditional access policies for users authenticating to Citrix StoreFront stores. For more information, see Support for Conditional access with Azure AD.

To enable this feature, you must use Microsoft Edge WebView2 as the underlying browser for direct StoreFront and gateway authentication.

Note:

Ensure that the Microsoft Edge WebView2 Runtime version is 102 or later.

You can enable modern authentication methods for StoreFront stores using the Global App Config service and Group Policy Object (GPO) template. For more information, see the Support for modern authentication methods for StoreFront stores section.

Plugins management for WebEx plug‑in

Starting with the 2305.1 version, download, install, and auto‑update of the WebEx plug‑in is supported and handled the same way as the Zoom plug‑ins. For more information, see Plugins management for WebEx plug‑in.

Support for more than 200 groups in Azure AD

With this release, an Azure AD user who is part of more than 200 groups can view apps and desktops assigned to the user. Previously, the same user wasn’t able to view these apps and desktops.

Note:

Users must sign out from Citrix Workspace app and sign in back to enable this feature.

App Protection

Enhancement on anti-keylogging

With this enhancement, anti-keylogging is enabled on the authentication and self-service plug-in (SSP) screens if one of the following criteria is met:

  • You have enabled App Protection using one of the following:

    • Select the Start App Protection checkbox during installation.
    • Start the App Protection component using the startappprotection command line parameter.
  • If you haven’t selected the Start App Protection checkbox or used the startappprotection command line parameter during the installation, then the anti-keylogging protection is enabled after launching the first protected resource.

Note:

The Global App Configuration service (GACS) and Group policy objects (GPO) settings override the preceding behavior. For example, if you’ve disabled the GACS or GPO policy for these screens, the anti-keylogging is not enabled on the authentication and SSP screens.

Important update on file names

In a future release for Citrix Workspace app for Windows, the following file names will be updated:

  • EntryProtect.dll
  • entryprotect.sys
  • epclient32.dll
  • epclient64.dll
  • epinject.sys
  • epusbfilter.sys
  • entryprotectdrv
  • epinject6

These files are installed at %ProgramFiles(x86)%\Citrix\ICA Client\.

If you’ve added any of these file names to the allow list in your environment, update the allow list when the new file names are announced.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 105.1.1.27, based on Chromium version 105. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Support for browser extensions

You can add extensions that are provided by your administrator to the Citrix Enterprise Browser in a secure way. An administrator can deploy, manage, and control the extensions. End users can view and use the extension under citrixbrowser://extensions as required. For more settings, see Global App Configuration Service.

For more information on how to configure, see Support for browser extensions.

Modification in SPA policy implementation on internal Web and SaaS apps

This feature enhances the security policies implementation on Web and SaaS apps. When a webpage and iframes within the webpage have different policies, we now have a stricter policy implementation where a union of all policies is applied on the entire webpage, including the iframes. However, the watermark is applied to the webpage only.

Use Global App Config service to manage Citrix Enterprise Browser

The administrator can use the Global App Configuration service (GACS) for Citrix Workspace to deliver Citrix Enterprise Browser settings through a centrally managed service.

The Global App Configuration service is designed for administrators to easily configure Citrix Workspace and manage the Citrix Workspace app settings. This feature allows admins to use the Global App Configuration Service to apply various settings or system policies to the Citrix Enterprise Browser on a particular store. The administrator can now configure and manage the following Citrix Enterprise Browser settings using APIs or the GACS Admin UI:

  • “Enable CEB for all apps” - Makes the Citrix Enterprise Browser the default browser for opening web and SaaS apps from the Citrix Workspace app.
  • “Enable save passwords” - Allow or deny end users the ability to save passwords.
  • “Enable incognito mode” - Enable or disable incognito mode.
  • “Managed Bookmarks” - Allow an administrator to push bookmarks to the Citrix Enterprise Browser.
  • “Enable developer tools” - Enable or disable developer tools within the Enterprise Browser.
  • “Delete browsing data on exit” - Allow the administrator to configure what data the Citrix Enterprise Browser deletes on exit.
  • “Extension Install Force list” - Allow the administrator to install extensions in the Citrix Enterprise Browser.
  • “Extension Install Allow list” - Allow the administrator to configure an allowed list of extensions that users can add to the Citrix Enterprise Browser. This list uses the Chrome Web Store.

For more information, see Use Global App Configuration service to manage Citrix Enterprise Browser.

Notes:

{
    "category": "browser",
    "userOverride": false,
    "assignedTo": [
    "AllUsersNoAuthentication"
    ]
}

<!--NeedCopy-->
User interface

To configure Citrix Enterprise Browser through the GACS Admin UI, do the following:

  1. Sign in to citrix.cloud.com with your credentials.

    Note:

    Refer to the Sign Up for Citrix Cloud article for step-by-step instructions to create a Citrix Cloud account.

  2. Upon authentication, click the menu button in the top left corner and select Workspace Configuration.

    Menu

    The Workspace Configuration screen appears.

  3. Click App Configuration > Citrix Enterprise Browser.

    Breadcrumbs

    You can now configure, modify, and publish Citrix Enterprise Browser feature settings.

For more information, see Use Global App Configuration service to manage Citrix Enterprise Browser.

Technical Preview

  • Sustainability initiative from Citrix Workspace app

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues

  • You might get the following error message when the AllowAddStore parameter is set to N value and an HTTP store is added using the Group Policy Object (GPO) or command line interface:

    “Unable to connect to the server” [CVADHELP-22184]

  • When you use the Workspace Environment Management (WEM) transformer with desktops, instead of automatically opening the desktop, you might be asked to download, run, and open the ICA file. This issue occurs with Citrix Workspace app versions 2209, 2212, and 2302. [CVADHELP-22318]
  • The icons created on the desktop might be enabled even after setting the value of PutShortcutsOnDesktop to False under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\Dazzle\. [CVADHELP-15550]
  • You might not be able to use Pega Robot Studio, a third party app, even if you don’t have any protected apps or desktops opened. This issue occurs when Citrix Workspace app is installed with App Protection enabled. [CVADHELP-21146]
  • If the Windows 10 OS is installed in a language other than English, Citrix Workspace app might fail to access the local apps of the OS. [CVADHELP-21986]
  • When Citrix Workspace app that is opened on a published desktop freezes, the published apps running on the published desktop might fail to start. The issue occurs when there is a deadlock within the receiver.exe file. [CVADHELP-21604]
  • When you sign in to the Citrix Workspace app, apps and desktops corresponding to multiple accounts configured through GPO or command line might not be displayed. This issue occurs when the registry key value of CurrentAccount is set to AllAccount at `Computer\HKEY_LOCAL_MACHINE\Software\wow6432Node\Citrix\Dazzle” [CVADHELP-21124]
  • You might not be able to take screenshots using the Print Screen key (PrtSc) when there are no protected apps on the screen. This issue occurs when App Protection is enabled for self-service on Citrix Workspace app. [CVADHELP-21979]
  • For cloud stores, you might fail to add an account using redirected URLs. [CVADHELP-22438]
  • After upgrading to Citrix Workspace app for Windows 2203 LTSR, you might see a white screen. This issue occurs when you add and configure a store for the first time and simultaneously refresh and open the SelfService UI. [CVADHELP-22696]
  • Sometimes, you might fail to start a virtual desktop from Citrix Workspace app version 2305. You might also notice that the session quits silently, the session disconnects with a gray screen, or the session fails with an error message: ‘SSL Error 27: No local security certificates could be loaded.’ [CVADHELP-23095]
  • When you install either Citrix Workspace app for Windows 2212, 2202, or 2303 version with App Protection enabled, the installation might fail intermittently with the following error message:

    “Service ‘@C:\Program Files (x86)\Citrix\ICA Client esources.dll, -104’ (appprotectionsvc) could not be installed. Verify that you have sufficient privileges to install system services.”

    [CVADHELP-21995]

  • The Citrix Workspace app might stop responding if you have any mouse interaction (mouse action or movements) on the Restore session dialog box. This issue occurs when you start a session after upgrading from the Citrix Workspace app version 2302–2303 and if there are disconnected sessions previously. [RFWIN-29663]
  • You might notice that the HTTP requests during auto-update are sent to the Content Delivery Network (CDN) even when a proxy is configured using the proxy auto‑configuration (PAC) file. [RFWIN-29203]
  • When the Microsoft Edge WebView for StoreFront authentication policy is enabled and if the sign-in needs HTTP authentication (basic or proxy), instead of asking for user credentials, the Edge WebView browser authentication window might close. [RFWIN-30061]
  • You might not be able to see the name of an opened virtual desktop on the connecting screen in the Desktop Viewer when the desktop is opened in full screen. [RFWIN-29875]
  • An extra entry for Citrix Workspace without the default Citrix Workspace app icon appears on the Windows 11 control panel. [APPP-1263]
  • The names in the Properties of Network Connections (in the control panel) might be corrupted when Citrix Workspace app is installed with App Protection enabled. [APPP-1242]

2303

What’s new

Configure path for Browser Content Redirection overlay Browser temp data storage

Starting with Citrix Workspace app 2303 version, you are requested to configure temp data storage path for the Chromium Embedded Framework (CEF) based browser.

For more information, see Configure path for Browser Content Redirection overlay Browser temp data storage.

Support for modern authentication methods for StoreFront stores

Citrix Workspace app 2303 for Windows support modern authentication methods for StoreFront stores. You can authenticate to Citrix StoreFront stores using any of the following ways:

  • Using Windows Hello and FIDO2 security keys. For more information, see Other ways to authenticate.
  • Single sign-on to Citrix StoreFront stores from Azure Active Directory (AAD) joined machines with AAD as the identity provider. For more information, see Other ways to authenticate.
  • Workspace administrators can configure and enforce Azure Active Directory conditional access policies for users authenticating to Citrix StoreFront stores. For more information, see Support for Conditional access with Azure AD.

