App Protection
App Protection provides an extra level of security by blocking key logging and screen capture. For more information, see the App Protection documentation.
Important:
When accessing a store through a web browser, apps requiring App Protection are hidden by default. StoreFront must be configured to display protected apps. When accessing a store through Citrix Workspace app, no StoreFront configuration is required.
App Protection for launches from Citrix Workspace app
When users access the store using a supported version of Citrix Workspace app, StoreFront displays all resources requiring App Protection. No additional StoreFront configuration is required.
App Protection for hybrid launch
When users access a store through a web browser, virtual apps and desktops requiring App Protection are hidden by default. StoreFront can be configured to display protected resources when it detects the following minimum versions for the Citrix Workspace app:
| App | Version |
|---|---|
| Citrix Workspace app for Windows | 1912 |
| Citrix Workspace app for Mac | 2001 |
| Citrix Workspace app for Linux | 2108 |
The store website never displays protected resources when using earlier versions of Citrix Workspace app, or on iOS, Android, ChromeOS, or when launching apps in the browser.
StoreFront determines the Citrix Workspace app version using Citrix web extensions or Citrix Workspace launcher. If neither are available, or the user has skipped Citrix Workspace app detection, then the website does not display protected resources.
Warning
It is not guaranteed that the store website always correctly identifies the version of Citrix Workspace app so it may be possible to launch apps using a client that does not support App Protection. Therefore before you enable App Protection for hybrid launches, Citrix recommends configuring App Protection Posture Check which blocks launching virtual apps and desktops from Citrix Workspace app versions that do not support App Protection.
Enable App Protection for hybrid launch
To allow StoreFront to display protected apps on supported Citrix Workspace app versions, use the PowerShell cmdlet Set-STFWebReceiverAppProtection.
-
Open a PowerShell console as an administrator.
-
If you have more than one website, find the virtual path of the website you wish to configure. This is the path that appears in the user’s web browser, e.g.
/Citrix/StoreWeb. You can get a list of all websites and their path using the commandGet-STFWebReceiverService. -
Run the powershell:
$receiver = Get-STFWebReceiverService -VirtualPath "[virtual path]" Set-STFWebReceiverAppProtection -WebReceiverService $receiver -Enabled On <!--NeedCopy-->Replacing
[virtual path]with the path found in the first step.-VirtualPathcan be excluded if there is only one website. -
If the user has chosen to open resources in their web browser, either through admin configuration or because the user chose Use light version, App Protection is not available. You can optionally configure the store to always launch using locally installed Citrix Workspace app. For more information, see Citrix Workspace app deployment.
-
The first time the user opens a store website, if Citrix web extension is not available then it displays the Detect Citrix Workspace app screen. If the user chooses Already installed then StoreFront is unable to determine the app version so does not display protected apps and desktops. Therefore it is recommended that you disable the Already installed option. For more information, see Allow users to skip Citrix Workspace app detection.
View whether App Protection for hybrid launch is enabled
To find out whether App Protection for hybrid launch is available for a store website using PowerShell, run cmdlet Get-STFWebReceiverAppProtection. For example:
$receiver = Get-STFWebReceiverService -VirtualPath "/Citrix/StoreWeb"
Get-STFWebReceiverAppProtection -WebReceiverService $receiver
<!--NeedCopy-->