Product Documentation

What’s new

A goal of Citrix is to deliver new features and product updates to XenMobile Service customers when they are available. New releases provide more value, so there’s no reason to delay updates. Rolling updates to the XenMobile Service release approximately every two weeks.

To you, the customer, this process is transparent. Initial updates are applied to Citrix internal sites only, and are then applied to customer environments gradually. Delivering updates incrementally in waves helps to ensure product quality and to maximize availability.

If you are a XenMobile Service customer, you also receive XenMobile Service updates and communications directly from the XenMobile Cloud Ops Team. Those updates keep you current with new features, known issues, fixed issues, and so on.

For details about the service level goal for the XenMobile Service for cloud scale and service availability, see Service Level Goal. To monitor service interruptions and scheduled maintenance, see the Service Health Dashboard.

Note:

Starting the second quarter of 2018, support for Symbian and Windows Mobile/CE devices is no longer available to new customers. For information about the Microsoft product lifecycle, see https://support.microsoft.com/en-us/lifecycle/search/1143.

XenMobile Service 10.18.11

The latest version of XenMobile has these new features and improvements.

  • Prevent users from saving or deleting history on Chrome OS devices. By default, users of Google Chrome devices can save browsing history or delete browsing and download history. Additions to the Restrictions device policy for Chrome OS let you:
    • Prevent users from saving browsing history.
    • Prevent users from deleting their browsing and download history.

    Both of those settings require G Suite Chrome configuration. For more information, see Chrome OS settings.

  • Control Google Safe Browsing behavior on Chrome OS devices. By default, Google Safe Browsing warns users when they navigate to sites that are potentially dangerous. Additions to the Restrictions device policy for Chrome OS let you:
    • Enable users to proceed from the Safe Browsing warning page.
    • Ensure that Safe Browsing is always active and prevent users from changing or overriding the “Protect you and your device from dangerous sites” setting in Chrome.

    Both of those settings require G Suite Chrome configuration. For more information, see Chrome OS settings.

  • Deploy device policies to selected Chrome OS devices. The Manage > Devices page now includes a Deploy button for Chrome OS devices. The button works only if G Suite is configured and pushes only Chrome Device Management policies and not extension policies.

  • Specify the iOS version to use to update supervised iOS devices. The Control OS Updates policy now lets you specify which version number to use to update supervised iOS devices. You can choose the latest update or specify an OS version number. For more information, see iOS settings.

  • Search capability and more columns in VPP ID assignment table. You can search the columns in the VPP ID assignment table in the XenMobile console. The table now includes columns for the serial number of the device and the phone number of the device. Because there is a column for the serial number of the device, the serial number no longer appears in the Associate Device column.

  • Disable the camera on Android devices. By default, camera use is enabled on Android devices. To disable camera use, change the Camera setting to Off.

Fixed issues in XenMobile Service 10.18.11

XenMobile Console may operate slowly. [CXM-48059]

After a XenMobile node goes offline and a redeploy or reboot occurs: Some background jobs might not recover. [CXM-50802]

Some apps cannot be wrapped using the MDX Service. [CXM-51045]

After a user enrolls into Android for Work on a Samsung device by using a QR code, apps and policies aren’t deployed to the device. [CXM-52237]

XenMobile Service 10.18.9

The latest version of XenMobile has these new features and improvements.

Deploy custom configurations to Citrix workspace hub devices

XenMobile now supports pushing custom configurations to Citrix workspace hub devices. After manually configuring your first Citrix workspace hub device: You can then download the configuration file from the device and have XenMobile push that configuration to all other devices.

For more information, see Deploy custom configurations to Citrix workspace hub devices.

Change to the ENABLE_NETWORK_EXTENSION default setting for new deployments

Starting with new deployments of XenMobile Service 10.18.9, XenMobile disables the Network Extension client property (ENABLE_NETWORK_EXTENSION) and enables Shared Keychain for new deployments.

If you deploy only Citrix Apps, there is no benefit to enabling the Network Extension property. Enable the Network Extension property only if you deploy enterprise wrapped apps. Network Extension allows the sharing of security data between two app silos in iOS. When Network Extension is disabled, there might be extra flips to Secure Hub. Those flips can occur when apps synchronize components such as auth tokens, timers, and pin retries.

To enable Network Extension and enable the Apple Network Extension framework when Secure Hub installs: Go to Settings > Client Properties, add the custom key ENABLE_NETWORK_EXTENSION, and set the Value to 1.

The default value for new installations is 0. This change doesn’t impact upgrades.

