Those parameters can added into condition set.  In Smart policies, the settings are only allow/disallow Drag&Drop, Printing, client drive/USB redirection.

But how to take action for restricting / disallowing access to VD when the user login using unauthorized machine (e.g. client computer name mismatch)  Thanks,

There is no such default settings in View/DEM to restrict complete VDI access from a specified client IP. You can may be restrict it at the external firewall level using network ACL to block access from a specified set of client IP address.

In another way, does UAG support client certification authentication?

Did you figure this out? i am also trying to prevent access from any device but the device we provide the user. which currently the users that have remote access can connect from ANY device.. not just company provided devices.

Hello 

You could think of integrating the UAG with Azure AD and configuring conditional access and eventually enabling the MFA. If you want some details I can give it to you.

Bye Fabio 

Hi,

I'm also trying to find solution to prevent access from any device (home PC) and allow remote VDI users to access Horizon only from Tera2 Zero Clients (not Win based client) through a UAG. The Device Certificate authentication could be the solution, but we already use RADIUS as Azure MFA (which is mandatory). But both x509 and Radius authentication are not supported by UAG.  

@fabio1975maybe there is an option to manage with Azure AD conditional access era2 Zero Client as well?

Maybe anyone has other recommendations on how to implement this?

Ciao @tsajauka 

I work with horizon infrastructures that used Tera2 (Teradici PCoIP) Thin Client, but only one I try to use MFA without success, and I find this Teradici KB.
To use Azure conditional access I suppose we need to use SAML to dialogue to UAG, and Tera2 Thin Client I remember it does not support SAML.

@fabio1975  could you point to mentioned Teradici KB