To enable this feature, you must use Microsoft Edge WebView2 as the underlying browser for direct StoreFront and gateway authentication.

Note:

Ensure that the Microsoft Edge WebView2 Runtime version is 102 or later.

You can enable modern authentication methods for StoreFront stores using the GPO template. For more information, see the Support for modern authentication methods for StoreFront stores section.

Improved experience for optimized Microsoft Teams video conference calls

Starting with this release, by default simulcast support is enabled for optimized Microsoft Teams video conference calls. With this support, the quality and experience of video conference calls across different endpoints are improved by adapting to the proper resolution for the best call experience for all callers.

With this improved experience, each user might deliver multiple video streams in different resolutions (for example, 720p, 360p, and so on) depending on several factors including endpoint capability, network conditions, and so on. The receiving endpoint then requests the maximum quality resolution that it can handle thereby giving all users the optimum video experience.

Note:

This feature is available only after the roll-out of an update from Microsoft Teams. For information on ETA, go to https://www.microsoft.com/ and search for the Microsoft 365 roadmap. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.

Enhancement to App Protection: Anti-DLL Injection

As part of App Protection, we now have a security enhancement that helps to protect the Citrix Workspace app from certain unauthorized dynamic-link libraries (DLL) or untrusted modules. If such untrusted modules are injected, the Citrix Workspace app detects these interventions and stops the modules from loading.

The anti-DLL injection can be enabled for the following components:

  • Citrix Auth Manager
  • Citrix Workspace app UI
  • Citrix Virtual Apps and Desktops

For more information, see the App Protection documentation.

Disclaimer:

This capability works by filtering access to required functions of the underlying operating system (specific API calls required to load DLLs). Doing so means that it can provide protection even against certain custom and purpose-built hacker tools. However, as operating systems evolve, new ways of loading DLLs can emerge. While we continue to identify and address them, we cannot guarantee full protection in specific configurations and deployments.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 109.1.1.29, based on Chromium version 109. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Secure Private Access support for StoreFront

As an administrator, you can now configure Web and SaaS apps in StoreFront using a Secure Private Access solution. After the administrator configures the app, end users can open the Web and SaaS apps using Citrix Enterprise Browser with enhanced security.

For more information, see Secure Private Access for on-premises in the Citrix Secure Private Access documentation.

Technical Preview

  • Client App Management for WebEx plug‑in

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues

  • The published URLs open through the Citrix Enterprise Browser instead of the device’s default browser. [CTXBR-4718]
  • You might experience delay in enumerating apps and starting apps or desktops when using SSON in an environment that has no active access to external sites. This issue occurs from the Citrix Workspace app version 2210.5 onwards and from the Citrix Workspace app version 2203 CU2 onwards. [CVADHELP-21786]
  • The wfica32.exe process might stop unexpectedly and get an error when you open an app from the Citrix Workspace. This issue occurs only when you have the adaptive audio feature enabled. [CVADHELP-20999]
  • When you install Citrix Workspace app 2212 on remote machines using a PowerShell script, the Citrix Workspace app installer might stop. This issue occurs before the installation begins on the remote machine. [CVADHELP-22278]
  • When you attempt to configure multiple stores through a Group Policy Object (GPO) or command line, one of the stores might not be fully configured. [CVADHELP-22034]
  • The screen might display the authentication pop-up window on the upper left corner instead of displaying on the center. [CVADHELP-21835]
  • After a store is added with the store authentication token set to true, Citrix Workspace might become unresponsive at the white screen and the store authentication token is set to false. [CVADHELP-21582]
  • Attempts to access Citrix Workspace app for Windows might fail when the VPN disconnects or reconnects. [CVADHELP-21662]
  • When you share a screen using Microsoft Teams from the HP EliteBook G6 endpoint, you might see a red window instead of a red border. [CVADHELP-20763]
  • You might not be able to use the Bloomberg Terminal application with the Bloomberg Keyboard 5 or Bloomberg Keyboard 2013. This issue occurs when Citrix Workspace app version 2302 is installed on your system with the App Protection feature enabled. [CVADHELP-22221]
  • A published application might open in a non-visible state when you start the application. [CVADHELP-21618]
  • The msedgewebview2.exe` process can cause high CPU usage when selfservice is running. [CVADHELP-21610]
  • There might be a delay in adding a store due to certificate revocation check requests for the store’s certificate. As a workaround, you can skip checking certificate revocation using the following registry:

    Path : HKEY_LOCAL_MACHINE/Software/wow6432node/Citrix/Receiver Name : SkipStoreCertificateRevocationCheck Type : DWORD Value : 1

    or Path : HKEY_CURRENT_USER/Software/Citrix/Receiver Name : SkipStoreCertificateRevocationCheck Type : DWORD Value : 1 [CVADHELP-21931]

  • The position of the window and size might not be persistent when you reconnect the desktop. This issue occurs when the desktop is in a window mode and using a non-primary monitor. [HDX-44997]
  • Desktop Viewer toolbar might cover the screen when the desktop is in normal resolution and DPI. [HDX-45206]
  • In a multi-session scenario, when you open a second session, the session might be hidden behind the first session. Also, the Citrix Workspace app icon for the second session might not be present on the taskbar. [RFWIN-29773]

2302

What’s new

Improved virtual apps and desktops reconnection experience

This release provides an enhanced user experience while reconnecting to virtual apps and desktops from which you got disconnected.

When Citrix Workspace app attempts to refresh the disconnected Citrix Workspace app or start new virtual apps or desktops as a part of the Workspace Control feature, the following prompt appears:

Restore session

This prompt appears only when the show reconnection prompt to reconnect sessions is set to true in the Global App Configuration service.

Click Restore to reconnect to open new and disconnected virtual apps and desktops. If you want to start only newly selected apps and desktops, click Cancel.

You can also select Remember my preference to apply the selected preference for the next login.

The preceding new Restore session? prompt appears only if:

  • the user tries to start an app belonging to a workspace store,
  • admin policies or app config settings are not configured for the Workspace Control feature,
  • Workspace Control Reconnect options are set to default on the client.

Note:

Reconnect settings in the Reconnect Options takes precedence over the preferences set in the dialog box. For more information, see the Configure reconnect options using Advanced Preferences dialog.

Client App Management for Zoom plug-in

You can now manage the Zoom plug-in using Client App Management capability.

For more information, see Client App Management for Zoom plug-in.

Support for modern authentication methods for StoreFront stores [Technical Preview]

Starting with this release, Citrix Workspace app for Windows support modern authentication methods for StoreFront stores. You can authenticate to Citrix StoreFront stores using any of the following ways:

  • Using Windows Hello and FIDO2 security keys. For more information, see Other ways to authenticate.
  • Single sign-on to Citrix StoreFront stores from Azure Active Directory (AAD) joined machines with AAD as the identity provider. For more information, see Other ways to authenticate.
  • Workspace administrators can configure and enforce Azure Active Directory conditional access policies for users authenticating to Citrix StoreFront stores. For more information, see Support for Conditional access with Azure AD.

To enable this feature, you must use Microsoft Edge WebView2 as the underlying browser for direct StoreFront and gateway authentication.

Note:

Ensure that the Microsoft Edge WebView2 Runtime version is 102 or later.

You can enable modern authentication methods for StoreFront stores using the GPO template. For more information, see the Support for modern authentication methods for StoreFront stores section.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

You can provide feedback on this feature via the Podio form.

Updated audio device selection behavior for optimized Microsoft Teams

Starting with this release, when you change the default audio devices in the sound settings on the endpoint, the optimized Microsoft Teams in the Citrix VDI changes the current audio devices selection to match the endpoint defaults.

However, if you make an explicit device selection in Microsoft Teams, your selection takes precedence and does not follow the endpoint defaults. Your selection is persistent until you clear the Microsoft Teams cache.

App Protection enhancement

Starting with this release, Citrix Workspace app for Windows allows you to configure App Protection for Authentication and Self-Service plug-in using the Global App Configuration. Previously, you were able to configure these components only using the Group Policy Object.

If you enable the anti-keylogging and the anti-screen capturing functionality using the Global App Configuration service, they are applicable to both Authentication and Self-Service plug-in.

Note:

The Global App Configuration service configurations don’t apply for virtual apps, virtual desktops, web apps, and SaaS apps. These resources continue to be controlled using the Delivery Controller and Citrix Secure Private Access. For more information, see the configure section in the App Protection documentation.

For more information, see the App Protection enhancement section.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 108.1.1.97, based on Chromium version 108. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Open all web and SaaS apps through the Citrix Enterprise Browser

In this release of the Enterprise Browser (in Citrix Workspace app for Windows), all internal web apps and external SaaS apps available in the Citrix Workspace app open in Citrix Enterprise Browser.

Option to start Citrix Enterprise Browser from within Citrix Workspace app

Previously, you can open the Citrix Enterprise Browser from the Citrix Workspace app after opening a web or SaaS app.

Starting with this release, you can open the Citrix Enterprise Browser from the Citrix Workspace app directly without requiring you to open a web or SaaS app. This feature provides easy access to the Citrix Enterprise Browser and doesn’t require any configurations from administrators. This feature is available by default.

Start Citrix Enterprise Browser from app

Note:

The end user must have entitlement to at least one web or SaaS app through Secure Private Access.

