Jump to content
Updated Privacy Statement

PoC Guide: Configuring Non-Domain Joined Virtual Desktops in Citrix DaaS

  • Contributed By: Steve Beals


Many organizations need to support non-domain joined solutions where the Citrix-accessed virtual machine is not managed through Active Directory. Several use cases that can require this type of configuration include:

  • Providing non-domain joined desktops to developers or contractors where local administrator rights are needed to install specific applications.
  • Researchers in the healthcare space that require these same rights.
  • Temporary workforce where the workload are only needed for a short time.

With Citrix DaaS and Citrix Gateway service support for non-domain joined Virtual Delivery Agents (VDA), this is achievable.

The following guide provides the requirements and step-by-step instructions to create and configure a non-domain joined Windows 11 virtual machine hosted in Azure, a machine catalog and delivery group using Citrix DaaS, and access to end users via Citrix Workspace or Citrix Workspace app.

Requirements and Prerequisites

Review the requirements for creating and accessing non-domain joined virtual machines via Citrix DaaS. Both single-session (desktops only) and multi-session (apps and desktops) are supported.

For this POC Guide, the following are being used:

  • A current Citrix DaaS subscription.
  • Single-session Windows 11 image hosted in Azure.
  • Citrix VDA 2303
  • Rendezvous v2 enabled.
  • Azure Active Directory for Citrix Workspace authentication.


Service continuity is not supported for non-domain joined VDAs.

Enable Authentication for Citrix Workspace

Citrix Workspace supports several authentication identity providers to allow users access to non-domain joined virtual machines including:

  • Azure Active Directory
  • Active Directory
  • Active Directory and Token
  • Okta
  • Google IdP
  • SAML
  • Citrix Gateway
  • Adaptive Authentication

Azure Active Directory is being used for this POC Guide. Ensure that the authentication option you have chosen is connected to your Citrix Cloud tenant in Identity and Access Management. Refer here for the instructions to connect an identity provider.

Configure Azure Active Directory authentication for Citrix Workspace

  1. From the Citrix Cloud menu, select Workspace Configuration.




  2. Select Authentication.




  3. Select Azure Active Directory, select I understand the impact on the subscriber experience, then click Confirm.




Create Windows Virtual Machine

Non-domain joined machines are supported on all platforms supported by Citrix Machine Creation Services (MCS). In this step, you create the Windows virtual machine on any supported hypervisor or hyperscaler supported for MCS. In our case, Microsoft Azure is being used. Once your virtual machine is created, follow these steps:

  1. RDP into your virtual machine

  2. Download the latest release and correct OS type release of the Citrix Virtual Delivery Agent

  3. Install the required applications.

  4. Run the VDA setup




  5. Select Create a master MCS image, then click Next.




  6. In the Core Components window, click Next.




  7. Select any Additional Components your deployment requires, such as Citrix Profile Management and Machine Creation Services storage optimization, click Next.




  8. In Delivery Controller, select Let Machine Creation Services do it automatically, Click Next.




  9. Click Next.




  10. Select Automatically, click Next.




  11. Review the summary page, click Install.




  12. When the installation is complete, click Finish and let the machine restart.




  13. Once the machine restarts, edit the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\VirtualDesktopAgent




Create Machine Catalogs

  1. Click Machine Catalogs, then click Create Machine Catalog.




  2. Select Single-session OS for the Machine Type, click Next.




  3. In Machine Management, select Machines that are power managed, Citrix Machine Creation Services (MCS), and the appropriate resources from the drop-down list. click Next.




  4. Select I want users to connect to the same (static) desktop each time they log on and Yes, create a dedicated virtual machine and save changes on the local disk for the Desktop Experience, click Next.




  5. Select the Master Image, set the VDA functional level to 2206 (or later), click Next.




  6. Select your storage and Windows license type, click Next.




  7. In Virtual Machines, choose the number of virtual machines to create and the machine size, click Next.




  8. Choose non-domain-joined for the Identity type, provide a name for desktops, click Next.




  9. On the summary page, provide a name for the Machine Catalog, click Finish.




  10. The Machine Catalog is now being created. Once complete, move on to creating the Delivery Group.




Create Delivery Groups

  1. Select Delivery Groups, then click Create Delivery Group.




  2. Select the desktops and number of machines to add, then click Next.




  3. Select Desktops as the delivery type, click Next.




  4. Choose Leave user management to Citrix Cloud option, then click Next.




  5. Select your license type, then click Next.




  6. Review the summary, give the Delivery Group, and display a name, then click Finish.




Your Non-domain joined Delivery Group is now ready.




Create Rendezvous Citrix Policy

  1. Click Policies




  2. Click Create Policy




  3. Find the Rendezvous Protocol settings and click Select.




  4. Select Allowed, then click Save.




  5. Click Next




  6. Choose the policy assignment method by Delivery Group.




  7. Select the delivery group in the drop-down list, ensure Enable is selected, then click Save.




  8. Click Next.




  9. Select Enable policy, name the policy, and then click Finish.




The rendezvous protocol policy is now enabled.




Assign Desktops

  1. On the Citrix Cloud home page, click View Library.




  2. Click the ellipsis for the Non-domain Joined Windows 11(Desktops) and select Manage Subscribers




  3. Begin to type the name of the user, then select the user.




  4. Once all users/groups have been Subscribed, close the screen.




Launch Desktop

  1. Connect to your Workspace URL, and provide credentials for login.





  2. Select the desktop to launch.





This guide walked you through creating a non-domain joined Windows 11 virtual machine in Microsoft Azure. You learned how to enable Azure Active Directory for your Citrix Cloud tenant, create a Windows 11 master image, Machine Catalog, Delivery Group, and a Citrix Policy to enable the Rendezvous protocol. Lastly you assigned the desktops via the Citrix Cloud library and then accessed them via Citrix Workspace. Please refer to the following references for any additional information on the topics covered in this POC Guide.

Citrix DaaS Non-domain joined VDA

Rendezvous V2

User Feedback

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...