Enhance Device Compliance with Citrix Workspace and Microsoft Intune Partners

Microsoft Intune empowers organizations to manage and secure their digital environment, and integrating with third-party device compliance partners significantly extends its capabilities. Among these valuable partners, Citrix Workspace stands out, offering robust solutions to bolster your security posture. This article delves into how leveraging Partners Citrix Workspace within Intune can revolutionize your device compliance strategy, exceeding the basic functionalities and providing a more comprehensive and secure workspace for your users.

Understanding the Power of Third-Party Compliance Partners in Intune

Intune, by default, acts as a Mobile Device Management (MDM) authority. However, to gain a more holistic view of device compliance, especially across diverse platforms and intricate security requirements, integrating with specialized partners is crucial. These partners, like Citrix Workspace, bring their expertise and granular data insights into the Intune ecosystem.

When you onboard a third-party device compliance partner, you essentially designate them as an additional source of MDM authority for a defined set of users and their devices. This integration enriches Microsoft Entra ID with compliance state data collected by the partner, complementing Intune’s native compliance assessments. This synergistic approach allows for more informed and dynamic Conditional Access policies, strengthening your organization’s defenses against potential threats.

Citrix Workspace, along with other reputable partners such as 42Gears SureMDM, BlackBerry UEM, Jamf Pro, and VMware Workspace ONE UEM, supports various platforms including:

• Android
• iOS/iPadOS
• macOS

By strategically incorporating partners Citrix Workspace, you can tap into specialized compliance checks and data points that might go beyond Intune’s standard scope. This is particularly beneficial for organizations already invested in the Citrix ecosystem and seeking to unify their security and management strategies.

Setting Up Citrix Workspace as Your Compliance Partner

To harness the power of partners Citrix Workspace for device compliance within Intune, a structured configuration process is essential. This involves three key steps:

1. Intune Configuration for Citrix Workspace Integration: You need to configure Intune to recognize Citrix Workspace as a compliance partner and specify the user groups whose devices will be managed for compliance by Citrix.
2. Citrix Workspace Data Transmission to Intune: Establish the connection and data flow from Citrix Workspace to Intune, ensuring seamless reporting of compliance status.
3. Device Enrollment with Citrix Workspace: Guide users to enroll their devices with Citrix Workspace. This step enables Citrix Workspace to monitor and assess device compliance, subsequently feeding data back to Intune.

Once these steps are completed, Citrix Workspace begins sending device state information to Intune, which then updates the device records in Microsoft Entra ID. For instance, if Citrix Workspace detects a device as non-compliant based on its policies, this status is reflected in the device’s Entra ID profile, enabling Intune’s Conditional Access policies to take appropriate actions.

Supported Compliance Partners: Citrix Workspace and Beyond

Microsoft Intune supports a growing list of generally available device compliance partners, offering flexibility and choice to organizations. Citrix Workspace is a prominent option in this ecosystem, alongside:

• 42Gears SureMDM
• 7P
• Addigy
• BlackBerry UEM
• Clomo MDM
• IBM MaaS360
• Jamf Pro
• Kandji
• MobileIron Device Compliance Cloud
• MobileIron Device Compliance On-prem
• Mosyle Fuse
• Mosyle Onek12
• SOTI MobiControl
• VMware Workspace ONE UEM (formerly AirWatch)

Adding a compliance partner within the Microsoft Intune admin center, illustrating the initial steps of integration.

For organizations considering expanding their compliance partner network, Microsoft provides a pathway for MDM product vendors to onboard as Intune device compliance partners through a dedicated Intune partner compliance onboarding form.

Prerequisites for Integrating Partners Like Citrix Workspace

Before you begin integrating partners Citrix Workspace or any other third-party compliance solution with Intune, ensure the following prerequisites are met:

• Microsoft Intune Subscription: Your organization must have an active subscription to Microsoft Intune and access to the Microsoft Intune admin center.
• Intune Licenses for Device Users: Users whose devices are managed by Citrix Workspace or another compliance partner must be assigned appropriate Intune licenses.
• Citrix Workspace Subscription: A valid subscription to Citrix Workspace is necessary to utilize their compliance features.
• Partner-Specific Requirements: Review the documentation provided by Citrix Workspace to understand their specific prerequisites, supported device platforms, and any necessary configurations on their end.

