ADMX Ingestion for Citrix Receiver/Workspace policies Hi guys, Im trying to achieve a simple thing, prepopulate the Server URL of Citrix Workspace application on a Windows 10 Intune client (AAD Joined).Now, since the group policy for this does not exist in Intune Administrative Templates I'm trying to inject it via ADMX Ingestion in Intune. Endpoint Management integration with Microsoft Endpoint Manager (MEM) adds the value of Endpoint Management micro VPN to Microsoft Intune aware apps, such as Microsoft Managed Browser. To activate the integration, contact the Citrix Cloud Operations team. This release supports the following use cases: Intune MAM with Endpoint Management MDM+MAM. Use the XML to create a custom Windows 10 Device Configuration policy in Intune and deploy it. Identifying a List of Apps. I used the following parameters to identify a list of apps. Add rules for default OS apps. Add rules for apps being managed by Intune. Add rules for a specific list of apps that are being used across the organization (if.
-->Citrix provides sample scripts that can be downloaded from one of the Workspace app or Receiver download pages (Workspace app version 2103.1 (Current Release), or Workspace app version 1912 CU3 (aka ) (LTSR), Receiver version 4.9.9002 (LTSR) by expanding Downloads for Admins (Deployment Tools). One of the most frequently asked questions from customers is whether it is possible to publish Win32 applications with Microsoft Intune. The answer is Yes. It is possible to deploy Windows 10 Store Apps, MSI files and even.EXE files. Although.EXE files cannot be published directly. You need to “wrap” the.EXE file (and other required source files if applicable) to an.INTUNEWIN file.
Microsoft Intune can add compliance state data to Azure Active Directory (Azure AD) for the devices you manage with one or more third-party device compliance partners. With this configuration, compliance data from those devices can be used with your conditional access policies.
By default, Intune is set up to be the Mobile Device Management (MDM) authority for your devices. When you add a compliance partner to Azure AD and Intune, you're configuring that partner to be a source of Mobile Device Management (MDM) authority for the devices you assign to that partner through an Azure AD user group.
To enable use data from device compliance partners, complete the following tasks:
Configure Intune to work with the device compliance partner, and then configure groups of users whose devices are managed by that compliance partner.
Configure your compliance partner to send data to Intune.
Enroll your iOS or Android devices to that device compliance partner.
With these tasks complete, the device compliance partner sends device state details to Intune. Intune then adds this information to Azure AD. For example, devices with a state of non-compliant have that status added to their device record in Azure AD.
The compliance state is then evaluated by conditional access policies, the same as compliance state data for devices managed by Intune. By default, Intune is a registered compliance partner for iOS and Android. When you add additional partners, you can set the priority order to ensure the correct partner manages device to fit your business needs.
Supported device compliance partners
The following compliance partners are supported as generally available:
- Citrix Workspace device compliance
- IBM MaaS360
- JAMF Pro
- MobileIron Device Compliance On-prem
- VMware Workspace ONE UEM (formerly AirWatch)
Prerequisites
A subscription to Microsoft Intune, and access to the Microsoft Endpoint Manager admin center.
A subscription to the device compliance partner.
Review documentation for your compliance partner for supported device platforms and additional prerequisites.
Configure Intune to work with a device compliance partner
Enable support for a device compliance partner to use compliance state data from that partner with your conditional access policies.
Add a compliance partner to Intune
Sign in to Microsoft Endpoint Manager admin center.
Go to Tenant Administration > Connectors and Tokens > Partner Compliance management > Add Compliance Partner.
On the Basics page, expand the Compliance partner drop-down and select the partner you're adding.
- To use VMware Workspace ONE as the compliance partner for iOS or Android platforms, select VMware Workspace ONE mobile compliance.
Next, select the drop-down for Platform, and select the platform. macOS isn't supported.
You're limited to a single partner per platform, even if you have added multiple compliance partners to Azure AD.
On Assignments, select the user groups that will have devices managed by this partner. With this assignment, you'll change the MDM authority for applicable devices to use this partner. Users who have devices managed by the partner must also be assigned a license for Intune.
On the Review + create page, review your selections, and then select Create to complete this configuration.
Your configuration now appears on the Partner compliance management page.
Modify the configuration for a compliance partner
Sign in to Microsoft Endpoint Manager admin center.
Go to Tenant Administration > Connectors and Tokens > Partner Compliance management, and then select the partner configuration you want to modify. Configurations are ordered by platform type.
On the partner configuration Overview page, select Properties to open the Properties page where you can edit the assignments.
On the Properties page, select Edit to open the Assignments view where you can change the groups that will use this configuration.
Andy for mac. Select Review + save and then Save to save your edits.
This step only applies when you use VMware Workspace ONE:
From within the Workspace ONE UEM console, you must manually synchronize the changes you saved in the Microsoft Endpoint Manager admin center. Until you manually sync changes, Workspace ONE UEM isn’t aware of configuration changes, and users in new groups you’ve assigned won’t successfully report compliance.
To manually sync from Azure Services:
Sign in to your VMware Workspace ONE UEM console.
Go to Settings > System > Enterprise Integration > Directory Services.
For Sync Azure Services, select SYNC.
All the changes you’ve made since the initial configuration or the last manual synchronization are synchronized from Azure Services to UEM.
Configure your compliance partner to work with Intune
To enable a device compliance partner to work with Intune, you must complete configurations specific to that partner. For information on this task, see the documentation for the applicable partner:
Citrix Workspace Intune Deployment
Enroll your iOS or Android devices to that device compliance partner
Refer to device compliance partners documentation for how to enroll devices with that partner. After devices enroll and submit compliance data to the partner, that compliance data is forwarded to Intune and added to Azure AD.
Monitor devices managed by third-party device compliance partners
After you configure third-party device compliance partners and enroll devices with them, the partner will forward compliance details to Intune. After Intune receives that data, you can view details about the devices in the Azure portal.
Sign in to the Azure portal and go to Azure AD > Devices > All devices.
Next steps
Intune Citrix Workspace Login
Use the documentation from your third-party partner to create compliance policies for devices.