Fixed issues

  • Some SaaS apps which have enhanced security set to OFF fail to open in Citrix Enterprise Browser if Citrix Enterprise Browser is the default browser. [CTXBR-4106] [CTXBR-4405]
  • Attempts to start apps or desktops from custom web stores might fail when using Microsoft Edge WebView2 Runtime version 109 and later. [RFWIN-29200].
  • You might fail to add a hidden store to the Citrix Workspace app. This issue occurs when you try to add Citrix Gateway FQDN that requires smartcard authentication or when the StoreFront store name has spaces, for example, https://servername.company.com?Store Service. [CVADHELP-21516]
  • The inactivity timeout value might not expire if you exit from the Citrix Workspace app before reaching the set time-out value. As a result, you might later be able to start Citrix Workspace app without entering any credentials. [CVADHELP-20912]
  • You might fail to see the authentication pop-up page automatically after installing the Citrix Workspace app. [CVADHELP-20593]
  • On a multi-monitor setup, the application windows move to a different monitor whenever the user disconnects and reconnects to the session. [HDX-45043]
  • With certain older AMD GPU series, purple video content or flashing screens might be seen with Citrix Workspace app 2206 or newer. [HDX‑46264]
  • Unable to repair BCRClient.msi and the following error appears during the Citrix Workspace app installation:

    BCR error message

    [HDX-46964]

2212

What’s new

Note:

From this release onward, ensure that the Microsoft Edge WebView2 Runtime version is 102 or later. For more information, see System requirements and compatibility.

Client App Management

Citrix Workspace app 2212 for Windows now offers Client App Management capability that makes the Citrix Workspace app a single client app required on the end point to install and manage agents such as the Secure Access Agent and End Point Analysis (EPA) plug-in.

With this capability, administrators can easily deploy and manage required agents from a single management console.

For more information, see Client App Management.

Client App Management for Zoom plug-in [Technical Preview]

Starting from Citrix Workspace app 2212 for Windows, you can now manage the Zoom plug-in using the Client App Management capability.

For more information, see Client App Management.

You can record your feedback for this technical preview by using this Podio form.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Auto-update version control

Administrators can now manage the auto-update version for the devices in the organization.

Administrators can control the version by setting the version in the maximumAllowedVersion property in the Global App Config Service.

Example JSON file in Global App Config Service:


{
  "category": "AutoUpdate",
  "userOverride": false,
  "assignedTo": [
    "AllUsersNoAuthentication"
  ],
  "settings": [
    {
      "name": "Auto Update plugins settings",
      "value": [
        {
          "pluginSettings": {
            "upgradeToLatest": false,
            "deploymentMode": "InstallAndUpdate",
            "stream": "Current",
            "maximumAllowedVersion": "23.03.0.49",
            "minimumAllowedVersion": "0.0.0.0",
            "delayGroup": "Fast"
          },
          "pluginName": "WorkspaceApp",
          "pluginId": "1CDF566D-B2C7-47CA-802F-6283C862E1D6"
        }
      ]
    }
  ]
}

<!--NeedCopy-->

When the version is set, Citrix Workspace app on the user’s device is automatically updated to the version specified in the maximumAllowedVersion property.

Notes:

  • Currently all the parameters mentioned in the preceding JSON file are mandatory. You must provide values for the upgradeToLatest setting and the maximumAllowedVersion setting based on the requirement of your organization. However, for the remaining parameters, you can use values similar to the example JSON file.
  • To achieve auto-update version control, upgradeToLatest setting in the Global App Config Service must be set to false. If this setting is true, maximumAllowedVersion is ignored.
  • Do not modify the pluginId as this ID is mapped to Citrix Workspace app.
  • If the administrator hasn’t configured the version in the Global App Config Service, Citrix Workspace app is updated to the latest available version by default.

Force login prompt for Federated identity provider

Citrix Workspace app now honors the Federated Identity Provider Sessions setting. For more information, see Knowledge Center article CTX253779.

You no longer need to use the Store authentication tokens policy to force the login prompt.

Improved reconnection experience after connection lease file expiry

Previously, there was no notification to the end user when the connection lease file and authentication token expired.

Starting from this release, you are prompted with an error message and a consent dialog box. The consent dialog box appears only when you have resources running in the session. If there are no resources running, only an error dialog box appears. You are signed out without being prompted with the consent dialog box.

Reconnection failure

Reconnection Sign out

You can click Sign Out to sign out from the current Citrix Workspace app session or click Cancel to continue with the session.

Note:

Save your data before clicking Sign Out.

Enhancement to App Protection: Anti-DLL Injection [Technical Preview]

As part of App Protection, we now have a security enhancement that helps protect the Citrix Workspace app from certain unauthorized dynamic-link libraries (DLL) or untrusted modules. If such untrusted modules are injected, the Citrix Workspace app detects these interventions and stops the modules from loading.

Previously, this technical preview feature was applicable only for protected virtual apps and desktops. With this release, we have enhanced its scope to now include:

  • all virtual apps and desktop sessions
  • the Citrix Workspace app authentication window (on-premises deployment/StoreFront)

Additionally, this enhancement now:

  • exits the session immediately when certain untrusted or malicious DLLs exist on the protected component

    Launch Failure

  • displays a notification when an untrusted or malicious DLL is blocked.

    Alert

Disclaimer:

This capability works by filtering access to required functions of the underlying operating system (specific API calls required to load DLLs). Doing so means that it can provide protection even against certain custom and purpose-built hacker tools. However, as operating systems evolve, new ways of loading DLLs can emerge. While we continue to identify and address them, we cannot guarantee full protection in specific configurations and deployments.

You can register for this technical preview by using this Feedback form).

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Support for default installation of App Protection

App Protection component is now installed by default during the Citrix Workspace app installation.

The Enable app protection checkbox that appears during the installation is replaced with Start App Protection after installation.

App Protection Default Install

When you select this checkbox, App Protection starts immediately after the installation.

Note:

If you do not enable this checkbox, App Protection automatically starts upon the first start of a protected resource or component for customers who have entitled to App Protection.

You can also start the App Protection component using the /startappprotection command line parameter. However, the previous /includeappprotection switch is deprecated.

Note:

Previously, anti-screen capture and anti-keylogging capabilities were enforced by default for Citrix authentication and Citrix Workspace app screens. However, starting from 2212, these capabilities are disabled by default and need to be configured using the Group Policy Object. For information on the GPO configuration, see Enhancement to App Protection configuration.

App Protection enhancement: Screen capture detection and notification

Starting from this release, you can view a notification when a possible attempt of screen capture is made on any protected resources. For information on the resources protected by App Protection, see What does App Protection protect?.

The notification appears when there is an:

  • attempt to take a screenshot or record video through a screen-capturing tool.
  • attempt to take a screenshot through the Print Screen key.

Note:

The notification appears only once per running instance of the screen capture tool. The notification appears again if you relaunch the tool and attempt screen capture.

Desktop Viewer optimization

This release optimizes the Desktop Viewer experience by reducing the launch time by 5 seconds. The Desktop Viewer toolbar opens quickly and might display the default Windows session sign-in screen. Administrators can hide this experience by configuring the following registry to introduce some delay in milliseconds:

  • Location: HKEY_CURRENT_USER\SOFTWARE\Citrix\XenDesktop\DesktopViewer
  • Name: ExtendConnectScreenMS
  • Type: DWORD
  • Value: 00000000 (Delay in Milliseconds)

Note:

The registry configuration is optional.

Citrix Enterprise Browser

Note:

From Citrix Workspace app for Windows version 2210, the Open all web and SaaS apps through the Citrix Enterprise Browser feature is disabled.

This release includes Citrix Enterprise Browser version 107.1.1.13, based on Chromium version 107. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

  • Set Citrix Enterprise Browser as the work browser

    You can now configure Citrix Enterprise Browser as a work browser to open all work links. You can select an alternate browser to open non-work links.

    A work link is a link that is associated with the web or SaaS apps that are configured by the administrator for the end user. When a user clicks any link within a native application, if it’s a work link, it’s opened through the Enterprise Browser. If not, it’s opened through the alternate browser that the end-user selects.

    For more information, see Set Citrix Enterprise Browser as the work browser.

Fixed issues

  • Citrix Workspace app prompts you to select a certificate even when only one certificate exists. This issue occurs while authenticating to the Workspace (cloud) store. You can suppress this certificate prompt by adding the following registry:

    On 32-bit systems:

    • Location: HKEY_LOCAL_MACHINE\Software\Citrix\Dazzle or HKEY_CURRENT_USER\Software\Citrix\Dazzle
    • Name: SuppressCertSelectionPrompt
    • Type: String
    • Value: True

    On 64-bit systems

    • Location: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\Dazzle or HKEY_CURRENT_USER\Software\Citrix\Dazzle
    • Name: SuppressCertSelectionPrompt
    • Type: String
    • Value: True

    [CVADHELP-20844]

  • Attempts to access Citrix Workspace app for Windows might fail when the VPN disconnects or reconnects [CVADHELP-20376]
  • Unable to detect End Point Analysis (EPA) while authenticating to the store configured with EPA. This issue occurs when you update Citrix Workspace app from the previous version to 2210 or later. [CVADHELP-21387]
  • During an optimized Microsoft Teams call, the endpoint might go into Sleep state. [HDX-44438]
  • Citrix Analytics is unable to receive network-related metrics from end users. This issue occurs even when these prerequisites are met:
    • App or desktop sessions are in running state for more than 15 minutes using Citrix Workspace app.
    • Store or account used is CAS enabled.

    Note:

    Network-related CAS events are not sent for browser-based launch of apps or desktops. It is sent only when you open an app or desktop via web and from the same store that is added via the native Citrix Workspace app.

    [CVADHELP-21448]

  • When you open a published app in seamless mode, other local or seamless apps might appear in the foreground and cover the published app. [CVADHELP-20742, CVADHELP-21277]

2210.5

What’s new

This release addresses issues that help to improve overall performance, security, and stability.

Client App Management [Technical Preview]

Citrix Workspace app 2210.5 for Windows now offers Client App Management capability that makes the Citrix Workspace app a single client app required on the end point to install and manage agents such as the Secure Access Agent and End Point Analysis (EPA) plug-in.

With this capability, administrators can easily deploy and manage required agents from a single management console.

