Maximize your Investment in Microsoft Office 365 with Citrix Workspace
White Paper | Maximize your investment in Microsoft Office 365 with Citrix Workspace
Maximize your investment in Microsoft Office 365
with Citrix Workspace
Accelerate migration, simplify maintenance, and improve user productivity and security
Microsoft Office 365 has much to offer for organizations of all sizes. For IT, the cloud-based
solution can increase flexibility, reduce capital costs and simplify administration. Users
gain anywhere, anytime access to the Office applications they depend on, with enhanced
collaboration and document synchronization across platforms. Citrix Workspace complements
Office 365 by solving the challenges that can come with its adoption and ongoing management
to help you maximize the value of your move to the cloud-based Microsoft productivity suite.
Introducing Office 365 cloud services into existing enterprise infrastructure raises questions on
how to handle authorization and access while ensuring data security. IT now needs a strategy
to keep users productive if their branch loses network connectivity to the cloud. Additional
expectations and requirements include ensuring the same high-quality experience on mobile
as on the desktop, supporting user devices of all kinds, and meeting the unique demands of
apps such as Skype for Business. The more frequent updates in Office 365 call for a simple,
efficient approach to application lifecycle management.
Realizing the full benefits of Office 365 depends on IT’s ability to address these challenges
simply and comprehensively. Together, Citrix and Microsoft enable enterprises to deliver a
superior Office 365 employee experience across any device, any platform, and any use case
with increased security and management.
Best practices for successful migration to Office 365
Migration to Office 365 is often one of the first steps in a digital transformation strategy. Citrix
Workspace offers comprehensive capabilities to facilitate this initiative by integrating cloud,
Faster migration &
1 Accelerate deployment
by solving complex
SSO setup issues with
ADFS and simplify on
for native Office Apps
2 Enable multi-factor
auth & conditional
access based on
location, device, user
or network type
3 Simplified SSO
experience for all
users, securely share
files with anyone
Figure 1 Why Citrix Workspace and Office 365
2Citrix.com | White Paper | Maximize your investment in Microsoft Office 365 with Citrix Workspace
mobility and application delivery requirements. By addressing common challenges faced
by IT, Citrix Workspace can maximize your use of Office 365 while allowing a simpler,
Increase IT efficiency and reduce complexity
User authorization and access
One of the first things IT must consider during the transition to cloud-based Office 365 is how
to enable secure and convenient single sign-on (SSO) for internal users in Active Directory. This
capability would ordinarily require moving the user directory to the cloud, which can increase
cost and risk while burdening the network. There’s also the question of how to provide access
to external users such as contractors and partners. Microsoft recommends using an Active
Directory Federation Services (ADFS) server farm, but complexity increases when external
users are brought into the mix.
Citrix Workspace secure and remote access capabilities eliminate the need to deploy this
additional component in the DMZ and allow you to enable single sign-on while keeping the
user directory on-premises. The integrated Citrix solution serves as an ADFS or SAML proxy,
secure access gateway and application delivery controller, giving you one place to maintain
user permissions for all kinds of apps (web, SaaS, mobile, virtual and cloud) and all kinds of
users (employees, temporary workers, partners or even customers). Citrix Workspace supports
any authentication mechanism as well as multiple authentication protocols including RADIUS,
Kerberos, Microsoft NTLM and Certificate Services.
IT soon discovers that not every use case can be satisfied with Office 365 cloud services.
For example, some customers choose to run Exchange, Lync and SharePoint servers in the
cloud, but prefer to install Word and Excel locally. Some customers maintain separate Office
environments to deliver native mobile apps and virtual apps. When it is time to update the
software or change user permissions, these hybrid environments increase cost and complexity
due to the use of different management tools to support each deployment. It is also difficult for
users, who encounter an inconsistent experience across devices.
Citrix Workspace is designed for hybrid architectures, aggregating the management of on-
premises, cloud, web, SaaS and mobile apps from a single administrative experience. A unified
control plane lets IT manage and secure every element of Office 365, as well as workspace
elements such as Citrix XenApp and Citrix XenDesktop, from a single place. This greatly
improves visibility and simplifies troubleshooting, increasing overall IT efficiency.
Application lifecycle management
As with any application migration project, the move to Office 365 requires IT to address the
potential for conflicts involving dependencies on older versions of Office—an often costly
and time-consuming process. IT needs to be able to discover, automate, model and manage
delivery of Office applications to different end points, on different operating system versions
and with different apps. Office 365 aligns with the new service delivery model from Microsoft,
with at least two major updates per year compared with the previous model’s 3 – 5 years
between major releases. Microsoft supports only the last two releases, so IT will have to move
quickly to avoid falling out of support. A new approach will be required to meet the lifecycle
management needs where IT must test and deploy more frequent releases.
