Microsoft has recently released the new Microsoft Edge browser which is built on top of Chromium. This is a very strong proposition for the enterprise market. With all the benefits of the open source Chromium engine and the good bits of Microsoft enterprise security and manageability. However because this browser is quite fresh, it does present a few challenges when it comes to integrating it with existing products such as Citrix Storefront and Citrix Workspace. I am currently in the process of deploying new laptops, one of the key features we will use is our existing Citrix XenDesktop environment.
As of currently I find these settings to be providing the best end user experience, as it provides the users with the following experience:
- No hassle of installing or updating the Citrix Workspace app, I have configured this through the Microsoft Store.
- no struggles with receiver detection;
- no need to manually allow downloading of .ICA files;
- no user interruptions from login to desktop.
This might be contrary to modern management with which you give your end users more and more freedom of choice. But I do feel that some things just need to be taken care of for your end users.
Citrix Workspace deployment
Before we go on with the next steps we need to make sure that we have the Citrix Workspace application installed on our device. We use Microsoft Endpoint Manager (MEM) to manage our laptops. With Endpoint Manager you can easily deploy apps that are available in the Microsoft Store.
I used the same method to deploy the Citrix Workspace app. I did this using the following steps:
- Go to Apps > Windows click on the Add button and choose Microsoft store app as the application type and click on Select.
- Enter the application details, such as the Name, Description, Publisher.:
- The application URL can be determined by visiting the Microsoft store, and searching for the Citrix Workspace application.
- If all went well you can click on Next.
- In the next window you can select your preferred assignments. Assign the application to a group, or whatever your prefer and click on Next.
- You can now click on Create to create your application deployment.
After a while you should end up with a Citrix Workspace application installed on your machine. There are off course numerous other ways to get the Citrix Workspace application installed on a managed device. But this method provided is a modern and commonly used method.
Citrix Receiver/ Workspace detection
Citrix Receiver or Workspace detection is quite troublesome when it comes the new Microsoft Edge browser. As of now I could not find any information on how to make this detection work. From the past I can remember that is quite troublesome anyway. Because we already provided our end users with a Citrix Workspace app using the previously described Citrix Workspace deployment through the Windows Store. We can skip the receiver detection all together. Citrix has this process documented and it requires modification of the StoreFront web.config file.
For your convenience I have included the required steps below:
- Find the web.config file on your StoreFront server. This is typically located in the C:\inetpub\wwwroot\Citrix\<storename>Web\ directory. Replace <storename> with the name of your StoreFront store.
- With the file open, search for the phrase protocolHandler.
- Look for the entry with protocolHandler inside, in my case it was formatted as follows:
- Now go ahead make the change, and change <protocolHandler enabled=”true” to <protocolHandler enabled= “false”
- Save the web.config file and restart iis using iisreset (from an elevated command prompt.
- Note: if you have multiple StoreFront servers make sure that you apply the configuration change on each of your StoreFront servers.
Now if you revisit the StoreFront webpage, you should automatically be taken to the desktop list. Now you can open the preferred desktop without getting bothered by the Citrix Receiver detection.
Desktop not opened automatically
So there we go, Citrix Workspace/ Receiver detection is working. But wait, lets open a desktop. Dang, another user interruption:
The .ICA desktop file is not automatically opened due to the security features of the Microsoft Edge browser. This prevents automatic opening of downloaded files, which is essentially what is happening when you click on a desktop to launch. Fair enough, you need this kind of security nowadays. Luckily we can overcome this by setting specific Edge policies.
We need to set two edge policies in order to allow downloads of ICA files. If you have not done so already, you can create a device configuration profile in Microsoft Endpoint Manager in order to manage Microsoft Edge. You can also use traditional GPO’s, the policy names should be the same. I will guide you through the Endpoint Manager method in this article.
- In Microsoft Endpoint Manager, go to Devices and click on Configuration profiles
- Click on Create profile and choose Windows 10 and later as a platform and Administrative Templates as a profile. Click on Create
- Give the profile a sensible name, and click on Next.
- The first policy that we need to configure is: List of file types that should be automatically opened on download so search for that in the configuration settings. The setting type can be either device or user as a setting type. Configure ica as a file type:
5. Next up we want to make sure that our configuration is still secure. You don’t want to be wildly allowing ICA files to be opened from anywhere. So we need to set the additional setting URLs where AutoOpenFileTypes can apply. Set this to your StoreFront location:
6. Now we can finish up the wizard. Make sure you set the assignment to a group that you require.
You should now wait a while in order to allow Endpoint Manager to apply the configuration profile. But this should get rid of the extra download step from a user perspective.
Citrix Workspace Add Account pop-up
Once the desktop is launched, you will also notice the Citrix Workspace Add account pop-up.
This is not directly related to Edge, but I tried to make this article as complete as possible. You can disable this pop-up manually by selecting the checkbox Do not show this window automatically at logon.
One other option is to distribute the following registry key to your clients:
Deployment of registry keys is somewhat limited using Microsoft Endpoint Manager. But current ways of doing this are:
- Using PowerShell scripts
- using custom MSI’s or other ways of installing the registry key.
I will walk you through the PowerShell method. For convenience I have included the PowerShell script as well. Here are the steps that you should take:
- From the Microsoft Endpoint Manager console, go to devices and then go to scripts. Click on Add to add a new script. Choose Windows 10.
- First you need the script saved in a .ps1 file, the script that I used is the following:
New-Item -Path HKLM:\Software\Policies\Citrix
New-ItemProperty -Path HKLM:\Software\Policies\Citrix -Name EnableFTU -PropertyType DWORD -Value 0
This script is really simple, it first created the Citrix path, followed by a DWORD registry entry.
- Next up in the MEM console, give the script a name. And click Next.
- Select the script and leave all other toggles to its default value (we want to run the script under the SYSTEM context and not the user context)
- Select Next, assign the script to a group and finish up the script.
Now give MEM some time to distribute and execute the script.
Conclusion and wrap-up
This concludes this guide of using Citrix Workspace and Microsoft Edge together. The Edge browser is great and should be a great competitor in the browser space for the coming years. But is still very fresh, which does present some challenges currently. There is not a lot of information out there yet.
I hope this article helped you to overcome some of the challenges you will face with Citrix in conjunction with Microsoft Edge. If you have any other suggestions for Citrix and Microsoft Edge (Chromium) feel free to add them in the comments down below and I will make sure I will update the article accordingly.
You have probably been using Home Assistant for quite a while, but lately you have wondered how to enable remote access to your Home Assistant installation. This is a very common question and one way...
As you might know, Google has shut down the Works with Nest program since the 31st of August 2019. Since then there was no official way to integrate Nest products with Home Assistant. Lets not talk...