This article describes the feature limitation when using Citrix Secure Mail with Microsoft Exchange configured with Certificate Based Authentication.
Microsoft’s article that details Authentication options for EWS can be accessed here. As per this document, the recommended authentication is only NTLM for Exchange On-Premise and OAuth for Exchange Online.
Since Microsoft does not claim support for Certificate Based Authentication against EWS for either Exchange On-Premise or Exchange Online, Citrix Secure Mail might fail to authenticate and subscribe to Push Notifications.
Certificate Based Authentication against EWS might succeed in some cases and Push Notifications for Citrix Secure Mail will be functional as long as subscription to push notifications succeeds. In cases of failure, there will be no support for environments configured with Certificate Based Authentication against EWS (since it is not supported by Microsoft).
Recommendation
In case of failure to subscribe to EWS for push notifications, Citrix recommends that the policy for Push Notifications is configured to “OFF”.
Impact
Badge count updates and Background Sync will continue to work but will be done locally by the app and not through the remote push notifications. If the app is terminated, badge updates and background sync will not work.