Scenario 3

This scenario covers how to enable App Protection based on Device Posture results.

  1. Configure Device Posture service:

    1. Sign in to Citrix Cloud.

    2. Navigate to Identity and Access Management > Device Posture and click Manage.

      Device Posture

    3. Click Create device policy.

      Create devicy policy page appears.

    4. Under Policy rules, click the Select Rule drop-down menu and select Citrix Workspace app Version.

    5. Click the Select a rule drop-down menu and select Greater or equal to >=.

    6. Enter the Citrix Workspace app version that you want to set as the condition. In this example, it is 23.7.0.19.

    7. Under Policy result, select Compliant.

    8. In the Name field, enter a name for the policy.

    9. In the Priority field, enter the priority of the policy.

    10. Select the Enable when created checkbox to enable the policy since you created it.

    11. Click Create.

  2. Configure the Broker Access policy rules:

    1. Install the Citrix PowerShell SDK and connect to the cloud API as explained in the Citrix blog Getting started with PowerShell automation for Citrix Cloud.

    2. Run the command Get-BrokerAccessPolicyRule.

      A list of all the broker access policies for all the delivery groups which are present is displayed.

    3. Find the DesktopGroupUid for the delivery group that you want to change.

      Desktop Group UID

    4. Get the policies that are applied only to a particular delivery group using the command:

      Get-BrokerAccessPolicyRule -DesktopGroupUid 7

    5. To apply App Protection to the compliant devices, run the following command:

      Set-BrokerAccessPolicyRule "Contextual App Protection Delivery Group_AG" -IncludedSmartAccessFilterEnabled $true -IncludedSmartAccessFilterEnabled Workspace:COMPLIANT

    6. To apply App Protection to the non-compliant devices, run the following command:

      New-BrokerAccessPolicyRule "Contextual App Protection Delivery Group_AG_NonCompliant"-DesktopGroupUid 7 -AllowedConnections ViaAG -AllowedProtocols HDX, RDP -Enabled $true -AllowRestart $true -ExcludedSmartAccessFilterEnabled $true -ExcludedSmartAccessTags Workspace:COMPLIANT-IncludedSmartAccessFilterEnabled $true

  3. Verification:

    Sign out of Citrix Workspace app. Sign in from a Citrix Workspace app version that is compliant with the device policy. You see that the App Protection policies are not applied. Again, sign out from the Citrix Workspace app and sign in from a Citrix Workspace app version that is not complaint with the device policy. You see that the App Protection policies are applied.

Scenario 3

In this article