The announcements in this article are intended to give you advanced notice of the XenMobile Server features that are being phased out. We provide this information so that you can make timely business decisions. Citrix monitors customer use and feedback to determine when they are withdrawn. Announcements can change in subsequent releases and might not include every deprecated feature or functionality. For details about product lifecycle support, see the Product Lifecycle Support Policy article.
Deprecations and removals
The following list shows the XenMobile Server features that are deprecated or removed.
Deprecated items are not removed immediately. Citrix continues to support a deprecated item until removing it in a future release.
Removed items are either removed, or are no longer supported, in XenMobile Server.
For information about the mobile productivity apps that reached End of Life, see EOL and deprecated apps.
|Custom XML for Zebra
|Deprecated support for custom XML on Zebra devices
|Target: June 2022
|Use Android Enterprise managed configuration.
|Windows Information Protection (WIP)
|Deprecated support for Windows Information Protection per the announcement from Microsoft here.
|Target: October 2022
|Deprecated support for the Xenmobile Analyzer tool.
|Target: March 31, 2023
|PKI identities: Generic, Symantec PKI, DigiCert, and Entrust adapter
|Deprecated support for generic, DigiCert managed, and Entrust adapter PKI entities.
|Enrollment invitation setup
|Deprecated support for using a device IMEI, serial number, and UDID to create an enrollment invitation.
|When you create an enrollment invitation, configure the available settings under Manage > Enrollment Invitations in the XenMobile console.
|Carrier SMS Gateway
|Deprecated support for Nexmo SMS gateway notifications
|Use SMTP server notifications
|Mobile Service Provider (MSP)
|Deprecated support for MSP interface to query Blackberry and other Exchange ActiveSync devices and issue operations
|Samsung Kiosk mode
|Deprecate support for legacy Samsung Kiosk mode based on Device Admin (DA) mode.
|Use Android Enterprise (AE) Kiosk mode.
|Allow auto-connect to Wi-Fi sense hotspots restriction for Windows devices.
|Remove support for the Allow auto-connect to Wi-Fi sense hotspots restriction for Windows 10 devices. Windows 10 no longer supports this feature. For information, see Microsoft documentation.
|Samsung SAFE/Samsung Knox Platforms
|Deprecated support for SAFE and Knox Platform.
|Use Knox Service Plugin via Managed App config policy to set up Knox policies using Android Enterprise.
|High Security enrollment mode
|Deprecated support for generating enrollment invitations with the High Security enrollment security mode.
|See Enroll devices for a list of supported enrollment security modes.
|RBAC Role - Shared devices enroller and COSU devices enroller
|Deprecate support for predefined Role Based Access Control settings for both Shared devices enroller and COSU devices enroller
|Configure iOS devices through Supported enrollment methods. Configure Android COSU (dedicated) devices through Enrollment profiles.
|Knox Mobile Enrollment (legacy DA)
|Deprecated support for Knox Mobile Enrollment (KME) in the legacy Device Administrator mode on all Android versions.
|Use KME to enroll in Android Enterprise mode. Android 9, 10, 11 support Android Enterprise.
|Citrix mobility apps and Workspace apps for Android 7.x and iOS 12.x
|Deprecated support for the Android 7.x and iOS 12.x versions of Secure Hub, Secure Mail, Secure Web, and Citrix Workspace app.
|Use, at a minimum, the current and prior version of each major operating system platform. Older devices remain enrolled. However, Citrix doesn’t test or support the legacy devices.
|Deprecated support for derived credentials and the Citrix Derived Credentials Manager app.
|See iOS for a list of authentication types supported for iOS.
|Internet Explorer 11
|Deprecated support of Internet Explorer use with the XenMobile Server console.
|Use the latest version of these web browsers: Google Chrome, Mozilla Firefox, Microsoft Edge, Apple Safari
|RSA soft token support for Android
|Deprecated support for the direct import of RSA soft tokens into Secure Hub for Android.
|You can import the RSA soft token inside the RSA secure ID app available in Google Play. You can then use the token for Citrix Gateway authentication.
|Android - Sony
|Deprecated support for Android Sony devices and Sony-specific policies.
|Use Android Enterprise
|Android - HTC
|Deprecated support for Android HTC devices and HTC-specific policies.
|Use Android Enterprise
|Android - Amazon
|Deprecated support for Android Amazon devices and Amazon-specific policies.
|Use Android Enterprise
|Third party component of the XenMobile dashboard
|We will deprecate a third party component used as part of the XenMobile dashboard.
|To continue using the dashboard, upgrade to XenMobile 10.12 or later
|Apps published for the legacy Device Administrator mode on Android Enterprise devices
|We no longer deliver apps published for the legacy DA platform to devices enrolled in Android Enterprise.
|For Android Enterprise devices, publish apps for the Android Enterprise platform. To continue to publish legacy DA apps to devices in DA mode, create a separate delivery group for those apps.
|APNs outgoing ports
|Apple support for the APNs legacy binary protocol ends as of March 31, 2021. Apple recommends that you use the HTTP/2-based APNs provider API instead. As part of this change, we are deprecating support for ports 2195 and 2196, used to send APNs notifications to
|Use port 443 or 2197 instead. See Open XenMobile ports to manage devices.
