The ability to control what goes in and out of the virtual desktop session is important, and one way to do that is through session policy configuration.
As a rule, IT admins should secure all input/output channels by default and then only allow access for specific users. IT should be able to centrally manage policies and easily apply role-based access with allows and denies when configuring policies.
Citrix wins this round because of the integrated Group Policy Object (GPO) engine in its Citrix Studio console. Citrix also offers session watermarking, which can display client and user-based information. If end users take screenshots or pictures, IT can know who took them and when they were taken.
VMware, on the other hand, relies on GPO .admx bundles to provide a way to even configure these settings. VMware has separate machine/user and protocol sections in its GPO Policy Pack, which makes configuration less intuitive and more complicated than Citrix Studio. VMware could fix this by integrating GPOs into its unified endpoint management console so IT can centrally configure policies. That would bring its session policy capabilities up to par with what Citrix offers.