Citrix extends the Single Sign-on feature for streamed applications. When Single Sign-on is installed locally, it recognizes streamed applications, even when launched in isolation environments, and manages logons as expected.
For Microsoft Internet Explorer, however, the Single Sign-on feature must install a file called BHO.dll. To allow this, when creating your application profile for Internet Explorer plug-ins, select the option to Enable User Updates (formerly called Relaxed security), which is deselected by default.
By enabling user updates for Internet Explorer, the application can download vendor-supplied updates over the Internet. These updates are stored within the user profile and are unique to that user. The next time the user device connects to the profiled Internet Explorer on a server or file share, the streamed application does not overwrite the updates, and Internet Explorer runs using the updates. Also with this setting, installers can run inside isolation, where they are able to install new add-ons or software updates to Internet Explorer. Local add-ons are compatible with Internet Explorer if you profile it with the default isolation rule of Isolate. Local add-ons might not install correctly if you change the isolation rule for the Internet Explorer profile to Strictly Isolate.