Enforce smart controls on DaaS using Device Posture

You can enforce smart controls while accessing the Citrix Desktop as a Service (DaaS) resources through the Citrix Device Posture service.


This is not an exhaustive configuration, but a sample on how to use Device Posture to configure Studio policies.

In this example, a policy is created to disable copy-paste functionality on Citrix DaaS resources using the Device Posture service tags (COMPLIANT and NON-COMPLIANT).

To disable copy-paste functionality for users coming from a NON-COMPLIANT device on Citrix DaaS, perform the following steps:

  1. On the Citrix DaaS configuration page, Click the Manage tab.
  2. Click the Policies tab.
  3. Select Create Policy.
  4. In Select Settings, select Client Clipboard Redirection.
  5. In Edit Setting, select Prohibited, and then click Save.

    Edit setting

  6. In the Users and Machines page, click Filtered user and computers, and then assign this policy to Access Control.
  7. Go to Filter for user settings only and select Access Control.

    Access Control

  8. In the Assign Policy page, leave the default settings for Mode and Connection Type.

    In Gateway farm name, enter Workspace and in Access Condition, enter NON-COMPLIANT.

    Gateway farm

  9. Enter a name for the policy. Consider naming the policy according to who or what it affects, for example Restricted Clipboard Access for non-compliant devices. Optionally, add a description.
  10. Click Finish.


The policy is disabled by default. Enabling the policy allows it to be applied immediately for the users logging on. Disabling prevents the policy from being applied. If you must prioritize the policy or add settings later, consider disabling the policy until you are ready to apply it.

How to validate your policy configuration

Validate your policies to make sure that they are working as intended before widely implementing these policies. In the configuration example:

  • For the users coming from a COMPLIANT end device, Citrix DaaS resources must be enumerated without the copy-paste restrictions.
  • For the users coming from a NON-COMPLIANT end device, Citrix DaaS resources must be enumerated with the copy-paste restrictions.
Enforce smart controls on DaaS using Device Posture