Amazon WorkSpaces adds new security features to manage which client devices can access WorkSpaces

Posted on: Jun 19, 2017

Amazon WorkSpaces now provides you additional options to manage which client devices can access your WorkSpaces. This new feature allows you to limit WorkSpaces access to trusted devices only. You can manage access to your WorkSpaces from macOS and Microsoft Windows PCs using your digital certificates. You can also allow or block access for iOS, Android, Chrome OS, and zero clients, as well as the WorkSpaces Web Access client. With these new capabilities, you can further improve your security posture.

Client device access policies are set at the Amazon WorkSpaces directory level, and they are applied to all WorkSpaces associated with the directory. There are two ways you can use client device access controls from the WorkSpaces management console. First, for macOS and Windows devices, you can use digital certificates to set access policies based on operating systems, OS versions, and patch levels. To get started, upload your root certificates to the WorkSpaces management console and install the correlating client certificates on the macOS and Windows devices you want to trust. When a user signs in to their WorkSpace, the client app uses the installed certificates to establish a trusted relationship. If a trusted relationship cannot be established, the connection is blocked.

Secondly, you can control client device access to WorkSpaces by device type, choosing to allow or block iOS, Android, Chrome OS, and zero clients, as well as access from the WorkSpaces Web Access client. Connection requests are completed only for the device types you set to allow access. For more information about controlling which devices can access your WorkSpaces see Restrict WorkSpaces Access to Trusted Devices.

This feature is available today in all AWS Regions where Amazon WorkSpaces is offered. To implement these new security features, you will need to update your WorkSpaces client app on all your devices. To get started, see the Amazon WorkSpaces Client Download Page.

To start managing which client devices can access your WorkSpaces, log in to the WorkSpaces management console.