MDX Toolkit

The MDX Toolkit version 18.12.0 is the release available on Citrix.com.

The MDX Service can use MDX version 18.12.0 or 10.8.60 for wrapping third-party apps. For details, see MDX Service.

What’s new in the MDX Toolkit 18.12.0

Network policy behavior. New policies replace the previous network policies in order to unify functionality and make the policies more intuitive. See the following table for more information about the changes.

Legacy policies Intune Policy New policy Notes
Network access, Preferred VPN mode, and Permit VPN mode switching Enable http/https redirection (with SSO), Disable mVPN full tunnel (TCP level) redirection Network Access  
Split tunnel exclusion list mVPN tunnel exclusion list Exclusion list  
Online session required mVPN session required micro VPN session required If Endpoint Management MAM, a corresponding grace period policy controls how long users have to reestablish a VPN session. Intune MAM does not support a grace period.

For the new Network Access and micro VPN Session Required policies, we encourage you to select a new value. By default, Use Previous Settings is selected, which uses the values you had set in the earlier policies. Once changed, you shouldn’t revert to Use Previous Settings. If you are publishing a new app, please do not select Use Previous Settings. Also note that changes to the new policies do not take effect until the user upgrades the app to 18.12.0.

For newly uploaded apps, the defaults are as follows:

  • Network access: Blocked for all apps except Secure Mail. Because Intune does not have a blocked state, the default for Secure Mail is Unrestricted.
  • Exclusion list: Empty
  • micro VPN session required: No

    Note for customers upgrading to 18.12.0:

    The Network access policy defaults to your previous VPN setting and requires no action. If you change the access type, that change doesn’t go into effect until you upgrade your apps to 18.12.0.

For details, see the App Network Access section in:

What’s new in the MDX Toolkit 10.8.60

MDX supports Android P. You can now wrap apps for Android P.

MDX is now available in Polish.

What’s new in the MDX Toolkit 10.8.35

Changes to the Exclusion policy. On Android devices, non-MDX apps can now receive decrypted copies of files encrypted within MDX apps. When the Document Exchange (Open In) policy is set to Restricted, apps listed in the Restricted Open-In exception list policy can receive files that have been encrypted in MDX apps. When receiving files, the content of those files is decrypted to local storage and is deleted from local storage upon closing the file. For example, adding {package=com.microsoft.office.word} to the Document Exchange (Open In) Policy enables the Word application to receive decrypted files from an MDX application.

What’s new in the MDX Toolkit 10.7.20

Control Net Promoter Score survey: A new policy for Citrix Files apps, Allow NPS Citrix Files, allows you to occasionally display a Net Promoter Score survey to users for feedback. The default value is Off.

Do not tunnel endpoints policy: Some service endpoints that Citrix Endpoint Management SDKs and apps use for various features need to be excluded from micro VPN tunneling. MDX does this by default, but it is possible to override this list by setting a client property on the Citrix Endpoint Management server. For details about configuring client properties in the Citrix Endpoint Management console, see Client properties. For details about overriding the service endpoint list, see TUNNEL_EXCLUDE_DOMAINS. The default list of domains that are excluded from tunneling by default are as follows.

  • ssl.google-analytics.com
  • app.launchdarkly.com
  • mobile.launchdarkly.com
  • events.launchdarkly.com
  • stream.launchdarkly.com
  • clientstream.launchdarkly.com
  • firehose.launchdarkly.com
  • hockeyapp.net
  • rttf.citrix.com
  • rttf-test.citrix.com
  • rttf-staging.citrix.com
  • cis.citrix.com
  • cis-test.citrix.com
  • cis-staging.citrix.com
  • pushreg.xm.citrix.com
  • crashlytics.com
  • fabric.io

New policies to control opening URLs from Secure Mail in the native browser: The SecureWebDomains policy controls which domains are sent to the Secure Web browser instead of the native browser. A list of comma-separated URL host domains are matched against the hostname portion of any URL the application would normally send to an external handler. Typically, administrators configure this policy as a list of internal domains for Secure Web to handle.

This feature is available iOS and Android. An earlier known issue for the policy on Android devices was fixed in version 10.6.25.

The ExcludeUrlFilterForDomains policy is a comma-separated list of website domains excluded from URL filtering. URLs including any domain in the list get sent to the user’s native browser instead of Secure Web. If the policy is empty, then all URLs are passed through the URL filters. This policy takes priority over the SecureWebDomains policy. The default policy value is empty.

MDX support for crash reporting to the Citrix Insight Service (CIS): If Citrix Reporting policies are On and a crash happens, MDX creates a report bundle with any logs and crash reports available and uploads it to CIS. It then deletes the support bundle and notifies the related Mobile productivity app of the crash so that it creates a support bundle as well.

What’s new in the MDX Toolkit 10.7.10

The MDX Toolkit 10.7.10 is the final release that supports the wrapping of mobile productivity apps. Users access mobile productivity apps versions 10.7.5 and later from the public app stores. For table listing the mobile productivity apps enterprise versions that you can wrap with the MDX Toolkit 10.7.10, see the Enterprise delivery of mobile productivity apps section in Mobile productivity apps administration and delivery.

The MDX Toolkit version 10.7.10 contains fixes. For details, see Fixed issues.

What’s new in the MDX Toolkit 10.7.5

The MDX Toolkit version 10.7.5 contains fixes. For details, see Fixed issues.