Client App Management includes the following steps:

  • Administrators must specify the agents required on end users’ devices in the Global App Configuration Service. With this technical preview, administrators can specify Secure Access Agent and Endpoint Analysis (EPA) agent.
  • Citrix Workspace app fetches the list of agents from Global App Configuration Service.
  • Based on the list fetched from the Global App Configuration service, Citrix Workspace app downloads the agent packages through the auto-update service. If the agent is not previously installed on the end point, Citrix Workspace app triggers the installation of the agent. If the agent is already installed, Citrix Workspace app triggers an update to the agent (if the version of the downloaded agent is higher than the installed version.)

Citrix Workspace app ensures to automatically update the agents whenever an update is available in the future.

Citrix Workspace app automatically signs in to the agents with the Citrix Workspace credentials.

The following diagram illustrates the workflow:

Client App Management

You can register for this technical preview by using the Podio form. Submit a request and we reach out to you with more details.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Enhancement to auto-update

Citrix Workspace app now supports auto-update when Proxy auto-configuration (PAC) and Web Proxy Auto-Discovery Protocol (WPAD) detection is enabled.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 105.2.1.40, based on Chromium version 105. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Fixed issues

This release addresses issues that help to improve overall performance, security, and stability.

2210

What’s new

Background blurring for webcam redirection

Citrix Workspace app for Windows now supports background blurring for webcam redirection. You can enable this feature by selecting the Preferences > Connections > Enable background blur checkbox.

App Protection enhancements for web and SaaS apps on Windows 11

This App Protection enhancement optimizes the experience and security capabilities for web and SaaS app users on Windows 11. This enhancement is available via the Citrix Enterprise Browser for Secure Private Access customers.

Limiting video resolutions

Administrators who have users on lower-performance client endpoints can choose to limit incoming or outgoing video resolutions to decrease the impact of encoding and decoding video on those endpoints. Starting from Citrix Workspace app 2010 for Windows, you can limit these resolutions using client configuration options.

Note:

Users running with restricted resolutions impact the overall video quality of the conference because the Microsoft Teams server will be forced to use the lowest-common-denominator resolution for all conference participants.

Call constraints are disabled by default on the client with Citrix Workspace app 2210. To enable, administrators must set the following client-side configurations in the HKEY_CURRENT_USER\SOFTWARE\Citrix\HDXMediaStream:

Name Type Mandatory Accepted Values
EnableSimulcast Int YES 1–3 (Set it to 1)
MaxOutgoingResolution Int YES 180,240,360,540,720,1080 (Microsoft Teams supported Resolutions)
MaxIncomingResolution Int YES 180,240,360,540,720,1080 (Microsoft Teams supported Resolutions)
MaxIncomingStreams Int YES 1–8
MaxSimulcastLayers Int YES 1–3 (set it to 1)
MaxVideoFrameRate Int NO 1–30
MaxScreenshareFrameRate Int NO 1–15

All keys are DWORDs.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 105.1.1.27, based on Chromium version 105. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Rebranding Citrix Workspace Browser

Citrix Workspace Browser is now Citrix Enterprise Browser. The custom scheme is now changed from citrixworkspace:// to citrixbrowser://.

Implementing this transition in our products and their documentation is an ongoing process. Your patience during this transition is appreciated.

  • The product UI, in-product content, and the images and instructions in the product documentation will be updated in the coming weeks.
  • It is possible that some items (such as commands and MSIs) might continue to retain their former names to prevent breaking existing customer scripts.
  • Related product documentation and other resources (such as videos and blog posts) that are linked from this product documentation might still contain former names.
Make Citrix Enterprise Browser the work browser [Technical Preview]

You can now configure Citrix Enterprise Browser to open all work or enterprise links and apps configured by your administrator in the Citrix Workspace app. This feature provides a way for you to open only work links or web and SaaS apps in the Citrix Enterprise Browser. You can select an alternate browser to open any other non-work links or apps.

Open all web and SaaS apps through the Citrix Enterprise Browser

From this release, all internal web apps and external SaaS apps available in the Citrix Workspace app open in Citrix Enterprise Browser.

Note:

From Citrix Workspace app for Windows version 2210, the Open all web and SaaS apps through the Citrix Enterprise Browser feature is disabled.

Support for browser extensions [Technical Preview]

You can add extensions that are provided by your administrator to the Citrix Enterprise Browser in a secure way. An administrator can deploy, manage, and control the extensions. End users can view and use the extension under citrixbrowser://extensions as required. For more settings, see Global App Configuration Service.

Note:

This feature is a request-only preview. To get it enabled in your environment, fill out the Podio form.

For information on how to configure, see the Citrix Enterprise Browser documentation.

Use Global App Config service to manage Citrix Enterprise Browser [Technical Preview]

The administrator can use the Global App Configuration service for Citrix Workspace to deliver Citrix Enterprise Browser settings through a centrally managed service.

The Global App Configuration service is designed for administrators to easily configure Citrix Workspace and manage the Citrix Workspace app settings. This feature allows admins to use the Global App Configuration Service to apply various settings or system policies to the Citrix Enterprise Browser on a particular store. The administrator can now configure and manage the following Citrix Enterprise Browser settings using the Global App Configuration service:

  • “Enable CWB for all apps” - Makes the Citrix Enterprise Browser the default browser for opening web and SaaS apps from the Citrix Workspace app.
  • “Enable save passwords” - Allow or deny end users the ability to save passwords.
  • “Enable incognito mode” - Enable or disable incognito mode.
  • “Managed Bookmarks” - Allow administrator to push bookmarks to the Citrix Enterprise Browser.
  • “Enable developer tools” - Enable or disable developer tools within the Enterprise Browser.
  • “Delete browsing data on exit” - Allow the administrator to configure what data the Citrix Enterprise Browser deletes on exit.
  • “Extension Install Force list” - Allow the administrator to install extensions in the Citrix Enterprise Browser.
  • “Extension Install Allow list” - Allow the administrator to configure an allowed list of extensions that users can add to the Citrix Enterprise Browser. This list uses the Chrome Web Store.

Notes:

  • This feature is a request-only preview. To get it enabled in your environment, fill out the Podio form.
  • Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It’s advised that Beta builds aren’t deployed in production environments.
  • The name and value pair are case-sensitive.
  • All the browser settings in Global App Configuration Service are under the following category:

{
    "category": "browser",
    "userOverride": false,
    "assignedTo": [
    "AllUsersNoAuthentication"
    ]
}

<!--NeedCopy-->

Technical Preview

  • Local App Protection

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues

  • The High DPI menu under Advanced Preferences is reintroduced.
    • The default new value is No, use the native resolution, also known as DPI matching.

      When you select this option, Citrix Workspace app attempts to match display resolution and DPI scale settings of the local Windows client to the HDX session automatically. DPI matching is recommended in all cases, especially when high-resolution monitors (above 1920x1080) are in use.

    • The Yes option, also known as Client-side scaling or compatibility mode is only recommended for legacy applications that are not DPI-aware and should only be used in special circumstances. This option might introduce some side effects while displaying the legacy apps, like blurry text because of the upscaling or stretching of the HDX session.

      It is also a viable option when two monitors with different DPI settings (or mixed DPI) are connected to the local Windows client.

      Note:

      This option is not compatible with HDX optimization for Microsoft Teams.

    • With the third option Let the operating system scale the resolution also known as DPI unaware, Citrix Workspace app for Windows ignores the DPI scale settings on the local Windows client. In this mode, Windows OS need to manage scaling of Citrix Workspace app and the HDX session, same as for any other application that is not DPI-aware. This mode is not recommended for use with DPI scales over 100%.

    [HDX-43720]

  • When you add a disabled store via GPO and a different store from the same StoreFront server via GUI, a loading screen might appear and adding an account might fail. [CVADHELP-20776]
  • When you add two stores from the same StoreFront server via GPO, configuring the second store might fail intermittently. [CVADHELP-20655]
  • Citrix Workspace app tries to connect to the Global App Config server even when the Global App Config Service policy is disabled via GPO. [CVADHELP-20775]
  • When using Citrix Workspace app for Windows 2106 or later, the Outbound ICA Proxy feature might not work. [CVADHELP-20824]
  • For domain users, the receiver.exe process might fail unexpectedly. You might see this issue on the Citrix Workspace app for Windows 2206 or later. [CVADHELP-20986]
  • In the optimized Microsoft Teams video meeting, call joined with video ON, you might observe a call drop. This issue occurs sporadically and when the HdxRtcEngine.exe process fails on the client side. [CVADHELP-21095]

2209

What’s new

Auto-update version control [Technical Preview]

Administrators can now manage the auto-update version for the devices in the organization.

Administrators can control the version by setting the range in the maximumAllowedVersion and minimumAllowedVersion properties in the Global App Config Service.

Example JSON file in Global App Config Service:


{
  "category": "AutoUpdate",
  "userOverride": false,
  "assignedTo": [
    "AllUsersNoAuthentication"
  ],
  "settings": [
    {
      "name": "Auto Update plugins settings",
      "value": [
        {
          "pluginSettings": {
            "upgradeToLatest": false,
            "deploymentMode": "InstallAndUpdate",
            "stream": "Current",
            "maximumAllowedVersion": "23.03.0.49",
            "minimumAllowedVersion": "0.0.0.0",
            "delayGroup": "Fast"
          },
          "pluginName": "WorkspaceApp",
          "pluginId": "1CDF566D-B2C7-47CA-802F-6283C862E1D6"
        }
      ]
    }
  ]
}

<!--NeedCopy-->

When the range is set, Citrix Workspace app on the user’s device is automatically updated to the highest available version that falls between the mentioned range.

If you want to auto-update Citrix Workspace app to a specific version, enter the same version in the maximumAllowedVersion and minimumAllowedVersion properties in the Global App Config Service.

