App Protection
App Protection provides an extra level of security by blocking key logging and screen capture. For more information, see the App Protection documentation.
Important:
When accessing a store through a web browser, apps requiring App Protection are hidden by default. StoreFront must be configured to display protected apps. When accessing a store through Citrix Workspace app, no StoreFront configuration is required.
App Protection for launches from Citrix Workspace app
When users access the store using a supported version of Citrix Workspace app, StoreFront displays all resources requiring App Protection. No additional StoreFront configuration is required.
App Protection for hybrid launch
When users access a store through a web browser, virtual apps and desktops requiring App Protection are hidden by default. StoreFront 2308 and higher can be configured to display protected resources, unless using ChromeOS, or the user has chosen to launch resources in their web browser, as these do not support App Protection.
Warning
It is possible to launch apps using older versions of Citrix Workspace app that do not apply App Protection. Therefore before you enable App Protection for hybrid launches, Citrix recommends that you enable App Protection Posture Check which blocks launching virtual apps and desktops from Citrix Workspace app versions that do not support App Protection.
If launching resources using ICA downloads, the user could edit the ICA file to remove the instruction to apply App Protection. Therefore before you enable App Protection for hybrid launches, Citrix recommends that you enable Policy Tampering Detection.
Versions of StoreFront earlier than 2507 attempted to detect the version of Citrix Workspace app installed using using Citrix web extensions or Citrix Workspace launcher and only displayed resources with App Protection if the client met certain minimum versions. However it was not possible to guarantee that the version was correctly detected which lead to resources being incorrectly shown or hidden. Therefore this check has been removed.
Enable App Protection for hybrid launch
To allow StoreFront to display protected apps on supported Citrix Workspace app versions, use the PowerShell cmdlet Set-STFWebReceiverAppProtection.
-
Open a PowerShell console as an administrator.
-
If you have more than one website, find the virtual path of the website you wish to configure. This is the path that appears in the user’s web browser, e.g.
/Citrix/StoreWeb. You can get a list of all websites and their path using the commandGet-STFWebReceiverService. -
Run the powershell:
$receiver = Get-STFWebReceiverService -VirtualPath "[virtual path]" Set-STFWebReceiverAppProtection -WebReceiverService $receiver -Enabled On <!--NeedCopy-->Replacing
[virtual path]with the path found in the first step.-VirtualPathcan be excluded if there is only one website. -
If the user has chosen to open resources in their web browser, either through admin configuration or because the user chose Use web browser, App Protection is not available. You can optionally configure the store to always launch using locally installed Citrix Workspace app. For more information, see Citrix Workspace app deployment.
-
The first time the user opens a store website, if Citrix web extension is not available then it displays the Detect Citrix Workspace app screen. If the user chooses Skip detection then StoreFront is unable to determine the app version so does not display protected apps and desktops. Therefore it is recommended that you disable the Skip detection option. For more information, see Allow users to skip Citrix Workspace app detection.
View whether App Protection for hybrid launch is enabled
To find out whether App Protection for hybrid launch is available for a store website using PowerShell, run cmdlet Get-STFWebReceiverAppProtection. For example:
$receiver = Get-STFWebReceiverService -VirtualPath "/Citrix/StoreWeb"
Get-STFWebReceiverAppProtection -WebReceiverService $receiver
<!--NeedCopy-->