Last week, I had a request from a customer that the MFA authentication suddenly stopped working. The customer then installed the latest NPS MFA extension and also ran the troubleshooting script for MFA, but nothing was found. In the end, he asked me for short-term support. A look at the MFA event log showed a critical error with: "CLIENT_CERT_IDENTIFIER" and thus a finger pointing to the local certificate on the NPS server. The certificate with the Azure tenant ID can be found in the personal certificate store, and this was still valid until one day before! A new certificate for the Azure Multi-Factor Auth Client must be generated, but how?

Recently I showed how Citrix Cloud Network Locations can be updated for dynamic IP addresses. The Citrix HDX traffic and "SmartAccess" policies are thus updated, but what about the Microsoft MFA logon to Citrix Cloud or single sign-on? Single sign-on to Citrix Cloud works from the internal network as long as the named location for conditional access in Microsoft Entra is correct. Here too, the IP address can change repeatedly with dynamic IPs and must then also be adjusted. Here again a script-based solution that I use myself.

Citrix recently published Cloud Network Locations to get back some "SmartAccess" options customers had with Netscaler ADC. With the Network Locations set, you can use TAGs to enable or disable policies, for instance. This is nice for a company with owned fixed public IP-addresses, but what if you have a dynamic IP-address that might change now and then? Here is a solution that I use myself.

With Office 365, the default mail client is not set to Outlook. It sounds like a simple issue, but after a long search for a solution, it ends with a surprise! All starts with using the Adobe Acrobat Reader function to send a PDF document through the default email client. However, the use ends with an error message that no default email client is available. The default email client is defined under the registry key HKLM\SOFTWARE\Clients\Mail, but precisely that key is deleted when ending Outlook!

Printer can be mapped within a Citrix session in different ways. Next to Microsoft group policies, scripts, tools, you can also use Citrix Workspace Environment Manager (WEM) to map defined printers to end devices. A similar option exists within Citrix Studio, but here is a short explanation on how to use the Use Device Mapping Printers File with WEM.

There are many Powershell scripts for Microsoft Teams available to set different options like GPU etc. including to set Teams as Chat App. So, to activate Teams as Chat App should be simple, but unfortunately not. The scripts all work after schema F, but that doesn't work with the Chat App function. When moving from Skype the Instant Messaging (IM) Integration of Teams is important, for instance to see within Microsoft Outlook if someone is online right now. To help users and the helpdesk, this option should be set during logon by a Powershell script, but how?