Note:

  • Currently all the parameters mentioned in the preceding JSON file are mandatory. You must provide values for the upgradeToLatest setting and the maximumAllowedVersion setting based on the requirement of your organization. However, for the remaining parameters, you can use values similar to the example JSON file.
  • To achieve auto-update version control, the upgradeToLatest setting in the Global App Config Service must be set to false. If this setting is set to true, maximumAllowedVersion and minimumAllowedVersion will be ignored.
  • Do not modify the pluginId as this ID is mapped to Citrix Workspace app.
  • If the administrator hasn’t configured the version in the Global App Config Service, Citrix Workspace app is updated to the latest available version by default.

To enable this feature:

  1. Launch the registry editor.
  2. Navigate to the Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\Dazzle registry path.
  3. Create a registry value with the following attributes:

    • Registry key name: Test-EnableAUVersionControl
    • Type: DWORD
    • Value: 0 is disabled and greater than 0 is enabled
  4. Restart the Citrix Workspace app for the changes to take effect.

You can provide feedback on this feature via the Podio form.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Upgraded version of WebRTC for the optimized Microsoft Teams

The version of WebRTC that is used for the optimized Microsoft Teams is upgraded to version M98.

Supporting auto-update of Citrix Workspace app on VDA

You can now enable the auto-update feature on VDA by creating the following registry value:

On a 32-bit machine:

  • Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\AutoUpdate
  • Registry Value: AllowAutoUpdateOnVDA
  • Registry Type: REG_SZ
  • Registry Data: True

On a 64-bit machine:

  • Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\AutoUpdate
  • Registry Value: AllowAutoUpdateOnVDA
  • Registry Type: REG_SZ
  • Registry Data: True

Improved virtual apps and desktops launch experience [Technical Preview]

Previously, the launch progress dialog box wasn’t intuitive to the users. It made the users assume that the launch process isn’t responding and they closed the dialog box, as the notification messages were static.

Citrix Virtual Apps and Desktops Launch

The improved app and desktop launch experience is more informative, modern, and provides a user-friendly experience on Citrix Workspace app for Windows. This feature helps to keep the users engaged with timely and relevant information about the launch status. The notification appears in the bottom-right corner of your screen.

Citrix Virtual Apps and Desktops Launch New

This feature is also supported on Workspace for Web. Users can view meaningful notifications about the launch progress, instead of just a spinner. If a launch is in progress and the user attempts to close the browser, a warning message is shown.

Citrix Virtual Apps and Desktops Launch Web

You can enable this feature using the registry.

  1. Open the registry editor.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\Dazzle.
  3. Create and add a registry string with the name as NewLaunchExpSupport and set its value as True.
  4. Restart Citrix Workspace app for the changes to take effect.

Note:

This feature is applicable to Workspace (cloud) sessions only.

Known issues:

  • On a multi-monitor setup, the application windows in a desktop session of the Citrix Workspace app move to a different monitor. This issue occurs when you disconnect and reconnect a session.
  • This feature is not supported for browser-based launch.

You can provide feedback on this feature via the Podio form.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Citrix Enterprise Browser (formerly Citrix Workspace Browser)

This release includes Citrix Enterprise Browser version 103.2.1.10, based on Chromium version 103. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

  • Citrix Enterprise Browser Profiles

    Profiles help you keep personal information such as history, bookmarks, passwords, and other settings separate for each of your Citrix Workspace accounts. Based on your Workspace store, a profile is created, allowing you to have a unique and personalized browsing experience.

    Note:

    After you upgrade to version 103.2.1.10 and sign in to the device for the first time, only your previously saved passwords are removed. When you sign in to the device using a different store for the first time, all your previously saved data is lost.

Technical Preview

  • Quick Launch of Disconnected Desktops

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues

  • With this fix, a sign-in page appears when you sign out from Citrix Workspace app for Windows, specific to on-premises stores.

    To enable the fix, set the following registry values:

    On 32-bit systems:

    • HKEY_LOCAL_MACHINE/Software/Citrix/Dazzle
    • Name: ShowSignInPageOnLogOff
    • Type: REG_SZ
    • Value: True

    On 64-bit systems:

    • HKEY_LOCAL_MACHINE/Software/Wow6432Node/Citrix/Dazzle
    • Name: ShowSignInPageOnLogOff
    • Type: REG_SZ
    • Value: True

    [CVADHELP-19967]

  • The Applocker rule in Group Policy Object blocks the integration of the Citrix Gateway plug-in with Citrix Workspace. As a result, several temporary files of the format VPNXXXX.tmp are created in the temp folder. The files are created even when the registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Secure Access Client has DisableIconHide value. [CVADHELP-19709]

  • When you start a published app through a PNAgent site, Citrix Workspace app for Windows displays the following message:

    A fatal error occurred.

    [RFWIN-28208]

  • Citrix Workspace app might not be responsive after the launch. {CVADHELP-20317]

2207

What’s new

Background blurring and effects for Microsoft Teams optimization with HDX

Citrix Workspace app for Windows now supports background blurring and effects in Microsoft Teams optimization with HDX.

You can either blur or replace the background with a custom image and avoid unexpected distractions by helping the conversation stay focused on the silhouette (body and face). The feature can be used with either P2P or conference calls.

Note:

This feature is now integrated with the Microsoft Teams UI/buttons. MultiWindow support is a prerequisite that requires a VDA update to 2112 or higher. For more information, see Multi-window meetings and chat.

Limitations:

  • Admin and user-defined background replacement isn’t supported.
  • The background effect doesn’t persist between sessions. When you close and relaunch Microsoft Teams or VDA is reconnected, the background effect is reset to off.
  • After the ICA session is reconnected, the effect is off. However, the Microsoft Teams UI shows that the previous effect is still On by a tick mark. Citrix and Microsoft are working together to resolve this issue.
  • The device must be connected to the internet while replacing the background image.

Note:

This feature is available only after the future update roll-out from Microsoft Teams. When the update is rolled-out by Microsoft, you can check Knowledge Center articleCTX253754 and the Microsoft 365 Public roadmap for the documentation update and the announcement.

Background blurring for webcam redirection [Technical Preview]

Citrix Workspace app for Windows now supports background blurring for webcam redirection. You can enable this feature using the registry:

  • Location HKEY_CURRENT_USER\Software\Citrix\HdxRealTime.
  • Name: EnableBackgroundEffectFilter.
  • Type: DWORD.
  • Value: 0 is disabled. Any other value is enabled. If the value doesn’t exist or is 0, all background blur settings are ignored, and the Preferences > Connections > Enable background blur checkbox that handles the blur effect is disabled.

Recommendation:

Close the webcam application on VDA before closing the ICA session.

You can provide feedback on this feature via the Podio form.

Improved auto-update experience

The auto-update feature automatically updates the Citrix Workspace app to the latest version without the need for any user intervention.

Citrix Workspace app periodically checks and downloads the latest available version of the app. Citrix Workspace app determines the best time to install based on user activity not to cause any disruptions.

When the installation is complete, the following notification appears:

Silent auto-update success

If the Citrix Workspace app can’t find the right time to install the updates in the background, a notification prompt appears.

Enhancement to auto-update [Technical Preview]

Citrix Workspace app now supports auto-update when Proxy auto-configuration (PAC) and Web Proxy Auto-Discovery Protocol (WPAD) detection is enabled.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It’s advised that Beta builds aren’t deployed in production environments.

You can provide feedback on this feature via the Podio form.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 102.1.1.14, based on Chromium version 102.

  • Open all web and SaaS apps through the Citrix Enterprise Browser [Technical Preview]

    From this release, all internal web apps and external SaaS apps available in the Citrix Workspace app, open in the Citrix Enterprise Browser. You can register for this technical preview by using the Podio form.

    Note:

    Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It’s advised that Beta builds aren’t deployed in production environments.

Note on Citrix Workspace app update

While updating Citrix Workspace app for Windows from the previous version to 2207, user is prompted to sign in. The sign-in is prompted only for the workspace store.

Fixed issues

Session/Connection

  • Optimized Microsoft Teams might not select a new default audio device connected to the endpoint. [CVADHELP-20528]

    Note:

    This fix is available only after the future update roll-out from Microsoft Teams.

  • Configuring stores with geo DNS URL via Group Policy Object or command line might fail if you have set AllowAddStore=N during the Citrix Workspace app installation. [CVADPHELP-19853]
  • Citrix Authentication Manager (AuthManSvr.exe) might exit unexpectedly during logon. [CVADHELP-18901]

User Interface

  • When you’re using custom web stores, links in the Citrix Workspace app opens in the system browser. [RFWIN-27855]

2206

What’s new

Background blurring and effects for Microsoft Teams optimization with HDX [Technical Preview]

In Citrix Workspace app 2206 for Windows, Citrix is introducing a technical preview for background blurring and effects in Microsoft Teams optimization with HDX.

Now, you can either blur or replace the background with a custom image and avoid unexpected distractions by helping the conversation stay focused on the silhouette (body and face). The feature can be used with either P2P or conference calls.

Note:

  • In this technical preview, the feature can only be controlled via the registry keys and it isn’t integrated with the Microsoft Teams UI/buttons.
  • The new background persists in all Microsoft Teams meetings and calls until you change it again via a registry key. For the change to take effect, you must only restart Microsoft Teams. This limitation is removed once the feature is GA, and for that it requires Multi-window support (VDA 2112 or higher). To activate or deactivate background blurring and effects, administrators or users must configure the following registry key on the client/endpoint:

Location: HKEY_CURRENT_USER\SOFTWARE\Citrix\HDXMediaStream

  • Name: VideoBackgroundEffect
  • Type: DWORD
  • Value: 0 (disabled), 1 (enabled), 2 (background image replacement, which requires the VideoBackgroundImage key to be present as well)

The following key is required only if you want to replace the background image and not for blurring:

  • Name: VideoBackgroundImage
  • Type: REG_SZ
  • Value: my_image_name.jpeg

Note:

The file name, for example, my_image_name.jpg (or the name you provide for the file) must be placed in the user’s device, Citrix Workspace app install directory, C:\Program Files (x86)\Citrix\ICA Client.

