What’s new
26 September 2025
-
Scan to evaluate multiple registry key values
The Device Posture service now includes a new scan for Windows devices. Admins can configure the Multi-Value Non Numeric Registry scan to evaluate multiple registry key values and then determine the device’s managed status. For details on configuring a device posture policy with multi-value non-numeric registry scan, see Configure Device Posture policies.
-
Troubleshoot Device Posture service transactions using Citrix Monitor
Administrators can now diagnose and troubleshoot Device Posture service transactions effectively through comprehensive monitoring capabilities integrated into the Citrix Monitor dashboard. This enhancement provides detailed insights into Device Posture policy evaluation, compliance checks, and error diagnostics. For details, see Diagnose Device Posture service transactions.
-
Automatic skipping of posture checks
The Device Posture service now supports automatic skipping of posture checks if the EPA client is not detected on the end-user devices. When configured for auto skip, the system performs real-time detection to determine if the EPA client is present on the end-user’s device. If the client is not detected, the posture check process is automatically bypassed without requiring any user interaction thus streamlining the login process.
Admins can also configure the settings to enable end users to manually click Skip Posture Check on every login attempt if the EPA client is not installed on their machines or the EPA client version is outdated. For details, see Skip device posture checks.
-
Integration of multiple Microsoft Intune accounts with Device Posture
The Device Posture service now supports integration with multiple Microsoft Intune accounts. This allows organizations with multiple Intune tenants (often a result of mergers, acquisitions, or departmental segmentation) to seamlessly manage device posture across all their environments. For details, see Microsoft Intune integration with Device Posture.
-
Device Posture support for Secure Private Access hybrid deployments
Device Posture is supported for Secure Private Access hybrid deployments, but is available only upon request. Contact Citrix Support or ATS to have the feature enabled. Device Posture service is not yet supported on gateway for Citrix Virtual Apps and Desktops.
-
For details on enabling Device Posture checks on NetScaler Gateway, see Device Posture checks on NetScaler Gateway.
-
In addition to enabling the Device Posture feature on NetScaler Gateway, you must add the URL of NetScaler Gateway accessing StoreFront™ in the Device Posture Settings page. For details, see Enable Device Posture for Secure Private Access hybrid solutions.
-
09 July 2025
-
Multi-workspace URLs support
Administrators can now apply distinct device posture policies to different Citrix Workspace™ access URLs, offering granular control and simplified security management. Previously, the Device Posture service was enabled globally across all workspace URLs, preventing administrators from applying specific requirements on a per-URL basis.
With multi-workspace URLs support, you can now do the following:
- Apply distinct device posture checks for specific workspace URLs.
- Enforce varying levels of device compliance based on the workspace URL that users access.
- Create and test the device posture checks on test workspace URLs before deploying to production URLs.
For details, see Multi-workspace URLs support.
Note:
This feature is in preview.
21 Feb 2025
-
Device compliance with event-driven posture checks
Starting with EPA Library version 24.11.1.1, Device Posture introduces enhanced checks to assess the compliance of your devices.
The following two scans are added to provide more control over device compliance:
- External Device Connected: This scan detects if an external USB storage device is connected to the endpoint.
- Network Settings: This scan determines if the device is connected to a protected Wi-Fi network.
When any of the following events occur, Device Posture re-evaluates the device’s compliance status:
- The External Device Connected scan is configured, and an external USB storage device is inserted or removed.
- The Network Settings scan is configured, and a switch between an open network and a protected network is detected.
- The Windows Defender Firewall scan is configured, and it’s enabled or disabled.
Access to the resources is updated in accordance with the new compliance status. This ensures that access to resources is granted or revoked based on the device’s real-time compliance status.
For details, see Device compliance with event-driven posture checks.
Note:
This feature is supported only on the Windows platform.
-
TCP/UDP active sessions terminated after a downgrade
For TCP/UDP applications launched from the Citrix Secure Access client, if a device posture scan results in a downgrade (for example from Compliant to Non-compliant or Denied access), users receive a notification, and after 5 minutes, the active sessions are terminated. For details, see Periodic scanning of devices.
Note:
This feature is supported only on the Windows platform and is available from the End Point Analysis (EPA) client version 24.8.1.19 and library version 24.9.1.1.