Step-by-Step Configuration: Adding Citrix Workspace in Intune

Enabling support for partners Citrix Workspace within Intune involves a straightforward process within the Microsoft Intune admin center:

Adding Citrix Workspace as a Compliance Partner

1. Access the Intune Admin Center: Sign in to the Microsoft Intune admin center using your administrative credentials.
2. Navigate to Partner Compliance Management: Go to Tenant Administration > Connectors and Tokens > Partner Compliance management > Add Compliance Partner.
3. Select Citrix Workspace: On the Basics page, expand the Compliance partner dropdown menu. Choose Citrix Workspace device compliance from the list of available partners.
4. Choose the Platform: Select the Platform dropdown and specify the device platform you intend to manage with Citrix Workspace (e.g., Android, iOS/iPadOS, macOS). Remember, Intune allows only one compliance partner per platform.
5. Assign User Groups: In the Assignments page, select the Microsoft Entra user groups that encompass devices managed by Citrix Workspace. This assignment effectively designates Citrix Workspace as the MDM authority for these devices. Ensure users in these groups have Intune licenses assigned.
6. Review and Create: On the Review + create page, carefully review your selections. Once verified, click Create to finalize the configuration.

Step-by-step process of adding a device compliance partner in Intune, highlighting the selection of Citrix Workspace.

Your newly configured Citrix Workspace integration will now be visible on the Partner compliance management page, ready to enhance your device compliance strategy.

Modifying Citrix Workspace Configuration

Should you need to adjust the configuration for partners Citrix Workspace after initial setup, Intune provides easy modification options:

1. Return to Partner Compliance Management: Sign in to the Microsoft Intune admin center and navigate to Tenant Administration > Connectors and Tokens > Partner Compliance management.
2. Select Citrix Workspace Configuration: Locate and select the Citrix Workspace configuration you wish to modify. Configurations are organized by platform type for easy identification.
3. Edit Properties: On the Citrix Workspace configuration Overview page, click Properties to access the configuration settings.
4. Adjust Assignments: Within the Properties page, select Edit to open the Assignments view. Here, you can modify the user groups associated with this Citrix Workspace configuration.
5. Save Changes: After making the necessary adjustments to user group assignments, click Review + save, and then Save to apply your changes.

Configuring Citrix Workspace to Integrate with Intune

To complete the integration of partners Citrix Workspace with Intune, specific configurations within the Citrix Workspace environment are required. Refer to the official Citrix Workspace documentation for detailed, step-by-step instructions on how to establish this connection and enable data sharing with Intune. This configuration is crucial for Citrix Workspace to effectively communicate compliance data to the Intune platform.

Enrolling Devices with Citrix Workspace

The final step in leveraging partners Citrix Workspace for device compliance is enrolling devices with the Citrix Workspace service. Consult the Citrix Workspace documentation for guidance on device enrollment procedures. Once devices are successfully enrolled and begin transmitting compliance data to Citrix Workspace, this information will be automatically forwarded to Intune and reflected in Microsoft Entra ID, completing the integration cycle.

Monitoring Devices Managed by Citrix Workspace

After successfully configuring partners Citrix Workspace and enrolling devices, you can monitor the compliance status of these devices directly within the Azure portal. Citrix Workspace will seamlessly forward compliance details to Intune, providing a centralized view of device health.

To monitor devices:

1. Access Azure Portal: Sign in to the Azure portal.
2. Navigate to Devices: Go to Microsoft Entra ID > Devices > All devices.

Within the All devices section, you can view the compliance status reported by Citrix Workspace alongside Intune’s own assessments, providing a comprehensive overview of your device estate’s security posture.

Next Steps: Enhancing Compliance Policies with Partner Data

With partners Citrix Workspace integrated into your Intune environment, the next logical step is to leverage the enriched compliance data to create more sophisticated and effective compliance policies. Refer to the documentation provided by Citrix Workspace to understand the specific compliance data points they offer and how you can incorporate these into your Intune Conditional Access policies. This integration empowers you to create granular, risk-based access controls, ensuring a more secure and productive environment for your users.