Citrix Workspace app

Scenario 4

February 28, 2024

Contributed by:

This scenario covers how to enable App Protection for specific user groups.

The following steps allow you to enable App Protection for users of a specific group:

Select the Active Directory user group for which you want to enable the App Protection policies for the users. In this example, the Active Directory user group is ProductManagers.
Configure the Broker Access policy rules:
1. Install the Citrix PowerShell SDK and connect to the cloud API as explained in the Citrix blog Getting started with PowerShell automation for Citrix Cloud.
2. Run the command Get-BrokerAccessPolicyRule.
  
  A list of all the broker access policies for all the delivery groups which are present is displayed.
3. Find the DesktopGroupUid for the delivery group that you want to change.
4. Get the policies that are applied only to a particular delivery group using the command:
  
  Get-BrokerAccessPolicyRule -DesktopGroupUid 7
5. To enable App Protection policies for the users in the ProductManagers user group, run the following commands:
  
  New-BrokerAccessPolicyRule "Example Rule Name_1" -DesktopGroupUid 7 -AllowedConnections AnyViaAG -AllowedProtocols HDX -AllowedUsers Filtered -AppProtectionScreenCaptureRequired $true -IncludedUserFilterEnabled $true -IncludedUsers domain.com\ProductManagers
6. To disable App Protection policies for the users who are not a part of the the ProductManagers user group, run the following commands:
  
  New-BrokerAccessPolicyRule "Example Rule Name_2" -DesktopGroupUid 7 -AllowedConnections AnyViaAG -AllowedProtocols HDX -AllowedUsers Filtered -AppProtectionScreenCaptureRequired $false-ExcludedUserFilterEnabled $true -ExcludedUsers domain.com\ProductManagers
Verification:

Sign out of Citrix Workspace app, if already open. Sign in to Citrix Workspace app as a user in the ProductManagers Active Directory user group. Launch the protected resource and you see that App Protection is disabled. Sign out of Citrix Workspace app and Sign in again as a user who is not part of the ProductManagers Active Directory user group. Launch the protected resource and you see that App Protection is enabled.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Scenario 4

February 28, 2024

Contributed by:

February 28, 2024

Contributed by:

Scenario 4

In this article