Improved graphics performance

Citrix Workspace app 2206 introduces significant performance improvements for Intel integrated GPUs:

  • Graphics GPU consumption has been reduced, improving overall performance.

The following issues are fixed:

  • Low frames per second after playing a video on the Intel 10th Generation GPU or higher.
  • Brightness difference in Build-To-Lossless or for Actively Changing Regions on Intel and AMD GPUs.

Enhancement to App Protection: Anti-code Injection [Technical Preview]

Citrix Workspace app now ensures that no unauthorized dynamic-link libraries (DLL) or untrusted modules get access to the session.

If any untrusted module gets injected during a session, the Citrix Workspace app detects such intervention and stops the module from loading.

Also, if any untrusted or malicious DLL is detected before the session launch, App Protection blocks the session launch and displays an error message. Closing the error message exits the virtual app and desktop session.

You can register for this technical preview by using this Feedback form.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

App Protection enhancements for web and SaaS apps on Windows 11 [Technical Preview]

This App Protection enhancement optimizes the experience and security capabilities for web and SaaS app users on Windows 11. This enhancement is available via the Citrix Enterprise Browser for Secure Private Access customers. You can register for the Technical Preview via the Feedback form. For more information, see App Protection documentation.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Improved auto-update experience [Technical Preview]

The auto-update feature automatically updates the Citrix Workspace app to the latest version without the need for any user intervention.

Citrix Workspace app periodically checks and downloads the latest available version of the app. Citrix Workspace app determines the best time to install based on user activity to not cause any disruptions.

When the installation is complete, the following notification appears:

Silent auto-update success

If the Citrix Workspace app can’t find the right time to install the updates in the background, a notification prompt appears.

You can register for the Technical Preview via the Podio form.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Enabling DPI matching

Starting with Citrix Workspace app 2206 for Windows, DPI matching is enabled by default. This means Citrix Workspace app attempts to match display resolution and DPI scale settings of the local Windows client to the Citrix session automatically. As part of this change, the High DPI option available under Advance Preferences in Citrix Workspace app is no longer available.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 101.1.1.12, based on Chromium version 101. For features or bugs fixes in the Citrix Enterprise Browser, see What’s new in the Citrix Enterprise Browser documentation.

Fixed issues

Install, Uninstall, Upgrade

  • Citrix Workspace Updater service might fail to start resulting in installation failure. This issue occurs when the client is not connected to the internet. [CVADHELP-19613]

Session/Connection

  • When using Citrix Workspace app 2204.1 or later, the session might disconnect. This issue occurs if there’s a restriction to run unsigned binaries, for example, wfica.ocx. [CVADHELP-20053]
  • When you start Citrix Workspace app for the first time after adding the store URL, the following error message appears:

    “Your Citrix Workspace app encountered an error while initializing Microsoft Edge WebView2. Restart your app.”

    This issue occurs when you add the store URL through the GPO or command line and includes ‘/’ after discovery, for example, https://sales.example.com/Citrix/Store/discovery/;On;Store.

    [CVADHELP-20214]

  • On Citrix Workspace app for Windows, when you add store URLs using Group Policy Object, the following error message might appear: “Cannot connect to server.”

    This issue occurs if one of the stores is disabled and isn’t reachable. [CVADHELP-19751]

  • When you update the Citrix Workspace app from version 2006 or earlier, the gateway and beacon configurations of the existing stores might get deleted and the same configurations are added again even when the store configurations aren’t changed in the Group Policy Object. [CVADHELP-19839]

  • Attempts to launch applications or desktops from a tablet using Citrix Workspace app might fail. The issue occurs when the client IP address can’t be retrieved. [CVADHELP-19703]
  • While sharing the screen or app during the Microsoft Teams call, your peers might see visual artifacts. This issue occurs because of unstable frame rates, such as incorrect video playback (frozen or transient black frames). This release includes improved frame rates or sampling rates that help to reduce visual artifacts. [HDX-38032]

User Interface

  • The Desktop Viewer toolbar might not be visible when you open the virtual desktop from custom portal stores. [CVADHELP-20253]
  • When using Citrix Workspace app for Windows with Browser Content Redirection, resizing the browser window continues even when you release the mouse button. [HDX-38024]
  • Battery status notification and automatic keyboard pop-up dialog might not appear during the session when the Automatic keyboard display policy is enabled on the DDC. [HDX-39558]
  • When you plug-in aa USB device or access files, Citrix Workspace app might show legacy Citrix Workspace - Security Warning dialog. [LCM-10369]

Service Continuity

  • Citrix Workspace app launch might fail due to missing lease files resulting in 3002 error. This release includes the improvement where lease sync completes only when the client syncs all the lease files present on the server. [RFWIN-26540]

2205

What’s new

Note:

From this release onward, ensure that the Microsoft Edge WebView2 Runtime version is 99 or later. For more information, see System requirements and compatibility.

Change to Citrix Casting

Previously, Citrix Casting was enabled by default during the Citrix Workspace app installation. Starting from this release, Citrix Casting is enabled only if you run Citrix Workspace app installer with the /IncludeCitrixCasting command during installation. When you update Citrix Workspace app, the Citrix Casting gets updated automatically. For more information on Citrix Casting, see Citrix Casting.

Quick access to resources

Starting from this release, you can get quick access to your recently used apps and desktops. Right-click on the Citrix Workspace app icon in the taskbar to view and open the recently used resources from the pop-up menu.

Quick access to resources

Sign out custom web store upon Citrix Workspace app exit

When the signoutCustomWebstoreOnExit attribute is set to True, closing the Citrix Workspace app signs you out of custom webstores. You can configure the signoutCustomWebstoreOnExit attribute in Global App Configuration Service.

For more information, see Global App Configuration Service documentation.

Support to open Citrix Workspace app in maximized mode

Starting from this release, you can choose to open the Citrix Workspace app in maximized mode. Instead of maximizing the Citrix Workspace app manually every time, you can set the maximise workspace window property in the Global App Configuration Service to enable the Citrix Workspace app to open in the maximized mode by default.

For more information about the Global App Configuration Service, see Getting Started.

Storebrowse support for Workspace

Citrix Workspace app for Windows now provides Storebrowse support to self-service that enables Storebrowse users to access Cloud and Workspace features.

Note:

For more information, see Storebrowse for Workspace.

Citrix Enterprise Browser

  • This release includes Citrix Enterprise Browser version 99.1.1.8, based on Chromium version 99. For features or bugs fixes in the Citrix Enterprise Browser, see What’s new in the Citrix Enterprise Browser documentation.

  • Citrix Workspace app now alerts you about closing active browser windows, when you do any of the following in the Citrix Workspace app:

    • Sign out from a store
    • Switch to a different store
    • Add a new store
    • Delete the current store

Fixed issues

User interface

  • In Citrix Workspace app for Windows, non-admin users might not be able to disable the Data Collection setting through the Advanced Preferences dialog. [RFWIN-26795]

Session/Connection

  • When you restart Microsoft Teams, the existing HdxRtcEngine.exe process might not close and might start a new process. [HDX-40006]

  • During a peer-to-peer call with Microsoft Teams HDX optimization, app window sharing might fail to stop after a high number of start/stop sharing repetitions, and you might not be able to share desktop screen or app window, call, or receive an incoming call until you restart Citrix Workspace app. [HDX-39549]

  • During Give Control session with Microsoft Teams HDX optimization, the remote cursor is drawn slightly offset from its actual position. [HDX-36376]

  • When you access a VDA for the first-time using Citrix Workspace app for Windows version 2112 or later, the following security message might appear:

    An Online Application is attempting to access information on a device attached to your computer HDX File Access.

    In previous versions, this message was present only during the first access to each published resource in a Delivery Group and not every VDA.

    [CVADHELP-19636]

Install, Uninstall, Upgrade

  • When you upgrade Citrix Workspace app for Windows, the following extra registry key might be created:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WOW6432Node\Citrix

    The issue occurs when the auto-update command-line policy is configured.

    The TransparentKeyPassthrough registry value in HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard isn’t preserved on a 32-bit machine.

    [CVADHELP-19625]

2204.1

What’s new

Audio redirection enhancement

Improved audio echo cancellation support for all audio codecs including Adaptive audio and all legacy audio codecs.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 98.1.2.20, based on Chromium version 98. For features or bugs fixes in the Citrix Enterprise Browser, see What’s new in the Citrix Enterprise browser documentation.

Microsoft Teams optimization

  • App Protection and Microsoft Teams enhancement: Microsoft Teams supports incoming video and screen sharing when Citrix Workspace app for Windows with App Protection enabled is on Desktop Viewer mode only. Published apps in seamless mode don’t render incoming video and screen sharing.

Technical Preview

  • Support for an enhanced single sign-on (SSO) experience for web and SaaS apps

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues

Session/Connection

  • Citrix ADC appliance might crash when certain conditions are triggered from Citrix Workspace app for Windows. [HDX-39683]

  • In Citrix Workspace app, you might experience intermittent failures when answering or making a Microsoft Teams call. The following error message appears:

Call could not be established.

[HDX-38819]

  • When you try to redirect to the preferred webcam as set in the Citrix Workspace app for Windows, the setting might not be executed as configured.

    With this fix, the preferred webcam is the only available webcam in the user session. This fix provides better control when multiple webcams are available in the user session.

    [HDX-38214]

  • If Citrix Workspace app is configured to show apps in Desktop and Start menu shortcut folder, then launching apps and desktop session from the Desktop or Start menu post Citrix Workspace app exit might result in failure. [RFWIN-26508]

  • Attempts to add the Citrix Gateway URL might fail intermittently with the following error message:

    Authentication Service cannot be contacted.