Fixed issues in XenMobile Service 10.18.9

Some apps cannot be wrapped using the MDX Service. [CXM-51045]

Profile renewal fails with the following message: The Profile “MDM Configuration” could not be updated. The new Mobile Device Management Entity is not equal as the old one. [CXM-52119]

XenMobile Service 10.18.8

The latest version of XenMobile has these new features and improvements:

  • New software inventory keys shown for iOS and macOS apps. XenMobile console now includes the values of the following keys. Apple provides the keys for app store apps installed on devices running iOS and macOS.

    • AppStoreVendable: If true, the app came from the store and can participate in store features. Available in iOS 11.3 and later.
    • DeviceBasedVPP: If true, the app is distributed to the device without requiring an Apple ID. Available in iOS 11.3 and later.
    • BetaApp: If true, the app is part of the Apple beta program. Available in iOS 11.3 and later.
    • AdHocCodeSigned: If true, the app is ad hoc code signed. Available in iOS 11.3 and later.
    • HasUpdateAvailable: If true, the app has an update available. For iOS, this key is present for App Store apps. For macOS, this key is present for VPP apps. Available in iOS 11.3 and later and in macOS 10.13.4 and later.

    To view this information in the XenMobile console, go to Manage > Devices > Device details > Apps.

  • Skip data and privacy pane during setup for DEP devices running iOS

    XenMobile now lets you configure the Setup Assistant to prevent users from seeing the data and privacy pane during setup of DEP devices. Those devices must run iOS 11.3 and later.

    Select Privacy on the Skip setup list of the iOS Setup Assistant Options page when adding a DEP account to XenMobile.

    Image of iOS Setup Assistant Options page

  • Skip data and privacy pane and iCloud screens during setup for DEP devices running macOS

    XenMobile now lets you configure the Setup Assistant to prevent users from seeing the following during setup of DEP devices running macOS 10.13 and later:

    • Data and privacy pane
    • iCloud analytics screen
    • iCloud documents and desktop screen

    When adding a DEP account to XenMobile, go to the Skip setup list of the macOS Setup Assistant Options page and select these options:

    • Privacy
    • iCloud Analytics
    • iCloud Documents and Desktop

    Image of macOS Setup Assistant Options page

  • Skip proximity setup for wiped DEP devices running iOS

    XenMobile now prevents iOS devices from performing proximity setup. When setting up a new iOS device, users can normally use an already configured iOS device to set up their own. You can disallow proximity setup on devices that are XenMobile managed and have been wiped.

    When performing a Full Wipe on an iOS device, mark this check box: On the next reboot Proximity Setup is not allowed and the pane in Setup Assistant will be skipped. Available in iOS 11.3 and later.

    Image of Security Actions screen

Fixed issues

When you install an iOS enterprise app without an app version on a device, the iOS profile inventory doesn’t get updated in XenMobile. [CXM-50131]

After a XenMobile node goes offline and a redeploy or restart occurs: Some background jobs might not recover. [CXM-50428]

Some apps cannot be wrapped using the MDX Service. [CXM-51045]

Current known issues

Known issues in XenMobile Service 10.18.5

When a Chrome app is configured as a required app for Chrome OS devices: Users may need to log off and log back on to install the app. This third-party issue is Google bug ID #76022819. [CXM-48060]

Known issues in XenMobile Service 10.18.3

After you delete a Citrix Cloud administrator who has a device enrolled: XenMobile doesn’t update the User Role in the XenMobile console until after the administrator logs in again from Secure Hub or the Self Help Portal. [CXM-45730]

Known issues in XenMobile Service 10.7.6

For a Restrictions device policy for Samsung SAFE: The Browser, YouTube, and Google Play/Marketplace options have been removed. Use the Disable Applications option to enable or disable those features. [CXM-43043]

Known issues in XenMobile Service 10.7.4

If you configure XenMobile Service for single sign-in using Citrix Identity Platform with Azure Active Directory: When a XenMobile administrator or user gets redirected to the Azure Active Directory sign-in screen, the screen includes the message “Sign-in page for Citrix Secure Hub.” That message should be “Sign-in page for Citrix XenMobile console.” [CXM-42309]

Known issues in XenMobile Service 10.7.3

For devices running Windows 10 RS3 Version 1709 build 16299.19: XenMobile App Configuration device policies created by importing a Citrix Receiver ADMX file might fail when pushed to those devices. This third-party issue is Microsoft bug ID #14280113. [CXM-40521]