-
Enhancements to the Windows Update Last Update scan
Starting from EPA library version 24.9.1.1, the Windows Update Last Update scan also includes updates installed through BigFix, Microsoft Intune, and other third-party tools, in addition to those installed through the Windows Auto Upgrade service.
04 Dec 2024
-
Jamf Pro integration with Device Posture
In addition to the native scans offered by the Device Posture service, the Device Posture service is also integrated with Jamf Pro. For details, see Jamf Pro integration with Device Posture.
29 May 2024
-
Availability of Device Posture service in test mode
The Device Posture service is also available in test mode wherein admins can test the Device Posture service before enabling it on their production environment. This enables the admins to analyze the impact of the device posture scans on the end user devices and then plan their course of action accordingly before enabling it on production. For details, see Device Posture service in test mode.
-
**Periodic scanning of devices
You can now enable periodic scanning of Windows devices for the configured checks every 30 minutes. For details, see Periodic scanning of devices.
14 May 2024
-
Skip device posture checks
Admins can allow the end users to skip the device posture checks on their devices. For details, see Skip device posture checks.
-
Device posture dashboard
The Device Posture service portal now has a dashboard for monitoring and troubleshooting logs. Admins can now use this dashboard for monitoring and troubleshooting purposes. For details, see Device posture logs.
-
General availability of browser and antivirus checks
The browser and antivirus checks are now generally available. For details, see Scans supported by device posture.
-
General availability of custom messages
The option to add customized messages when access is denied is now generally available. For details, see Customized messages for access denied scenarios.
26 March 2024
-
Custom workspace URLs support
Custom workspace URLs are now supported with the Device Posture service. You can use a URL that you own in addition to your cloud.com URL to access workspace. Ensure that you allow access to citrix.com from your network. For details on custom domains, see Configure a custom domain.
12 February 2024
-
Support for browser and antivirus checks - Preview
Device Posture service now supports browser and antivirus checks. For details, see Scans supported by device posture.
23 January 2024
-
General availability of device certificate check with Device Posture service
Device certificate check with the Device Posture service is now generally available. For details, see Device certificate check.
-
Device Posture service preview features
Device Posture service now supports the following checks:
- Device Posture service is now supported on the IGEL platforms.
- Device Posture service now supports geolocation and network location checks.
For details, see Device Posture.
11 September 2023
-
General availability of Device Posture Integration with Microsoft Intune
Device Posture Integration with Microsoft Intune is now generally available. For details, see Microsoft Intune integration with Device Posture.
30 August 2023
-
Manage Citrix Endpoint Analysis Client for Device Posture service
The EPA client can be used together with NetScaler and Device Posture. Some configuration changes are required to manage EPA client when used with NetScaler and Device Posture. For details, see Manage Citrix Endpoint Analysis Client for Device Posture service.
28 August 2023
-
Device Posture service support on iOS platforms - Preview
Device Posture service is now supported on iOS platforms. For details, see Device Posture.
22 August 2023
-
Device Certificate check with Citrix Device Posture service - Preview
Citrix Device Posture service can now enable contextual access (Smart Access) to Citrix DaaS and Secure Private Access resources by checking the end device’s certificate against a corporate certificate authority to determine if the end device can be trusted. For details, see Device certificate check.
17 August 2023
-
Device Posture events on Citrix DaaS™ Monitor
Device Posture service events and monitoring logs are now searchable on DaaS Monitor. For details, see Device posture events on Citrix DaaS Monitor.
23 January 2023
-
Device posture service
Citrix Device Posture service is a cloud-based solution that helps admins to enforce certain requirements that the end devices must meet to gain access to Citrix DaaS (virtual apps and desktops) or Citrix Secure Private Access resources (SaaS, Web apps, TCP, and UDP apps). For details, see Device Posture.
[AAUTH-90]
-
Microsoft Endpoint Manager integration with Device Posture
In addition to the native scans offered by the Device Posture service, the Device Posture service can also be integrated with other third-party solutions. Device Posture is integrated with Microsoft Endpoint Manager (MEM) on Windows and macOS. For details, see Microsoft Endpoint Manager integration with Device Posture.
[ACS-1399]