    [CVADHELP-19415]

  • With this fix, you can set TWITaskbarGroupingMode to GroupNone either in HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE. The TWITaskbarGroupingMode key is available under, for example, HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows. [CVADHELP-19106]

Install, Uninstall, Upgrade

  • When customers use the app personalization service, the Workspace installer might hang while validating the certificate. [RFWIN-21122]

2202

What’s new

Storebrowse support for Workspace [Technical Preview]

Starting from this release, Citrix Workspace app for Windows provides Storebrowse support to Self-Service. This enables Storebrowse users to access Cloud and Workspace features.

Note:

For more information, see Storebrowse for Workspace.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised not to deploy Beta builds in production environments.

Citrix Enterprise Browser

For features or bugs fixes in the Citrix Enterprise browser, see What’s new in the Citrix Enterprise browser documentation.

Note:

The system requirements for Citrix Workspace 2202 for Windows have changed as follows:

  • Minimum .NET version required is 4.8.
  • Minimum VCRedist version required is 14.30.30704.0.

Fixed issues

Install, Uninstall, Upgrade

  • When you upgrade Citrix Workspace app for Windows from Version CU4 to CU5 without installing self-service, the following prompt might appear:

    Upgrading from Unsupported Version

    Citrix Workspace will automatically uninstall your old version and delete all your settings, which you can restore later. Otherwise you will have to delete everything manually. Click OK to continue.

[CVADHELP-18790]

  • Attempt to refresh or launch an app results in the cannot contact store error message. This issue happens when the retrieval of shortcut description for specific subscribed apps fails.

Your apps are not available at this time. Please try again in a few minutes or contact your help desk with this information: cannot contact store.

[CVADHELP-18736]

Session/Connection

  • The Print Screen key might not capture screenshots when Citrix Workspace app for Windows with App Protection enabled starts in the background. [RFWIN-25835]
  • Starting a published application through a PNAgent site on StoreFront using Citrix Workspace app for Windows might fail with the following error message:

    Cannot start app. Please contact your help desk.

[CVADHELP-19209]

  • Launching sessions from Delivery Groups with an access policy rule specifying the client IP address might fail if the client has multiple NICs.

    Rule: Set-BrokerAccessPolicyRule -Name <rulename> -includedClientIPs <Client ip address>

[CVADHELP-18783]

  • Shortcuts for published applications through Citrix Workspace app cannot be created without appropriate permissions. As a result, the icons might be downloaded in the user profile at every refresh, increasing the cache size on the endpoints and the CPU consumption in the StoreFront side. [CVADHELP-18609]
  • After you configure a store through Group Policy Object or the command, refreshing the self-service UI opened from the notification area or the Start menu might fail. A Cannot contact server message appears. [CVADHELP-19242]
  • Virtual Desktop prompts you to enter credentials although domain pass-through is configured. This issue occurs when you launch a virtual desktop from the Citrix Workspace app. [RFWIN-26111]
  • In Citrix Workspace app 2112.1, you might experience high CPU utilization on endpoint when webcam is turned on in an optimized Microsoft Teams video call. [HDX-37168]

Known issues

Known issues in 2405.10

  • When Browser Content Redirection (BCR) is enabled, the drop-down menus might fail to render in the browser when the Citrix desktop session is in full-screen mode. As a workaround, use the Citrix desktop session in Windowed mode. [CVADHELP-18385]

Known issues in 2405

  • When Citrix Workspace app uses Fast Connect 3 Credential Insertion API for authentication, you might notice that the CtxCredApi.dll, which is used to inject credentials in SSON server, is present only for x64 systems. As a result, you might not be able to use the CtxCredApi.dll when running on x86 apps. As a workaround, use x64 apps to access the CtxCredApi.dll. [RFWIN-35818]

  • You might fail to customize Citrix Workspace app using App Personalization service. This issue occurs in Citrix Workspace app version 2405 or later. [RFWIN-36015]

  • You might notice that the error messages for the failed sessions in Citrix Workspace app are not displayed correctly. The following text artifacts are observed:

    • Instead of the reason for error %s is displayed
    • Error number is displayed twice

    You can see the additional details on the error message by searching the transaction ID in Citrix Director (for on-premises sites) or in Citrix Monitor (for cloud sites) console to troubleshoot the issue. [HDX-67197]

  • When a new user starts the virtual desktop for the first time, the session window appears small. Also, the window is placed in the upper left of the screen. The issue is observed on certain display devices with high DPI, such as the Microsoft Surface Pro. As a workaround, resize the window manually. The preferred dimensions are retained, and subsequent starts of the same desktop display correctly. [HDX-62297]

Known issue in 2403.1

  • In a double-hop scenario, the ALT +TAB key might not work on macOS clients. [CVADHELP-23085]
  • If a full screen HDX session is on focus, and endpoint is locked using Ctrl+Alt+Del, users might be unable to type anything after unlocking. [CVADHELP-24512]
  • H265 444 on Intel might result in artifacts being visible in the session. As a workaround, resize the session or toggle full-screen mode. [HDX-60061]

Known issues in 2403

  • If you have Real-Time Media Engine (RTME) older than 2.9.700 version installed on the end point device, you might fail to open published apps or desktops. This issue occurs on Citrix Workspace app for Windows 2403 and on Citrix Workspace app for Windows 2402 LTSR versions. As a workaround, you can do one of the following:

    • If you use Skype for business with the RTME plug-in, upgrade RTME to 2.9.700 version or later.
    • If you do not use Skype for business, uninstall HDX Real time pack using the uninstall wizard (add or remove programs) on Windows.
    • If you are using Citrix Workspace app for Windows version 2403, upgrade to the 2403.1 version.

    For more information, see Knowledge Center article CTX666291. [HDX-63684]

  • If the end user machine has multiple versions of .Net installed, and .Net is upgraded for the version which is not in use by the Citrix Workspace app, the app restarts. [RFWIN-32377]

  • When you’re using a virtual desktop session, the Ctrl+Alt+Break keyboard shortcut doesn’t work as expected. This keyboard shortcut is used to access the menu options of the Desktop Viewer toolbar and to toggle between the windowed and the full-screen modes. [RFWIN-31815]

  • BCR MSI standalone is currently not supported with non-admin install. [HDX-62636]

  • When a new user starts the virtual desktop for the first time, the session window appears small. Also, the window is placed in the upper left of the screen.

    The issue is observed on certain display devices with high DPI, such as Microsoft Surface Pro.

    As a workaround, resize the window manually. The preferred dimensions are retained, and when you start the same desktop, it displays correctly. [HDX-62297]

Known issues in 2311.1

  • When the name of the audio device is more than 200 characters, the device might fail to redirect to the virtual session. [HDX-58341]
  • The Windows Surface touchpad and soft keyboard might not be supported on the Citrix Workspace app sign in screen. This issue occurs when you sign in to a session that is published from Windows VDA in full-screen mode. As as a workaround, open the session in window mode and then sign in to the Citrix Workspace app. [RFWIN-32050]
  • Attempts to exit Citrix Workspace app might fail if you have any apps or desktops sessions that are still open. The workaround is to disconnect from all open desktops and apps using the Desktop Viewer toolbar or the connection center before exiting Citrix Workspace app. [HDX-59129]
  • You might notice that there is no automatic focus inside the virtual desktop that is opened in full-screen mode. You must click inside the session to regain focus. [RFWIN-32051]
  • You might notice visual artifacts when attempting to split the screen or adjust the primary monitor within the Monitor Layout tab on the Preferences screen. [HDX-59798]
  • Sometimes, USB composite devices might not be split automatically even though a correct device redirection rule is set to split the device. This issue occurs because the device is in low power mode. In these instances, the child device that enters low power mode might not be present in the device list. You can use the following workarounds to overcome this issue:

    • Disconnect the session, insert the USB device, and reconnect to the session. Or,

    • Unplug the USB device and plug it back in. This action results in the device moving out of low power mode. [HDX-34143]

Known issues in 2309

  • You might fail to start sessions if the ICA file or the folder where the ICA file is downloaded is named with Unicode or non-English characters. This issue occurs only when you access and authenticate a store using a browser and then start any app or desktop using native Citrix Workspace app. To mitigate this issue, we recommend that you continue on the Citrix Workspace app for Windows for 2307.1 version until a new version is released. [HDX-55649]
  • You might not be able to the sign in to Citrix Workspace app using single sign-on or might not see the authentication prompt in cloud stores. This issue occurs when the account is configured through the GPO or command line for the first time and when the self-service mode is set to false and the Silent authentication to Citrix Workspace policy is enabled. [CVADHELP-22641]
  • A jittery movement might be observed in the mouse cursor on Citrix Workspace app when the Use relative mouse setting is enabled. [CVADHELP-21829]
  • In certain scenarios, when Citrix Workspace app fails to start apps or desktops, you might get two error messages, where one message appears in a dialog box and the other is a toast notification. [RFWIN-31561]
  • Installation of Citrix Workspace app for Windows version 2309 using the command line might fail if you’ve included a space character in the store name for the STORE0 parameter. As a workaround, use the store name without spaces while installation as shown in the following example:

     CitrixWorkspaceApp.exe STORE0=“AppStore;https://sales.example.com/Citrix/Store/discovery;on;HR AppStore” 
     <!--NeedCopy-->
    

    [RFWIN-31704]

Known issues in 2305.1

  • You might be prompted to enter proxy credentials each time when you start Citrix Workspace app. [RFWIN-26399]
  • When you switch from external monitors to a single monitor (for example laptop), the size of Citrix Workspace app menu options, UI text, and dialog boxes might appear smaller than the normal display size. [HDX-47575]
  • You might notice a gray screen for a few seconds before the sessions are opened successfully. This issue occurs for cloud stores. It also occurs for on-premises stores when the improved virtual apps desktops launch experience for StoreFront feature, which is in technical preview, is enabled. [RFWIN-30327]
  • When connecting through Citrix Gateway, if there is high latency, sessions might fail to connect using EDT and fallback to TCP. If HDX Adaptive Transport policy is set to Diagnostic mode, the sessions might fail to start. [HDX-49878]

