What’s new in Citrix XenMobile 10.3 (hint: a LOT)

Citrix recently released version 10.3 of XenMobile and it is a huge release. Here's what's new.

  • Shared devices in XenMobile enterprise mode. Shared devices is available in MDM mode.
  • Android for Work device owner mode and support for devices earlier than Android L.
  • Retrieval of voice or SMS messages on Android devices.
  • Support for Google Cloud Messaging on Android devices.
  • Fast encryption device policy, VPN policies, and new Restriction policy options for Samsung KNOX.
  • New language support for Korean, German and Portuguese and right-to-left text support in Worx Apps. These languages are available in the XenMobile console with XenMobile 10.3.

New console appearance

XenMobile 10.3 has a new look. The console is updated with new colors, fonts, tabs, and improved functionality.

  • The Dashboard tab in previous versions of the console has been moved under the new Analyze tab, which also includes the new Reporting tab. For details, see Reports.
  • The Manage tab now includes the new Users tab where you manage local users and groups.
  • The Configure tab now includes the new ShareFile tab where you configure settings to connect to the ShareFile account.
  • You access Settings, formerly under the Configure tab, by clicking the gear icon on the upper-right of the console.
  • The Support tab now opens in the same tab as the console instead of in a new tab.

New platform support

XenMobile 10.3 now offers support for the following platforms:

  • Mac OS X
  • Android HTC
  • Android Sony
  • Samsung SEAMS
  • Windows Mobile/CE
  • Windows 10 Phone: Device management in XenMobile MDM and Enterprise modes.
  • Windows 10 Desktop/Tablet: Device management in XenMobile MDM and Enterprise modes.


New Device policies

The following new MDM policies are available in XenMobile 10.3:

  • App lock. Lets you define a list of apps that are allowed to run on a device, or a list of apps that are blocked from running on a device. Available for iOS and Android.
  • App network usage. Lets you set network usage rules to specify how managed apps use networks, such as cellular data networks. The rules only apply to managed apps. Available for iOS.
  • Connection manager. Configures how apps will connect to the Internet or to a private network. These settings only work on Pocket PCs (touch screen devices). Available for Windows Mobile/CE.
  • Copy apps to Samsung container. Lets you create a SEAMS or KNOX container for apps on Samsung devices. Available for Samsung SEAMS or Samsung KNOX.
  • Delete files and folders. Allows you to specify which files and folders need to be deleted. Available for Windows Mobile/CE.
  • Device health attestation. Enables Device Health Attestation, a security and data loss prevention (DLP) feature in Windows 10 that lets you determine the health of a Windows 10 device and take compliance actions when necessary. The payloads are supported only on Windows 10 and later supervised devices. Available for Windows Phone and Windows Tablet.
  • Device name. Allows you to set the names on iOS and Mac OS X devices so that you can easily identify the devices. You can use macros, text, or a combination of both to define the device's name.
  • Delete registry keys and values. Allows you to specify which registry keys and values need to be deleted. An empty value means that the entry is a registry key. Available for Windows Mobile/CE.
  • Enterprise Data Protection. Allows you to specify apps that require Enterprise Data Protection (EDP) at the enforcement level you require. This policy applies to Windows phones and Windows tablets.
  • Import iOS & Mac OS X profile. The option to configure this policy for Mac OS X is new in XenMobile 10.3. The policy lets you import a device configuration XML file for either iOS or Mac OS X. The file contains device security policies and restrictions that you prepare with the Apple Configurator.
  • Registry. The Windows Mobile/CE registry stores data about apps, drivers, user preferences, and configuration settings. You can define the registry keys and values that let you administer Windows Mobile/CE devices.
  • Wallpaper. Lets you add a .png or .jpg file to set wallpaper on an iOS device lock screen, home screen, or both. Available in iOS 7.1.2 and later. To use different wallpaper on iPads and iPhones, you need to create different wallpaper policies and deploy them to the appropriate users.
  • Windows CE certificate. Allows you to create and deliver a certificate from an External PKI to your device.


 Summary of new features and enhancements for each platform type


  • New device policies. App Network Usage, Device Name, and Wallpaper
  • Assigning an app from managed to unmanaged. iOS 9.0 option for assigning an app from managed to unmanaged. When you add and configure settings for a public app store app for iOS in the XenMobile console, you can configure a Force app to be managed option. This option is set to OFF by default. If you select ON, when the app is installed as unmanaged, users are prompted to allow the app to be managed on unsupervised devices. For details, see Adding a public app store app to XenMobile.
  • New Restrictions and Apple Configurator 1.7.2 policy options. For details, see Restrictions device policies.
  • Support for RequestMirroring and StopMirroring commands. For details, see the XenMobile REST API reference.
  • DEP device setup assistant enhancements. For details, see Bulk enrollment of iOS devices.
  • VPN OnDemandRules key. For details, see VPN device policies.


