Extension of the existing article with further troubleshooting cases.
As a result of increasing projects, here is a little how-to with the summary of my previous articles. The main points are:
- Azure AD Seamless Single Sign-On (PTA / PHS)
- SAML Authentication (Azure AD as IdP & Citrix Gateway as SP)
- Citrix Federated Authentication Service (FAS)
- Microsoft Azure Multi-Factor-Authentication with Conditional Access
Continue reading “SAML Authentication between Citrix & Microsoft with Azure MFA”
- Fully working Citrix Virtual Apps and Desktop Environment (StoreFront & DDC Minimum Version 7.9)
- Citrix ADC with successful base configuration & activated Enterprise or Platinum license (Minimum Version 12.1 Build 50+ for native workspace app, for browser Minimum Version 11.1)
- Configured Unified Gateway vServer
- Internal and external DNS entries for Unified Gateway vServer (e.g. citrix.deyda.net)
- Certificates for DNS entries (wildcard certificates are the easiest)
- Existing Azure Tenant with Azure-AD base configuration (Domain, AAD Sync) & activated Azure AD Premium license
- AD Connect version installed and configured (Minimum Version 1.1.644.0)
- Firewall release for *.msappproxy.net on port 443
- Domain administrator credentials for the domains that connected to Azure AD via AD Connect
- Installed Authenticator App on Test User Mobile Phone
Update of the existing article to the latest requirements and features.
User Based Microsoft Teams
The standard installation that the user can perform, e.g. via the Microsoft365 Apps portal, is a user-based installation. In the Citrix environment, this is only recommended for desktop operating systems (pooled or personal desktop).
A User-Based Installation can be detected very quickly in the User Profile, because data are then located under AppData\Local\Microsoft\Teams.
This type of installation in a worker with server operating system has many cons:
Continue reading “Install Teams & OneDrive in Citrix (Machine-Based)”
- No control over the installed version
- Several different versions possible installed on the same worker
- Complete data (~1 GB) are in the user profile
What is Hybrid Azure AD Join ?
Let’s just start with the official definition from the Microsoft documentation:
Hybrid Azure AD Join: Joined to on-premises AD and Azure AD requiring organizational account to sign in to the device.
This means that after the device is Hybrid Azure AD joined, it behaves the same as any other computer connected to Active Directory.
Sign in with an Active Directory account is required.
User credentials are verified against an Active Directory domain controller.
Group Policy objects for users & computers read from the domain controller are applied automatically.
After the Active Directory connection process is complete, additional steps are performed asynchronously in the background to register the device in Azure AD as well.
Continue reading “Why a Windows Server 2019 VDI should be Hybrid Azure AD joined”
With the latest version of Windows 10 (version 2004) it is finally possible to use MSIX App Attach in Citrix without any special adaptation.
MSIX App Attach allows you to store applications for virtual environments outside a virtual machine in a VHD/X file. Such an application can thus be integrated into the user session if required.
What is MSIX App Attach ?
MSIX App Attach is based on the concept where the application is stored in MSIX format in a central location and integrated into the operating system. After embedding, applications look like locally installed applications to both the user and the operating system. When combining FSLogix Profile Containers and MSIX App Attach, the Golden Master Image’s operating system remains completely clean and data, profiles and applications are completely separated.
Continue reading “MSIX App Attach with Windows 10 Version 2004 in Citrix Environments”
What is App Masking and what do we need it for?
App Masking minimize the number of Golden Images required, by allowing all applications to be installed in a single Golden Image. The mapping and separation of applications (as well as printers, fonts, office add-ins, Internet Explorer plug-ins, etc.) is done without packaging, sequencing, backend infrastructure or virtualization.
This is achieved by granular access control of the installed applications through App Masking Rules. These rules can be used to completely hide the application in an user runtime, so that it no longer appears in the file system, registry or under programs and features.
Because no additional ressources are required by the system when using the rules, applications run at their native speed.
Continue reading “FSLogix App Masking in Citrix Environments”