|Samsung SEAMS container
|Deprecated support for the Samsung SEAMS container.
|Use the Samsung Knox Service Plug-in (KSP) app for Android Enterprise. See Add the Knox service plug-in app.
|Self-signed Secure Sockets Layer (SSL) certificates
|Deprecated support for self-signed SSL certificates for all device platforms.
|Replace your existing self-signed certificate with a trusted SSL certificate from a well-known certificate authority (CA).
|Certificate-based authentication signature algorithms (non-FIPS and weak ciphers)
|Deprecated support for the following signature algorithms: SHA1withRSA, SHA224withRSA, SHA1withECDSA, SHA224withECDSA, SHA1withDSA, RIPEMD160withRSA, RIPEMD128withRSA, RIPEMD256withRSA.
|When you create a CSR for a credential provider in the XenMobile console (Settings > Credential Providers > Certificate Signing Request), choose a stronger cipher.
|Deprecated support for Microsoft SQL Server 2014 and earlier.
|Update the system to one of the following supported versions: Microsoft SQL Server 2016 SP2, Microsoft SQL Server 2017 CU 13, or Microsoft SQL Server 2019 CTP 3.2. See the list of supported servers in System requirements and compatibility.
|Deprecated support for Citrix XenServer 6.5.x and earlier, VMware ESXi 5.5 Update 3 and earlier, and Hyper-V 2012.
|Update the system to one of the following supported versions: Citrix Hypervisor 8.0 and later, Citrix XenServer 7.0 and later, VMware (ESXi 6.0, ESXi 6.5.0 Update 3, ESXi 6.7 Update 2 patch 10, or ESXi 7.0), or Hyper-V (Windows Server 2016 or Windows Server 2019).
|Deprecated support for the Legacy Citrix Launcher app.
|August 2020 (remove from the app store)
|Use provision devices as kiosks (dedicated devices) and Citrix Launcher for Android enterprise. For more information, see Citrix Launcher replacement.
|Citrix mobility apps and Workspace apps for Android 6.x and iOS 11.x
|Deprecated support for the Android 6.x and iOS 11.x versions of Secure Hub, Secure Mail, Secure Web, and Citrix Workspace app.
|Use, at a minimum, the current and prior version of each major operating system platform.
|MDX Toolkit and MDX Service
|Deprecated support for the MDX Toolkit and MDX Service in favor of the Mobile App Management (MAM) SDK. During the transition period, you can use both MDX wrapped apps and MAM SDK developed apps.
|Target: July 2023
|To continue managing your enterprise applications, use the MAM SDK.
|MDX: Alternative Gateway Server
|Deprecated step-up authentication for iOS and Android devices.
|MDX: Micro VPN (full tunnel mode)
|Deprecated a full virtual private network (VPN) tunnel for iOS and Android devices.
|Use the MAM SDK Web SSO mode or create a per-app VPN policy with the Citrix SSO connection type.
|MDX: PAC file support
|Deprecated support for a Proxy Automatic Configuration (PAC) file with a full VPN tunnel deployment for iOS and Android devices.
|Use Citrix Gateway to connect through a proxy server for access to internal networks.
|MDX shared device support
|Deprecated shared device support for MDX apps.
|For Android Enterprise, use shared device support for MDM. For iOS, use Apple School Manager or GroundControl.
|New Device Administrator enrollments for Android 10
|Deprecated support for new enrollments or re-enrollments into the legacy Device Administrator mode on Android 10 devices. Already enrolled devices continue to work.
|Enroll new Android 10+ devices into Android Enterprise.
|Legacy Device Administrator mode for Android 10 devices
|Google deprecated some Device Administrator APIs. Citrix doesn’t support Android 10 devices enrolled into Device Administrator mode as of the upgrade to Citrix Secure Hub that targets Android API level 29.
|Migrate Android 10 devices to Android Enterprise.
|Deprecated MDX encryption and the MDX encryption feature in the XenMobile console.
|Enable iOS or Android platform encryption using our Encryption Management feature with added compliance checking. Ensure you have tested and planned for migration off MDX encryption by July 2020.
|Passcode device policy: The No Restrictions setting for Android Enterprise
|Android Enterprise devices running Android 7 or higher only support a passcode created with character restrictions. If you previously set Required characters to No Restrictions, this update changes that value to Numbers only.
|This change doesn’t affect the current user sign-in experience.
|Deprecated the Remote Support client for clustered on-premises XenMobile Server deployments.
|Secure Hub Network Extensions for iOS
|Deprecated the Network Extension framework that allowed you to customize networking features for iOS devices, as of Secure Hub release 20.3.0.
|TLS versions 1.0 and 1.1
|To improve the security of XenMobile, Citrix now blocks any communication over Transport Layer Security (TLS) 1.0 and 1.1. As a result of its weakening security, the PCI Council is deprecating TLS 1.0 and TLS 1.1.
|Upgrade to TLS 1.2.
|Deprecated support for Windows Mobile/CE devices.
|Use Windows 10 Desktop and Laptop.
|DigiCert stopped supporting Android TouchDown. Citrix will remove the Android TouchDown platform page from the Exchange device policy.
|Recommendation: Use Citrix Secure Mail.