Office 365

What’s New in XenApp, XenDesktop and XenServer November 2017

Welcome to our first-ever MONTHLY update on what’s new with XenApp and XenDesktop. Since we now roll out new features and enhancements so much faster, it makes sense to provide a monthly update to keep you up to date.



Related Stories

Continue reading..

The Big News About Microsoft Teams

Over the past six weeks, Microsoft has revealed their plans for Teams and Skype for Business. Let’s review the big news about Teams, and what it will mean for Citrix customers.

Unified Communications is evolving into what Microsoft calls “Intelligent …


Related Stories

Continue reading..

Forecast Calling for Cloud? Learn the Steps to Blue Skies

When discussing cloud with customers, some of the most common themes are “How do we get started? What are my options for Citrix in the cloud? And what steps should we follow?”

A cloud strategy is not one-size-fits-all. Getting started, …


Related Stories

Continue reading..

New Webinar: Solve Migration, Security & Productivity Challenges Around Office 365

Many organizations are embracing Office 365 as their tool of choice for productivity applications. However, introducing Office 365 into existing enterprise infrastructure raises the question of how to handle authorization and access while ensuring data security. With all of the …


Related Stories

Continue reading..

Newly Updated: Reviewer’s Guide for On-Premises VMware Identity Manager 2.9.1

The Reviewer&#rsquo;s Guide for On-Premises VMware Identity Manager 2.9.1 has just been updated.

This updated Reviewer&#rsquo;s Guide describes the newest features of VMware Identity Manager (formerly called Workspace Portal), such as enhanced Microsoft Office access. VMware Identity Manager has long provided conditional access control for any Office 365 clients that use modern authentication. VMware Identity Manager now also includes enhanced conditional access policies for Office 365 clients that use legacy user name and password authentication. These policies increase security and reduce risk of data loss by controlling clients such as native iOS and Android email applications, older versions of Microsoft Office, and email clients such as Thunderbird. This feature works for both managed and unmanaged devices.

In addition to discussion of new features and enhancements, the Reviewer&#rsquo;s Guide includes instructions in the form of illustrated, easy-to-follow exercises that walk you through the setup of a basic deployment. Follow the steps to set up and deploy, and then you can explore the new VMware Identity Manager features at your own pace.

You can find the Reviewer&#rsquo;s Guide for On-Premises VMware Identity Manager 2.9.1, as well as other technical papers, at VMware Technical Papers.

To comment on this paper, contact VMware End-User-Computing Technical Marketing at euc_tech_content_.

The post Newly Updated: Reviewer&#rsquo;s Guide for On-Premises VMware Identity Manager 2.9.1 appeared first on VMware End-User Computing Blog.

Read more..

Secure Your Office 365 Deployments with NetScaler

These days, when you make applications and services available from external locations, security is always (or should be) top-of-mind for IT admins. What they need to make sure of is that no one from an external location can easily break …


Related Stories

Continue reading..

Don’t Leave Holes in Your Office 365 Security Strategy

Secure every access point to Microsoft Office 365 emails and data with VMware Workspace ONE.

If your organization is like most, you&#rsquo;re either using Microsoft Office 365 or thinking about an Office 365 implementation. Since the data and email in Office 365 are vital to your business, you&#rsquo;ve probably thought through how to protect Office 365 with application access control policies. You need to ensure, however, that your policies protect all apps with access to Office 365.

Imagine that one of your end users goes to visit family for the holidays. While at her parent&#rsquo;s house, she borrows her father&#rsquo;s laptop to check work emails. Although you require multi-factor authentication (MFA) for access to Office 365, she logs into Outlook 2010 using nothing more than a username and password. Outlook downloads her mailbox, she checks her email, and after a few days, she returns home.

All her emails, however, stay on the laptop. That data is out of her control and out of IT&#rsquo;s control, creating data loss risks if the laptop is sold, lost or compromised with malware. How did your user (unwittingly) bypass your conditional access rules, and what can you do to protect your data and email?

In this blog post, we&#rsquo;ll cover how this data leak occurred, and how VMware Workspace ONE allows you to avoid similar Office 365 data losses and security holes.

Applying Access Policies to Office 365 Authentication Methods

To understand how your user bypassed your MFA requirement, you have to understand that Office 365 supports two ways to log users in: Modern authentication and legacy username/password authentication. In the example above, your user logged in with a legacy username/password client, accidentally bypassing the policies you created to protect Office 365.

