Deliver Citrix Virtual Apps and Desktops and Office 365 applications secure by using Conditional Access in Workspace 365
In a previous article, I wrote about integrating Citrix XenApp (Virtual Apps and Desktops) and Office 365 within Workspace 365 to create one unified workspace. This is important to many companies, as they still need their published remote desktop applications and file server while they move to a modern workspace which integrates cloud technologies. After setting up the workspace, people can start all their business and Cloud SaaS apps wherever they are – on-premises or in the Cloud – from one web portal, without the need to switch between the different platforms or having to remember multiple passwords. Next, to this, they can also access their documents in both Office 365 and their file server, on any device.
Today I would like to share one of the new functionalities of Workspace 365, which is available in all their plans: conditional access. With conditional access, you are able to easily configure an application (either web or a remote desktop application like Citrix or Clientless RDP) to be accessible on a specific device, browser or in an IP-range. By doing this, you can prevent users from accidentally opening applications containing sensitive data through the workspace from outside the office, or you can help them by disabling applications if they use a browser which doesn’t support the application.
In this article, I’ll walk you through setting up conditional access within the Workspace 365 solution to secure the access to your Citrix Workspace/XenApp-, Remote desktop-, web- and Office 365 applications, within any HTML5 web browser with a Single Sign-On experience.
Register your Workspace 365 environment
As a Workspace 365 IT-partner, you’re able to either host Workspace 365 yourself, in a data center of your choice, or you can use their cloud platform. Registering a workspace is easy using the link they provide and there’s a set-up wizard that creates a digital workspace out-of-the-box.
During the set-up, it takes you through integrating SharePoint for your documents, setting up Exchange for the e-mail, contacts, and calendar, setting up Yammer as a social feed and it enables you to create your first RSS-feeds, which can include external news or news from your organization using the SharePoint RSS-feeds. With everything configured you can create a workspace like the one below within 20 minutes, depending on your underlying technologies:
Note: If you don’t have access to a Workspace 365 environment, you can easily request a free trial. Request a free trial and make sure to use a valid Office 365 account with Global Administrator rights in Azure AD:
https://www.workspace365.net/trial/
Integrating Citrix into the digital workspace
As mentioned above, it is possible to add a Citrix application to your workspace. This will create a bridge between your legacy and your new applications. I have written a blog on integrating Citrix XenApp – Virtual Apps and Desktops – within Workspace 365 and would recommend following these steps:https://www.christiaanbrinkhoff.com/2018/01/05/how-to-configure-workspace-365-to-use-office-365-and-citrix-xenapp-as-application-bridge-through-one-unified-portal/
Setting up conditional access to your applications
After you’ve successfully added the Citrix or Remote Desktop application to Workspace 365, you can go to your settings in the top menu.
Navigate to Apps Management and look for the Citrix application or remote desktop you would like to set conditional access for.
Select Conditional Access from the Tab menu
Choosing your conditional access settings
Here you can choose which conditions you would like to whitelist. Rumour has it that they are also working on a blacklist option, but while I’m writing this it is not available yet. However, you can vote for new features on their support portal. Currently, Workspace 365 supports the following options:
Device: Desktop (including notebooks), Tablets, Mobile…Browsers: Google Chrome, Internet Explorer, Mozilla Firefox, Apple Safari, Microsoft Edge and Opera…IP ranges: IP address(es) or IP ranges
In my set-up, I chose a random IP address to test if I could open the application from my workspace.
You have set up conditional access for your Citrix or Remote Desktop application
You’re now ready with the configuration for Conditional Access – When you navigate back to the Workspace 365 dashboard, you will notice that the application that is limited by conditional access is greyed out. If a user decides to click on the application anyway, they will get a clear pop-up telling them why the application can’t be opened.
Please visit https://www.workspace365.net/product-tour for more information or to experience a free demo.
That’s it for now. I hope to see you back soon.
Christiaan Brinkhoff