Known issues in 2303

  • The Citrix Workspace app might stop responding if you have any mouse interaction (mouse action or movements) on the Restore session dialog box. This issue occurs when you start a session after upgrading from the Citrix Workspace app version 2302–2303 and if there are disconnected sessions previously. [RFWIN-29663]

Known issues in 2302

  • You might not be able to use the Bloomberg Terminal application with the Bloomberg Keyboard 5 or Bloomberg Keyboard 2013. This issue occurs when Citrix Workspace app version 2302 is installed on your system with the App Protection feature enabled. As a workaround, upgrade to Citrix Workspace app version 2303 or create the following registry key and reboot the machine:

    • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epusbfilter
    • Value: [DWORD]
    • DisableUSBFiltering= 1

    [CVADHELP-22221]

Known issues in 2212

  • When the BCRClient.msi cannot be repaired, the following error appears during the Citrix Workspace app installation:

    BCR Error

    [HDX-46964]

  • Some SaaS apps which have enhanced security OFF fail to open in Citrix Enterprise Browser if Citrix Enterprise Browser is the default browser. [CTXBR-4106]

Known issues in 2210.5

  • When you open a published app in seamless mode, other local or seamless apps might appear in the foreground and cover the published app. [CVADHELP-20742]
  • With certain older AMD GPU series, purple video content or flashing screens might be seen with Citrix Workspace app 2206 or newer. As a workaround, modify the following registry:

    • Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\GfxRender
    • Value: [DWORD]
    • ForceVP= 1

    [HDX-46264]

Known issues in 2210

  • Desktop Viewer toolbar might cover the screen when the desktop is in normal resolution and DPI. [HDX-45206]
  • Desktop Viewer toolbar might not appear correctly in the full-screen mode and displays the options in an incorrect order. [HDX-45189]
  • The position of the window and size might not be persistent when you reconnect the desktop. [HDX-44997]

Known issues in 2209

No new issues have been observed in this release.

Known issues in 2207

No new issues have been observed in this release.

Known issues in 2206

No new issues have been observed in this release.

Known issues in 2205

  • In Citrix Workspace app for Windows, the Advanced Audio Coding (AAC) supports only a maximum of 6 channels. [CTXBR-2941]

  • When you plug-in an USB device or access files, Citrix Workspace app might show legacy Citrix Workspace - Security Warning dialog. [LCM-10369]

  • Battery status notification and automatic keyboard pop-up dialog might not appear during the session when Automatic keyboard display policy is enabled on the DDC. [HDX-39558]

Known issues in 2204.1

  • Citrix Workspace app for Windows installation in offline mode might fail when installer can’t find Microsoft Edge WebView2 on your system.

    As a workaround, install MicrosoftEdgeWebView2RuntimeInstallerX86.exe as an administrator and then try to install Citrix Workspace app for Windows.

    [RFWIN-26329]

Known issues in 2202

  • Fresh install or update operation of Citrix Workspace app might result in delay for about 10–30 mins. For more information, see Knowledge Center article CTX335639. [RFWIN-25752]

Known issues in 2112.1

  • The Print Screen key might not capture screenshots when Citrix Workspace app for Windows with App Protection enabled starts in the background. [RFWIN-25835]
  • Fresh install or update operation of Citrix Workspace app might result in delay for about 10–30 mins. For more information, see Knowledge Center article CTX335639. [RFWIN-25752]
  • Sign out from Citrix Workspace app for Windows might not succeed when proxy authentication is enabled. [RFWIN-24813]
  • If you are using Citrix Workspace app on Microsoft Windows 11 machines, Activity Feed and Actions tabs might be missing. [WSP-13311]
  • While using the Citrix Enterprise Browser, you can’t take screenshots of unprotected URL windows even when protected windows are minimized. [CTXBR-1925]
  • If you have enabled Browser Content Redirection, you cannot sign into Google Meet. [HDX-34649] As a workaround:
    1. Ensure that https://www.youtube.com/* is available in the Access Control List.
    2. Ensure that https://accounts.google.com/* is in the authentication sites list.
    3. Sign in to your Google account on any intermediary Google site, for example, YouTube.
    4. From the same instance of Google Chrome, launch Google Meet.
  • In Citrix Workspace app 2112.1, you might experience high CPU utilization on endpoint when webcam is turned on in an optimized Microsoft Teams video call. As a workaround, create the following registry value on your endpoint:

    Computer\HKEY_CURRENT_USER\SOFTWARE\Citrix\HDXMediaStream Name: UseDefaultCameraConfig Type: REG_DWORD Value: 0

    [HDX-37168]

  • In Citrix Workspace app, you might experience intermittent failures when answering or making a Microsoft Teams call. The following error message appears:

    Call could not be established.

    As a workaround, try to re-establish the Microsoft Teams call.

    [HDX-38819]

Known issues in 2109.1

No new issues have been observed in this release.

Known issues in 2109

If you’ve installed the Citrix Workspace app with a version earlier than 2109 as a user and the admin installs version 2109, the Entry point not found error message appears if you log back into the device as a user. When you click OK, the message disappears and the Citrix Workspace app is updated to version 2109. [RFWIN-25008]

If your admin has installed external extensions in Google Chrome, the Citrix Enterprise Browser crashes when you open it. [CTXBR-2135]

Known issues in 2108

Sessions fail to launch in the offline mode (Service continuity) on client machines, when the user name has Cyrillic or in east Asian characters. [RFWIN-23906]

Known issues in 2107

No new issues have been observed in this release.

Known issues in 2106

  • On stores where the Service continuity feature is enabled, you might not be able to launch resources. The issue occurs with Unicode users. [RFWIN-23439]
  • Attempt to redirect a webcam using Citrix Workspace app for Windows that is installed on a VDA, the webcam might fail. [HDX-28691]

Known issues in 2105

  • During a session, when you click Check for Updates and updates are downloaded successfully, current sessions aren’t listed in the Download successful dialog. [RFWIN-23152]

Known issues in 2103.1

  • The Self-Service plug-in window is blank and no apps are displayed at session launch. The issue occurs when using the Intel Xe Graphics card and because of limitation from the third-party. [CVADHELP-17005]
  • Attempts to compose characters in Japanese, Chinese, or Korean IME might not work properly. The composition window appears misplaced and isn’t seamless. This issue doesn’t occur when using virtual apps and desktops sessions and SaaS apps. [RFWIN-21158]
  • Attempts to exit Citrix Workspace app might fail. The issue occurs when the user credentials prompt appears repeatedly. [RFWIN-22491]
  • After creating a desktop shortcut for an app and restarting the client device, the first attempt to launch the app from the shortcut might fail. The issue occurs when you do not specify the storedescription when installing Citrix Workspace app using the command-line interface. [RFWIN-22510]
  • When you try a peer-to-peer call with Microsoft Teams HDX optimization, calls might fail. This issue occurs if the VDA version is 2103 or lower and the Citrix Workspace app for Windows is 2103 or higher. This issue is fixed in Virtual Delivery Agent (VDA) 2106.

Known issues in 2102

  • Attempts to launch an ICA session might fail. The issue occurs when the proxy server uses port 8080 instead of a custom port. [CVADHELP-15977]
  • In an application session, when you open an image to scan in Microsoft Paint, both the Microsoft Paint application and the scanning process might become unresponsive. The issue occurs when you launch the session in windowed mode. [RFWIN-21413]
  • On machines configured for Azure Active Directory Multifactor Authentication (MFA), the login prompt appears even when the Keep me signed in and Don’t ask again for 60 days options are selected. [RFWIN-21623]
  • Attempts to log in to Citrix Workspace app on Azure Active Directory-joined machines might fail. The issue occurs when the authentication prompt doesn’t appear. [RFWIN-21624]
  • When you launch a published desktop session, the Self-Service plug-in dialog appears in the foreground. The issue occurs when the Local App Access policy is enabled on the Delivery Controller. [RFWIN-21629]
  • Attempts to switch windows using the ALT + Tab keys might result in a blank Citrix Workspace app screen. The issue occurs when you launch the session in windowed mode. [RFWIN-21828]
  • If you’re using a webcam or a video in a Microsoft Teams call, the HDXrtcengine.exe might turn unresponsive. For a workaround, see Knowledge Center article CTX296639. [HDX-29122]

Known issues in 2012.1

No new issues have been observed in this release.

Known issues in 2012

  • If you try to add a protected app to your Favorites, this message might appear, “Your apps aren’t available at this time” When you then click OK, this message appears, “Cannot add app.” After you switch to the Favorites screen, the protected app is listed there, but you can’t remove it from Favorites. [WSP-5497]
  • In the Chrome browser with browser content redirection, when you click a link that opens a new tab, the tab might not open. As a workaround, select Always allow pop-ups and redirects in the Pop-ups blocked message. [HDX-23950]
  • Automatic update of Citrix Workspace app from version 2012 to a later version fails with the following error message:

    Could not load file or assemble Newtonsoft.Json

    The issue occurs only when automatic update is enabled on an admin-installed instance of the Citrix Workspace app.

    As a workaround, download Citrix Workspace app Version 2012.1 or later from the Citrix Downloads page and install it manually.

    [RFWIN-21715]

  • If you launch the app bar and then open the Connection Center menu in Citrix Workspace app for Windows, the app bar doesn’t appear under the server that hosts it. [HDX-27504]
  • If you use Citrix Workspace app for Windows and launch the app bar in a vertical position, the bar covers the Start menu or the system tray clock. [HDX-27505]

Legacy documentation

For product releases that have reached End of Life (EOL), see Legacy documentation.

Third-party notices

Citrix Workspace app for Windows might include third-party software licensed under the terms defined in the following document:

Citrix Workspace app for Windows Third-Party Notices (PDF download)

About this release