To control access to Office 365 emails and data no matter what client your user chooses, you need a solution such as Workspace ONE that protects both authentication methods. Although many Office 365 client apps use newer modern authentication, older Office 365 apps, Android and iOS native mail (using ActiveSync), and third-party Office 365 apps (such as Thunderbird) use legacy username/password authentication.

Protecting both authentication types is vital for most organizations. Workspace ONE controls access to Office 365 no matter which client app a user chooses with policies based on group, network range, device type or OS and more.

Modern vs. Legacy Authentication

Here&#rsquo;s how to tell the difference Office 365 modern authentication and legacy username/password authentication:

Modern Authentication

If the end user is redirected to an IDP in a browser, it&#rsquo;s modern authentication.

Microsoft modern authentication redirects the end user in a browser from the Office 365 app to an identity provider (IdP), such as Workspace ONE, to authenticate. Modern authentication takes advantage of Microsoft&#rsquo;s Azure Active Directory Authentication Libraries (ADAL). For more details on modern authentication, see Microsoft&#rsquo;s summary here.

This is modern authentication. The user is redirected to Workspace ONE in a browser.

Legacy Authentication

If the end user enters credentials into the client&#rsquo;s UI (and there&#rsquo;s no redirection to an IDP), it&#rsquo;s legacy username/password authentication.

In username/password authentication, the Office 365 client collects a username and password in its own UI (rather than sending the user to an IDP in a browser). Because the user enters their credentials into the client rather than using standard browser single sign-on (SSO), legacy username/password authentication doesn&#rsquo;t support advanced features such as MFA or VMware mobile SSO. Microsoft sometimes calls legacy username/password authentication by a more specific name such as basic authentication or the Microsoft Online Services Sign-In Assistant.

This is legacy username/password authentication. The user enters credentials directly into the client UI—there&#rsquo;s no browser redirect to Workspace ONE or another IDP.

Many identity solutions can only protect access to Office 365 for clients using modern authentication. Workspace ONE protects access to Office 365 without requiring additional products or servers, no matter what client a user chooses.

Use Cases for Controlling Access to Office 365

Because modern authentication supports MFA, certificate authentication, VMware mobile SSO and all other standard authentication features of Workspace ONE, organizations have fine-grained control over how they allow access for Office 365 clients using modern authentication.

Controlling legacy username/password clients, on the other hand, is tricky. Because legacy username/password clients only support one authentication method (username and password), organizations can&#rsquo;t rely on the enhanced security of MFA, VMware mobile SSO or other authentication features. Instead, many organizations take the following approaches:

  • Allow legacy username/password access to Office 365 for mobile email only. In this approach, an organization could block legacy username/password access to Office 365 apps and data for all apps and add an exception for native mobile email clients that use Exchange ActiveSync. This approach works well with the mobile email management features in Workspace ONE. Many organizations choose this path because Exchange ActiveSync clients don&#rsquo;t download the user&#rsquo;s entire mailbox, reducing the risk of data loss. Your organization can also choose to limit mobile email access to the extra-secure VMware Boxer app.


  • Allow legacy username/password access to Office 365 only under more secure conditions. Because legacy username/password clients such as Thunderbird or older versions of Office don&#rsquo;t support MFA, some organizations want to limit these clients to only connect to Office 365 under more secure circumstances. For example, you might only allow Thunderbird on your corporate network to ensure users are not downloading their mailboxes on multiple computers. This approach can reduce the risk of data loss.
  • Allow legacy username/password access only for specific users or groups. Organizations may want to limit which users can connect to Office 365. For example, IT could block retail employees from accessing mobile email while they are offsite.
  • Block all access to Office 365 for username/password clients. Some organizations want to ensure all users access Office 365 with MFA, mobile SSO or other secure methods. Because modern authentication supports these methods but legacy username/password authentication does not, these organizations should block username/password client apps. Users will still be able to access Office 365 through Office 2016 apps (or Office 2013 apps, if they are configured correctly).

Workspace ONE & Office 365

Workspace ONE makes securing and deploying Office 365 easier, with industry-leading enterprise mobility management (EMM) to keep your devices and users safe. Learn more about how Workspace ONE protects Office 365, while providing end users with consumer-level ease of use. Visit, or contact your VMware account representative for more details.