Citrix Workspace reduces the time, labor, cost and risk associated with the application update
process by automating application compatibility checks. IT can confidently deploy new updates
with Citrix Workspace, knowing that any incompatibility will be flagged for remediation or even
fixed automatically. What used to take weeks now takes only minutes. Citrix Workspace app
virtualization technology further simplifies software delivery because all updates and patch
3Citrix.com | White Paper | Maximize your investment in Microsoft Office 365 with Citrix Workspace
management are performed only once on the centrally stored base image. Citrix Workspace
mobility services provide similar simplicity and efficiency for the management and delivery
of Office 365 applications to mobile devices.
Beyond increasing the efficiency of Office 365, Citrix Workspace greatly strengthens the
security posture of the organization. Users always receive the latest software versions, without
the risk of outdated applications running locally on thousands of endpoints all over the world.
Reduce risk with contextual, people-centric security
Mobile and endpoint security
Office 365 gives users the flexibility to be productive using any device—including BYO devices.
To allow this freedom without increasing risk, IT needs a way to protect Office 365 data on any
device entering the organization, whether managed or unmanaged.
Effective endpoint and mobile security is an essential part of successful Office 365 adoption.
When Office 365 is delivered using Citrix Workspace, only devices that pass an automated
endpoint compliance check are permitted to connect to enterprise services. This can range
from simple checks such as IP-based filtering to more advanced, admin-defined checks such
as confirming that the device is running latest antivirus program or has the right certificates
installed, allowing access only if connected to an authorized secure WLAN, and so on.
For users who prefer to install native mobile apps, Citrix Workspace give IT the ability to publish
and revoke privileges to users based on device posture and compliance when public Office 365
apps are distributed through the Citrix Workspace app store.
The Citrix solution can be integrated with existing Microsoft Intune and EMS management for
additional security controls to protect mobile devices and applications. For example, users can
be restricted from using specific mobile apps based on their location. Administrators can apply
both Citrix security and Intune policies through a single console.
Application and data security
The convenience of using Office 365 cloud apps on a variety of devices can bring the
unintended consequence of putting enterprise data at risk if not managed properly. The Citrix
Workspace solution protects data in a variety of ways to accommodate the user’s workstyle
and an organization’s security requirements. For example, companies may decide that they
prefer that data never leaves the security perimeter. In this scenario, the Citrix Workspace
solution provides an easy and intuitive container that prevents data from leaving the
datacenter, while still allowing users to quickly edit and share the data from any device and any
location. If, on the other hand, users need access to their data locally on their mobile device,
the Citrix Workspace solution can encrypt data at rest in a secure container on the device.
Innovative micro-VPN and per-app VPN capabilities protect data in transit between the cloud
and user device. In addition, the Citrix Workspace Solution provides advanced data security
features including device lock and security, access control, secure collaboration, remote wipe,
and data expiration policies for complete control over Office 365 enterprise data regardless of
where it is located.
4Citrix.com | White Paper | Maximize your investment in Microsoft Office 365 with Citrix Workspace
Seamless integration with enterprise directory services simplify authentication, user
provisioning and authorization. Citrix Workspace technology allows full visibility and control
over business files shared with employees, customers and partners for collaboration.
Integration with Microsoft OneDrive enables enterprise-grade IT oversight for Office 365 apps,
all from a unified, consumer-easy user interface. Robust reporting and auditing features enable
IT to track and log user activity in real time and create custom reports to meet corporate data
policies and compliance requirements.
To ensure comprehensive, multilayered protection against application-based threats,
organizations need to rely on measures beyond password protection for access to sensitive
data stored in Office 365 services. This is especially true as the proliferation of mobile devices,
BYOD and Internet connectivity has allowed users to begin working from nearly any location
and any device, often over untrusted or public networks, or on untrusted and unsecure devices.
Citrix Workspace enables contextual security for Office 365 apps based on the current device,
user, location and network. The solution enables multi-factor authentication for Office 365
apps, and can prompt for additional authentication factors based on threat analysis. Pre-
authentication and post-authentication checks on inbound user sessions ensure that the client
device meets all established compliance policies. Contextual analysis of data from hypervisor,
network, endpoints and servers enables detection and action on unusual application behavior
in any part of the environment.
