Device Posture

View PDF

What’s new

September 26, 2025

Contributed by:

26 September 2025

Scan to evaluate multiple registry key values

The Device Posture service now includes a new scan for Windows devices. Admins can configure the Multi-Value Non Numeric Registry scan to evaluate multiple registry key values and then determine the device’s managed status. For details on configuring a device posture policy with multi-value non-numeric registry scan, see Configure Device Posture policies.
Troubleshoot Device Posture service transactions using Citrix Monitor

Administrators can now diagnose and troubleshoot Device Posture service transactions effectively through comprehensive monitoring capabilities integrated into the Citrix Monitor dashboard. This enhancement provides detailed insights into Device Posture policy evaluation, compliance checks, and error diagnostics. For details, see Diagnose Device Posture service transactions.
Automatic skipping of posture checks

The Device Posture service now supports automatic skipping of posture checks if the EPA client is not detected on the end-user devices. When configured for auto skip, the system performs real-time detection to determine if the EPA client is present on the end-user’s device. If the client is not detected, the posture check process is automatically bypassed without requiring any user interaction thus streamlining the login process.

Admins can also configure the settings to enable end users to manually click Skip Posture Check on every login attempt if the EPA client is not installed on their machines or the EPA client version is outdated. For details, see Skip device posture checks.
Integration of multiple Microsoft Intune accounts with Device Posture

The Device Posture service now supports integration with multiple Microsoft Intune accounts. This allows organizations with multiple Intune tenants (often a result of mergers, acquisitions, or departmental segmentation) to seamlessly manage device posture across all their environments. For details, see Microsoft Intune integration with Device Posture.
Device Posture support for Secure Private Access hybrid deployments

Device Posture is supported for Secure Private Access hybrid deployments, but is available only upon request. Contact Citrix Support or ATS to have the feature enabled. Device Posture service is not yet supported on gateway for Citrix Virtual Apps and Desktops.
- For details on enabling Device Posture checks on NetScaler Gateway, see Device Posture checks on NetScaler Gateway.
- In addition to enabling the Device Posture feature on NetScaler Gateway, you must add the URL of NetScaler Gateway accessing StoreFront™ in the Device Posture Settings page. For details, see Enable Device Posture for Secure Private Access hybrid solutions.

09 July 2025

Multi-workspace URLs support

Administrators can now apply distinct device posture policies to different Citrix Workspace™ access URLs, offering granular control and simplified security management. Previously, the Device Posture service was enabled globally across all workspace URLs, preventing administrators from applying specific requirements on a per-URL basis.

With multi-workspace URLs support, you can now do the following:
- Apply distinct device posture checks for specific workspace URLs.
- Enforce varying levels of device compliance based on the workspace URL that users access.
- Create and test the device posture checks on test workspace URLs before deploying to production URLs.
For details, see Multi-workspace URLs support.

Note:

This feature is in preview.

21 Feb 2025

Device compliance with event-driven posture checks

Starting with EPA Library version 24.11.1.1, Device Posture introduces enhanced checks to assess the compliance of your devices.

The following two scans are added to provide more control over device compliance:
- External Device Connected: This scan detects if an external USB storage device is connected to the endpoint.
- Network Settings: This scan determines if the device is connected to a protected Wi-Fi network.
When any of the following events occur, Device Posture re-evaluates the device’s compliance status:
- The External Device Connected scan is configured, and an external USB storage device is inserted or removed.
- The Network Settings scan is configured, and a switch between an open network and a protected network is detected.
- The Windows Defender Firewall scan is configured, and it’s enabled or disabled.
Access to the resources is updated in accordance with the new compliance status. This ensures that access to resources is granted or revoked based on the device’s real-time compliance status.

For details, see Device compliance with event-driven posture checks.

Note:

This feature is supported only on the Windows platform.
TCP/UDP active sessions terminated after a downgrade

For TCP/UDP applications launched from the Citrix Secure Access client, if a device posture scan results in a downgrade (for example from Compliant to Non-compliant or Denied access), users receive a notification, and after 5 minutes, the active sessions are terminated. For details, see Periodic scanning of devices.

Note:

This feature is supported only on the Windows platform and is available from the End Point Analysis (EPA) client version 24.8.1.19 and library version 24.9.1.1.
Enhancements to the Windows Update Last Update scan

Starting from EPA library version 24.9.1.1, the Windows Update Last Update scan also includes updates installed through BigFix, Microsoft Intune, and other third-party tools, in addition to those installed through the Windows Auto Upgrade service.

