What’s new
What’s new in 2411
Tip:
You can download the latest Workspace Environment Management installer from the Citrix Virtual Apps and Desktops downloads page https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/. On that page, access the installer under Components of the latest version of Citrix Virtual Apps and Desktops.
This release includes the following new features and addresses issues to improve the user experience:
Log export
This feature allows you to export your infrastructure service and web console logs to third-party platforms like Grafana and Splunk. After configuration, your infrastructure service and web console logs are sent to the specified platform within one minute. You can also disable or delete the configuration at any time if you no longer need to export the logs. For more information, see Global configurations.
Support data export to Splunk
Previously, you were restricted only to Grafana when exporting agent reports to third-party platforms.
With this feature, you can now effortlessly export the data to Splunk as well.
For more information, see Export to third-party platform.
Integration of the WEM Health Check tool into the WEM Tool Hub
The WEM Health Check tool is now integrated and listed within the WEM Tool Hub Home page for ease of access and use. This tool runs checks on the WEM agent or infrastructure server and identifies potential issues with your WEM deployment. For more information, see WEM Health Check tool.
Support data export to third-party platforms for flexible management
Previously, you were restricted to exporting reports solely to cloud storage or local machines, hindering your ability to effectively analyze and monitor task outcomes.
With this feature, you can now effortlessly configure and export report data to third-party platforms such as Grafana. This enhancement helps to seamlessly integrate and utilize external analytics tools for comprehensive performance monitoring and analysis, whether automatically scheduled or manually initiated.
For more information, see Reports.
Profile Migration Tool in the WEM Tool Hub
With the new Profile Migration Tool, you can now migrate different types of profiles to the Citrix container-based profile solution. This feature simplifies the profile migration process, ensuring a smooth transition and minimal disruption to user workflows. The following types of profiles are supported:
- FSLogix profile container
- Citrix file-based solution
- Local profile
For more information, see Profile Migration Tool.
Support for testing the app access control rules
You can now validate app access control rules on the local machine before deploying in the testing or production environment. For more information, see Rule Generator for App Access Control.
Add new built-in scripted tasks to reduce operation efforts
Added more valuable built-in script tasks that help admins use built-in scripted tasks directly and reduce operation efforts. This feature resolves unregistered VDA issues and sets CDF trace configurations. For more information, see Scripted Tasks.
Configuring registry and GPO settings with a new registry value type
-
REG_NONE registry value type is introduced for more customized configurations by providing a way to specify settings or parameters that do not fit into other predefined data categories, such as, strings, integers, or binary data. You can use this flexibility to handle unique or specialized configurations.
-
REG_NONE registry value type supports the following functions:
- In creating/updating registry entry action
- In creating/updating registry entry-based GPO action
- When importing a registry entry-based GPO
- On the agent side
- For legacy console
- For backup and restore from the web console and the legacy console
-
For more information, see Create a GPO and Import Group Policy settings.
View a GPO
You can now view the WEM Group Policy settings. GPO summaries in read-only mode without editing the GPO. This implementation eliminates the risk of misconfiguration while reviewing the existing settings.
For more information, see Registry-based settings.
Selective WEM reset feature
WEM is enhanced to selectively reset WEM actions tracking cache. When you enable Allow Users to reset Cached Actions, the Reset Cached Actions is turned on. On clicking it, a new wizard gets displayed and then you can choose the cached actions that need a reset. This enhancement enables you to reset the process history for JSON files or the user group policy objects. After the reset, the actions get processed during the subsequent user logons.
Group policy migration to WEM
-
You can now use the Group policy migration to migrate Group policy preferences that cause slow sign-ons into WEM actions to improve your sign-on experience. In the WEM Tool Hub, you can begin the migration workflow either within a logon duration report, while viewing GPO processing times, or from the Group Policy Migration Tool. This tool allows you to scan for currently applied GPOs. You can select from the listed items supported for migration. Selected items are exported as a ZIP file to the local machine, which is later imported as WEM actions. This feature is enhanced to guide you through the process of creating an assignment group with the exported settings, and also assign the group to the respective user.
-
For more information, see Group Policy Migration Tool.
Introducing new insights to monitor and diagnose logon duration
This enhancement introduces profile container and GPP processing insights to monitor and diagnose logon duration. This feature enables you to identify the possible issues, which may cause slow logon and to also provide recommendations to resolve issues.
For more information, see Windows Logon analysis.
Privilege elevation
-
This enhancement enables you to configure privilege elevation rules and assign them to users using the web console. You can now use the existing File Info Viewer in WEM Tool Hub to get the file information needed for rule configuration, such as, path, publisher, and hash values.
-
For more information, see Privilege elevation and Manage assignments for a target.
Application security rules for WEM web console
This feature allows you to create and configure different types of application security rules and assign them to users in the web console. This feature uses the same workflow that is used for action assignments. You can now import rules configured with AppLocker to manage them in WEM. You can also use the WEM Tool Hub to retrieve information needed for rule configuration, such as path, publisher, and hash values. For more information, see Application security and File Info Viewer.
Group managed service account support for API service impersonation
-
You can now use a Group Managed Service Account (gMSA) for API service impersonation, where you can either use a domain account or a gMSA to improve security. This feature now lets you use an updated UI of the WEM web console configuration tool, where you can select and configure the gMSA to the WEM API service.
-
For more information, see Configure and start the Web console.
Configure multiple SPNs in a single forest for various WEM deployments
-
Previously, you could create only one service principal name (SPN) for separate domains that reside in the same forest.
-
With this feature, you can now configure multiple SPNs in a single forest for various WEM deployments across different domains.
-
For more information, see Create a service principal name.
Rule Generator updated with expanded app access control features
-
The Rule Generator for App Access Control tool now supports the expanded features of the App access control policy. With this tool, you can now create redirection rules and configure exclusions for rule assignments.
-
For more information, see Rule Generator for App Access Control.
Profile Management
Workspace Environment Management now supports all supported versions of Profile Management through 2411. The following features are now available in the web console.
-
App access control policy expanded. With the policy, you can now use rules to implement machine-level redirections for files, folders, and registry keys and values. In addition, You can now exclude specific users, machines, and processes from rule enforcement for more precise control.
The feature is available under each configuration set in Profiles > Profile Management Settings > App access control. For more information, see Citrix Profile Management Settings.
-
Folder redirection policy enhanced with more options.
-
New options for redirection rule configuration:
-
Redirect to the local user profile. Lets you redirect a folder to the local user profile.
-
Move contents to new location. Lets you decide whether to move contents from the previous folder to the new one when setting or modifying redirection target folders.
-
-
New option for more secured access control:
- Grant access to specific users and groups. Lets you grant specific users or groups Read & Execute permissions on the redirection target folders.
The feature is available under each configuration set in Profiles > Profile Management Settings > Folder redirection. For more information, see Citrix Profile Management Settings.
-
-
Enable UWP app load acceleration. Lets you accelerate the loading of UWP apps and improve their consistency in non-persistent environments. By default, Windows stores UWP App registration data locally, which can be lost upon restart in non-persistent environments. With this policy enabled, Profile Management creates a VHDX container for each machine to store that data, improving user logon and preventing data loss on restarts.
The feature is available under each configuration set in Profiles > Profile Management Settings > Advanced settings. For more information, see Citrix Profile Management Settings.
-
Alert user when profile size exceeds quota. Lets you notify users when their profile size exceeds a set quota. You can customize the quota value and the notification message based on the default settings.
The feature is available under each configuration set in Profiles > Profile Management Settings > Advanced settings. For more information, see Citrix Profile Management Settings.