Boost user productivity
User experience and productivity
Users expect a simple, consistent experience across apps and devices, including the ability
to access and share data on any device. It is inefficient and frustrating to switch between
different workspaces depending on the backend infrastructure. Citrix Workspace provides a
single, consumer-easy front end to access all kinds of apps, including Office 365 cloud apps,
web apps, SaaS apps, virtualized apps and mobile apps. The same experience adapts to any
device, whether on desktop, tablet, smartphone or even “things.”
Figure 2 Enforce device level encryption for compliance and audit
5Citrix.com | White Paper | Maximize your investment in Microsoft Office 365 with Citrix Workspace
Citrix Workspace makes all of a user’s files and documents readily available on any device.
Even within virtualized environments, a unique Drive Mapper capability presents data stored
in different sources through a single view. In fact, many customers have started using the
OneDrive for Business storage entitlements included in their Office 365 subscription only after
discovering that it integrates with Citrix Workspace. For even greater flexibility and choice,
the enterprise file sync and sharing technology in Citrix Workspace is now integrated with
Office 365 Teams, the new chat-based workspace in Office 365. As a result, in addition to the
OneDrive and SharePoint storage included in Teams, which gives every channel a SharePoint
folder, users can now share and collaborate on files with Citrix Workspace.
Mobile and desktop users love that they can easily collaborate on large files without the need
for FTP or VPN. Advanced digital rights management, e-signature and real-time workflows
allow people to be productive with just a single URL in minutes, eliminating the need for
While Microsoft offers Exchange Online hosted email as part of Office 365, some organizations
decide that the on-premises version of Exchange can better meet their needs. In this hybrid
scenario, Outlook Mobile, the version of the app for iOS and Android, cannot use the ActiveSync
data synchronization app, and cannot be managed using Microsoft Intune and the Microsoft
Enterprise Mobility Suite (EMS). In this instance, customers can use Citrix mobile email solution,
Within Citrix Workspace, a Microsoft Outlook plug-in allows users to insert links to files, upload
and send new files, and request files directly from Microsoft Outlook email messages. IT can
choose to have all attachments, or just attachments over a certain size, converted to Citrix
Workspace links to avoid email bounce-back or annoying file-size restrictions. Encrypted
files are transferred over a secure TLS connection and are stored at rest with AES 256-bit
Skype for Business is included as a cloud service with Office 365. Citrix Workspace provides
a real-time audio-video experience with Skype for Business on any endpoint, whether running
Windows, MacOS or Linux. Co-developed by Citrix and Microsoft, the Skype optimization pack
delivers optimal user experience in virtual environments and supports most native Skype
features and purpose-built Skype accessories. Delivering Skype centrally, instead of installing
it on each endpoint, increases the security of business communication because there are no
logs left behind and the user is always running the latest version of the software.
Figure 3 Access to all files on any device
6Citrix.com | White Paper | Maximize your investment in Microsoft Office 365 with Citrix Workspace
Network reliability and performance
With business-critical Office 365 apps delivered online, managing network reliability and
performance must be a top priority to prevent disruption and downtime—especially in remote
office and branch office scenarios. Latencies on the Internet, even within the same region, can
vary day-to-day and location-to-location, making Office 365 performance difficult to predict.
Citrix Workspace ensures network resiliency and always-on connectivity using software-
defined WAN technology. The solution aggregates multiple Internet links, then measures
latency, jitter and loss to create a map of the network underlay. This map is then used to direct
each application to the best path through the network in order to ensure a high-quality user
experience, even for challenging applications like Skype for Business that demand real-time
Powered by a rich portfolio of Citrix technologies
Citrix Workspace incorporates industry-leading Citrix technologies already driving value for
more than 400,000 organizations worldwide, including 99 percent of the Fortune 100 and 98
percent of the Fortune 500.
Citrix XenApp and XenDesktop technologies enable secure, remote access to Windows
applications and desktops as well as Linux, web and SaaS applications from any device, over
Citrix XenMobile technology delivers full access to unified endpoint management (UEM),
mobile device management (MDM), mobile application management (MAM), mobile content
management (MCM), secure network gateway and enterprise-grade mobile productivity apps
in one comprehensive solution.
Citrix ShareFile technology delivers enterprise-class data services across all corporate and
personal mobile devices, while maintaining total IT control. Users can access, sync and securely
share files from any device. Offline access keeps productivity up, even when users are on the go.
Citrix NetScaler SD-WAN technology combines real-time path selection, edge routing, stateful
firewall, end-to-end QoS and WAN optimization.
Citrix NetScaler Unified Gateway technology consolidates remote access infrastructure and
provide single sign-on across all applications whether in a datacenter, in a cloud or delivered
Figure 4 Increase network resiliency for branch locations