04 Dec 2024

Jamf Pro integration with Device Posture

In addition to the native scans offered by the Device Posture service, the Device Posture service is also integrated with Jamf Pro. For details, see Jamf Pro integration with Device Posture.

29 May 2024

Availability of Device Posture service in test mode

The Device Posture service is also available in test mode wherein admins can test the Device Posture service before enabling it on their production environment. This enables the admins to analyze the impact of the device posture scans on the end user devices and then plan their course of action accordingly before enabling it on production. For details, see Device Posture service in test mode.
**Periodic scanning of devices

You can now enable periodic scanning of Windows devices for the configured checks every 30 minutes. For details, see Periodic scanning of devices.

14 May 2024

Skip device posture checks

Admins can allow the end users to skip the device posture checks on their devices. For details, see Skip device posture checks.
Device posture dashboard

The Device Posture service portal now has a dashboard for monitoring and troubleshooting logs. Admins can now use this dashboard for monitoring and troubleshooting purposes. For details, see Device posture logs.
General availability of browser and antivirus checks

The browser and antivirus checks are now generally available. For details, see Scans supported by device posture.
General availability of custom messages

The option to add customized messages when access is denied is now generally available. For details, see Customized messages for access denied scenarios.

26 March 2024

Custom workspace URLs support

Custom workspace URLs are now supported with the Device Posture service. You can use a URL that you own in addition to your cloud.com URL to access workspace. Ensure that you allow access to citrix.com from your network. For details on custom domains, see Configure a custom domain.

12 February 2024

Support for browser and antivirus checks - Preview

Device Posture service now supports browser and antivirus checks. For details, see Scans supported by device posture.

23 January 2024

General availability of device certificate check with Device Posture service

Device certificate check with the Device Posture service is now generally available. For details, see Device certificate check.
Device Posture service preview features

Device Posture service now supports the following checks:
- Device Posture service is now supported on the IGEL platforms.
- Device Posture service now supports geolocation and network location checks.
For details, see Device Posture.

11 September 2023

General availability of Device Posture Integration with Microsoft Intune

Device Posture Integration with Microsoft Intune is now generally available. For details, see Microsoft Intune integration with Device Posture.

30 August 2023

Manage Citrix Endpoint Analysis Client for Device Posture service

The EPA client can be used together with NetScaler and Device Posture. Some configuration changes are required to manage EPA client when used with NetScaler and Device Posture. For details, see Manage Citrix Endpoint Analysis Client for Device Posture service.

28 August 2023

Device Posture service support on iOS platforms - Preview

Device Posture service is now supported on iOS platforms. For details, see Device Posture.

22 August 2023

Device Certificate check with Citrix Device Posture service - Preview

Citrix Device Posture service can now enable contextual access (Smart Access) to Citrix DaaS and Secure Private Access resources by checking the end device’s certificate against a corporate certificate authority to determine if the end device can be trusted. For details, see Device certificate check.

17 August 2023

Device Posture events on Citrix DaaS™ Monitor

Device Posture service events and monitoring logs are now searchable on DaaS Monitor. For details, see Device posture events on Citrix DaaS Monitor.

23 January 2023

Device posture service

Citrix Device Posture service is a cloud-based solution that helps admins to enforce certain requirements that the end devices must meet to gain access to Citrix DaaS (virtual apps and desktops) or Citrix Secure Private Access resources (SaaS, Web apps, TCP, and UDP apps). For details, see Device Posture.

[AAUTH-90]
Microsoft Endpoint Manager integration with Device Posture

In addition to the native scans offered by the Device Posture service, the Device Posture service can also be integrated with other third-party solutions. Device Posture is integrated with Microsoft Endpoint Manager (MEM) on Windows and macOS. For details, see Microsoft Endpoint Manager integration with Device Posture.

[ACS-1399]

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

What’s new

September 26, 2025

Contributed by:

September 26, 2025

Contributed by:

What’s new

26 September 2025

09 July 2025

21 Feb 2025

04 Dec 2024

29 May 2024

14 May 2024

26 March 2024

12 February 2024

23 January 2024

11 September 2023

30 August 2023

28 August 2023

22 August 2023

17 August 2023

23 January 2023

In this article