Citrix DaaS

Microsoft Intune

This article describes the requirements to create Microsoft Intune enabled catalogs using Citrix DaaS in addition to the requirements outlined in the Citrix DaaS system requirements section.

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organization’s devices are used, including mobile phones, tablets, and laptops. For more information, see Microsoft Intune. The devices must meet the minimum system requirements. For more information, see the Microsoft documentation Supported operating systems and browsers in Intune.

Important:

Before enabling this feature, verify that your Azure environment meets the licensing requirements to use Microsoft Intune. For more information, see the Microsoft documentation: https://docs.microsoft.com/en-us/mem/intune/fundamentals/licenses. Do not enable the feature if you do not have the appropriate Intune license.

You can create:

Requirements for Azure AD joined catalogs enrolled in Microsoft Intune

  • Control plane: Citrix DaaS
  • VDA type: Single-session and multi-session OS VDA
  • VDA version

    Type of catalog VDA version
    Azure AD joined catalogs enrolled in Microsoft Intune for persistent, single and multi-session VMs 2203 and later
    Azure AD joined catalogs enrolled in Microsoft Intune for non-persistent, single-session and multi-session VMs 2407 and later
  • Provisioning type: Machine Creation Services (MCS) persistent and non-persistent machine catalogs using the Machine Profile workflow only

Limitations for Azure AD joined catalogs enrolled in Microsoft Intune

  • Do not skip image preparation while creating or updating machine catalogs.

Considerations for Azure AD joined catalogs enrolled in Microsoft Intune

  • Create a device profile that disables Windows Hello for Business.
  • Use VDA version 2212 or later if Microsoft Intune must manage a master VM.
  • Configure Microsoft Intune to delete the stale devices. This ensures that your device records stay current. For information on deleting the stale devices, see Automatically delete devices with cleanup rules.

Hybrid Azure AD joined catalogs enrolled in Microsoft Intune

Hybrid Azure AD joined catalogs, persistent single and multi-session VMs, enrolled in Microsoft Intune use the device credentials with co-management capability.

Co-management enables you to concurrently manage Windows 10 or later devices by using both Configuration Manager and Microsoft Intune. For more information, see Co-management.

Prerequisites for Hybrid Azure AD joined catalogs enrolled in Microsoft Intune

Before enabling this feature, verify that:

  • Your Azure environment meets the licensing requirements to use Microsoft Intune. For more information, see the Microsoft documentation.
  • You have a valid Configuration Manager deployment with co-management enabled. For more information, see the Microsoft documentation.

Requirements for Hybrid Azure AD joined catalogs enrolled in Microsoft Intune

  • Control plane: Citrix DaaS
  • VDA type: Single-session or multi-session
  • VDA version: 2407 or later
  • Provisioning type: Machine Creation Service (MCS), Persistent
  • Assignment type: Dedicated and pooled
  • Hosting platform: Any hypervisor or cloud service

Limitations for Hybrid Azure AD joined catalogs enrolled in Microsoft Intune

  • Do not skip image preparation while creating or updating machine catalogs.
  • Internet-based client management (IBCM) of Configuration Manager is not supported.

Considerations for Hybrid Azure AD joined catalogs enrolled in Microsoft Intune

  • Intune enrollment might be delayed if too many machines in the catalog are powered on simultaneously.

    Microsoft imposes a per-tenant Intune enrollment restriction that limits the number of devices that can be enrolled within a specific time frame. The allowable number of devices varies depending on the number of Microsoft Intune licenses associated with the tenant. Consult your Microsoft account team to find out the allowable limit for your tenant. This approach helps Microsoft Intune enrollment scale better for large environments.

    For persistent machines, there might be an initial wait time required for all devices to complete Intune enrollment.

  • Configure Cloud Attach of Configuration Manager. For more information, see the Microsoft documentation.
  • Manually install Configuration Manager client on the master VM without assigning the site code. For more information, see the Microsoft documentation.
  • MCS created machines use the automatic site assignment mechanism to find site boundary groups that are published to Active Directory Domain Services. Ensure that the boundaries and boundary groups of Configuration Manager are configured in your environment. If automatic site assignment is not available, a static Configuration Manager site code can be configured in the master VM through the following registry setting:

    Key:

     HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MachineIdentityServiceAgent\DeviceManagement
     <!--NeedCopy-->
    

    Value name: MdmSccmSiteCode

    Value type: String

    Value data: the site code to be assigned

Where to go next