Windows CE

Windows Phone 10 and Windows Tablet 10

  • New device policy: Enterprise Data Protection and Device Health Attestation
  • New device policy options for Windows Phone and Windows Tablet:
    • App inventory
    • Credentials
    • Custom XML
    • Passcode
    • Restrictions
    • Terms & Conditions
    • VPN
    • WiFI
  • New device policy options for Windows Tablet:
    • App Uninstall
    • Sideloading Kay
    • Signing Certificate
    • Webclip
    • WorxStore
  • New device policy options for Windows Phone:
    • Enterprise Hub
    • Storage Encryption

Mac OS X

  • Enrollment via OTAE. For details, see Mac OS X.
  • Device management information in the XenMobile console showing device properties, certificates, reports, and supported profiles.
  • Security actions on Mac OS X devices - selective wipe, lock, revoke, wipe.
  • New device policy options:
    • Device Name
    • Import iOS and Mac OS X Profile
    • AirPlay Mirroring
    • App Inventory
    • Calendar (CalDav)
    • Contacts (CardDAV)
    • Credentials
    • Exchange
    • Font
    • LDAP
    • Passcode
    • Profile Removal
    • Restrictions
    • SCEP
    • VPN
    • Webclip
    • WiFI

New features and enhancements to support Android for Work

  • Support for devices earlier then Android.
  • Provisioning Device Owner mode for Android for Work

In addition to managing Android for Work apps or Android devices in BYOD mode, you can also manage corporate-owned devices through the provisioning of Device Owner mode. To do so, you use an Near Field Communication (NFC) bump between devices. One device runs the Worx Provisioning Tool app and bumps either a new out-of-the-box device or a device that is factory reset. Device Owner mode is the corporate-owned device mode for most devices running Android 5.x.x.

  • Android for Work Bulk Purchasing

You can manage Bulk Purchase licensing in the XenMobile console for apps enabled for Android for Work. The Bulk Purchase plan for Android for Work simplifies the process of finding, buying, and distributing apps and other data in bulk for an organization. When you add a paid public app store app for an Android for Work to XenMobile, you can review the Bulk Purchase licensing status - the total number of licenses available.  After you deploy the app to users, you can later review the number of licenses currently in use, as well as the email address of each user consuming the licenses. You can select a user and then clickDisassociate to end their license assignment and free up a license for another user. You can only disassociate the license, however, if the user is not part of a delivery group that contains the specific app.

Shared devices

XenMobile lets you configure devices that can be shared by multiple users. For details, see Shared devices in XenMobile.

Language support

The XenMobile console in XenMobile 10.3 is available in Korean, German, and Portuguese. The MDX policies are now localized when viewed in the XenMobile console. For details, see XenMobile language support.


From the Reporting tab, you can generate 10 predefined reports from within the XenMobile console:

  • Apps by Devices & User: Lists apps that users have on their devices.
  • Terms & Conditions: Lists users who have accepted and declined the Terms and Conditions agreements.
  • Top 25 Apps: Lists up to 25 apps that most users have on their devices.
  • Jailbroken/Rooted Devices: Lists rooted iOS devices and jailbroken Android devices.
  • Top 10 Apps – Failed Deployment: Lists apps that have failed to deploy.
  • Inactive Devices: Lists devices that have been inactive for a specified period of time.
  • Apps by Type & Category: Lists apps by version, type, and category.
  • Device Enrollment: Lists devices that have enrolled during a specified time period.
  • Apps by Platform: Lists apps and app versions by device platform and version.
  • Devices & Apps: Lists all devices, device data, and apps installed.

To run reports, click the Analyze tab in the XenMobile console and then click Reporting. The reports are in .csv format, which you can open with programs like Microsoft Excel. For details, see Reports in XenMobile.

localized image

Adding LDAP members - local users - to groups

Many organizations do not configure Active Directory groups, but may need a local group for a particular purpose - a pilot, for example. In XenMobile 10.3, you can make LDAP - local users members of a local group. Then, you can define a delivery group that contains the local group. This set of users can access apps and policies assigned to the delivery group without having to reenroll their devices. For details, see To add, edit, or delete local users in XenMobile.

localized image

Support bundle legal agreement

The first time you upload a support bundle to Citrix Insight Services (CIS), you are prompted to accept a legal agreement. For details, see Creating Support Bundles in XenMobile.

localized image

Anonymizing data in support bundles

When you create support bundles in XenMobile, sensitive user, server, and network data is made anonymous by default. You can change this behavior on the Anonymization and De-anonymization page. You can also download a mapping file that XenMobile saves when anonymizing data. Citrix support may request this file to de-anonymize the data and locate a problem with a specific user or device. For details, see Anonymizing data in support bundles.

Connectivity checks

From the XenMobile Support page, you can check the XenMobile connection to NetScaler Gateway and other servers and locations. For details, see Conducting connectivity checks.

Microsoft Azure

You can join Windows 10 devices to Microsoft Azure AD to allow the devices to enroll with Azure as a federated means of Active Directory authentication. For details, see Microsoft Azure settings.


Filed under: News Leave a comment
Comments (0) Trackbacks (0)

No comments yet.

Leave a comment

No trackbacks yet.