-
Endpoint Management integration with Microsoft Endpoint Manager
-
Certificates and authentication
-
Client certificate or certificate plus domain authentication
-
Authentication with Azure Active Directory through Citrix Cloud
-
Authentication with Azure Active Directory through Citrix Gateway for MAM enrollment
-
Authentication with Okta through Citrix Gateway for MAM enrollment
-
Authentication with an on-premises Citrix Gateway through Citrix Cloud
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Management modes
Management modes is a term that includes Mobile Device Management (MDM) and Mobile App Management (MAM). You can configure:
- Enrollment profiles to enroll Android and iOS devices into MDM, MAM, or both (MDM+MAM). If you choose MDM+MAM, you can give users the ability to opt out of MDM.
- Enrollment profiles to enroll Windows 10 and Windows 11 devices into MDM.
You specify enrollment options in enrollment profiles, which you attach to delivery groups. For information about enrollment options, see Enrollment profiles. The following sections focus on considerations for managing devices and apps.
Mobile Device Management (MDM)
Using MDM, you can configure, secure, and support mobile devices. MDM enables you to protect devices and data on devices at a system level. You can configure policies, actions, and security functions. For example, you can wipe a device selectively if the device is lost, stolen, or out of compliance.
Even if you don’t choose to manage apps on devices, you can deliver mobile apps, such as public app store and enterprise apps.
The following are common use cases for MDM:
- MDM is a consideration for corporate-owned devices where device-level management policies or certain restrictions are required. Those restrictions include full wipe, selective wipe, or geo-location.
- When customers require management of an actual device, but do not require MDX policies.
- When users only need email delivered to their native email clients on their mobile devices, and Exchange ActiveSync or Client Access Server is already externally accessible. In this use case, you can use MDM to configure email delivery.
- When you deploy native enterprise apps (non-MDX), public app store apps, or MDX apps delivered from public stores. Consider that an MDM solution alone might not prevent data leakage of confidential information between apps on the device. Data leakage might occur with copy and paste or Save As operations in Office 365 apps.
Mobile app management (MAM)
MAM protects app data and lets you control app data sharing. MAM also allows for the management of corporate data and resources, separately from personal data. With Citrix Endpoint Management configured for MAM, you can use MDX-enabled mobile apps to provide per-app containerization and control.
By using MDX policies, Citrix Endpoint Management provides app-level control over network access (such as micro VPN), app and device interaction, and app access.
MAM is often suitable for bring-your-own (BYO) devices because although the device is unmanaged, corporate data is protected. MDX has many MAM-only policies that don’t require an MDM control.
MAM also supports the Citrix mobile productivity apps. This support includes:
- Secure email delivery to Citrix Secure Mail
- Data sharing between the secured Citrix mobile productivity apps
- Secure data storage in Citrix Files.
For details, see Mobile productivity apps.
MAM is often suitable for the following examples:
- You deliver mobile apps, such as MDX apps, managed at the app level.
- You are not required to manage devices at a system level.
MDM+MAM
Citrix Endpoint Management lets you specify whether users can opt out of device management. This flexibility is useful for environments that include a mix of use cases. These environments might require management of a device through MDM policies to access your MAM resources.
MDM+MAM is suitable for the following examples:
- You have a single use case in which both MDM and MAM are required. MDM is required to access your MAM resources.
- Some use cases require MDM while some do not.
- Some use cases require MAM while some do not.
Device Management and MDM Enrollment
An Citrix Endpoint Management Enterprise environment can include a mixture of use cases, some of which require device management through MDM policies to allow access to MAM resources.
Before deploying Citrix mobile productivity apps to users, fully assess your use cases and decide whether to require MDM enrollment. If you later decide to change the requirement for MDM enrollment, users might need to re-enroll their devices. For more information, see Enrollment profiles.
For information about enrollment and NetScaler Gateway, see Integrating with NetScaler Gateway and Citrix ADC.
The following is a summary of the advantages and disadvantages (along with mitigations) of requiring MDM enrollment.
When MDM enrollment is optional
Advantages
- Users can access MAM resources without putting their devices under MDM management. This option can increase user adoption.
- Ability to secure access to MAM resources to protect enterprise data.
- MDX policies such as App Passcode can control app access for each MDX app.
- Configuring NetScaler Gateway, Citrix Endpoint Management, and per-application time-outs, along with Citrix PIN, provide an extra layer of protection.
- While MDM actions do not apply to the device, some MDX policies are available to deny MAM access. The denial is based on system settings such as jailbroken, or rooted devices.
- Users can choose whether to enroll their device with MDM during first-time use.
Disadvantages
- MAM resources are available to devices not enrolled in MDM.
- MDM policies and actions are available only to MDM-enrolled devices.
Mitigation options
- Have users agree to a company terms and conditions that hold them responsible if they choose to go out of compliance. Have administrators monitor unmanaged devices.
- Manage application access and security by using application timers. Reduced time-out values increase security, but can affect the user experience.
When MDM enrollment is required
Advantages
- Ability to restrict access to MAM resources only to MDM-managed devices.
- MDM policies and actions can apply to all devices in the environment as you wanted.
- Users are not able to opt out of enrolling their device.
Disadvantages
- Requires all users to enroll with MDM.
- Might reduce adoption for users who object to corporate management of their personal devices.
Mitigation options
- Educate users about what Citrix Endpoint Management actually manages on their devices and what information administrators can access.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.