Because you liked this post:

  • Better Together: VMware Workspace ONE & Office 365
  • Enable Consumer Simple, Secure Access to Office 365 with New VMware Workspace ONE Enhancements
  • VMware Named a Leader in Gartner Magic Quadrant for Enterprise Mobility Management (EMM)

The post Don&#rsquo;t Leave Holes in Your Office 365 Security Strategy appeared first on VMware End-User Computing Blog.

Read more..

Synergy Milestone! 200,000 Users Served Daily by Optimization Pack for Skype for Business

Thank you, customers, for your perfect timing!

Just in time for our Citrix Synergy 2017 conference in Orlando this week, we hit a major milestone in adoption of the HDX RealTime Optimization Pack for Skype for Business that Citrix and


Related Stories

Continue reading..

New ShareFile Solutions for Today’s Modern Workspaces

New Features Improve Productivity, Collaboration, and Security

Today’s Digital Workspaces are facing increasing pressure to improve productivity and collaborative solutions, provide easy-to-access, mobile infrastructure, without creating operability challenges, and all within a secure environment.

In response to trends, Citrix ShareFile …


Related Stories

Continue reading..

Azure AD Join with VMware Workspace ONE

Secure, timely support for remote Windows users can be tricky.

Imagine your top remote sales rep breaks her laptop before an onsite meeting with a vital client. Does she have time to wait for IT to grab a new laptop, Domain Join it for secure access to corporate resources and then ship it out? Even if there is time, she&#rsquo;ll worry about her meeting, and you&#rsquo;ll get plenty of requests for updates.

Instead, imagine that your rep simply stops by a nearby store for a new laptop. She self-enrolls into your Azure Active Directory (AD) domain using the Windows 10 Getting Started wizard. Her device is automatically protected with VMware Workspace ONE enterprise mobility management (EMM) policies.

When you combine Azure AD Domain Join with the best-in-class Windows 10 management of Workspace ONE, you can ensure security and control over end-user access to resources—even from devices that never touch your internal corporate network.

Azure AD Join automatically protects Windows 10 with Workspace ONE EMM policies.

Secure Azure AD Join with Workspace ONE

Workspace ONE integrates with Azure AD Join to protect remote Windows 10 machines with enterprise mobility policies powered by VMware AirWatch. When an end user follows the Windows 10 setup wizard to join his or her device to your Azure AD instance, Azure AD can automatically enroll the device into Workspace ONE for management.

If you have devices that won&#rsquo;t consistently contact your corporate network, or if you have temporary users such as students or contractors, offering Azure AD Join to your users gives them the following benefits:

  • Easy access to their corporate resources through device enrollment into Workspace ONE;
  • Enterprise-class device security through Workspace ONE EMM;
  • User settings that follow them as they log into different domain-joined devices;
  • Strong but simple authentication with support for biometrics, such as face recognition using Windows Hello for Business and
  • Access to the Windows Store for Business using work or school accounts.

You can find full details on the benefits and prerequisites of Azure AD Join on Microsoft&#rsquo;s site.

Users can choose to Azure AD Join their device from the Windows 10 Getting Started Wizard.

Use Cases for Azure AD Join

Azure AD Join makes Windows 10 management easier than traditional AD Domain Join when you&#rsquo;re working with devices that may not connect to your corporate network or with temporary users (for more information, see this article outlining the pros and cons of Azure AD Join). Common use cases include the following:

  • Remote device registration: Some organizations ship Windows 10 devices to remote employees. If you set up Azure AD domain join, your users can easily join their devices to your domain as part of the Windows 10 setup wizard.
  • Temporary domain membership: If your organization employs temporary workers, such as contractors, or temporary users, such as students, you may choose to domain join them through Azure AD to take advantage of the self-service domain join as part of Windows 10 setup.

Workspace ONE, Azure AD and Office 365

Workspace ONE provides the industry-leading EMM you need to keep your devices and users safe. Learn more about how Workspace ONE protects valuable resources such as Microsoft Office 365, while providing end users with consumer-level ease of use., or contact your VMware account representative for more details.

The post Azure AD Join with VMware Workspace ONE appeared first on VMware End-User Computing Blog.

Read more..

Go Que Newsroom