Desktop and Application Streaming

Announcing native Entra ID and Intune support for Amazon WorkSpaces

At AWS, we love to give our customers the flexibility to choose the best virtual desktop solution for their specific needs through a broad range of infrastructure, operating system, and productivity application options. Today, we are expanding customer choice with the announcement of Microsoft Entra ID and Intune integration with Amazon WorkSpaces Personal.

With this launch, WorkSpaces Personal supports both AD and non-AD domain joined virtual desktops. For customers that want to use Entra ID for identity management, AWS IAM Identity Center (IdC) acts as an identity broker to ensure user identity data automatically remains synchronized between AWS and Entra ID. Additionally, WorkSpaces Personal now natively supports Intune, allowing administrators to manage an entire fleet of physical and virtual desktops through a single endpoint management system. Since end users log in to WorkSpaces Personal as Entra ID users, they can access Microsoft 365 Apps for enterprise without an additional Entra ID login.

Getting started with Entra ID for WorkSpaces

To get started, review the admin guide. Once the prerequisites are in place, you can create a directory connector by entering the Entra ID, tenant ID, and the secrets that you created when setting up Graph API.

  1. Open the WorkSpaces Console.
  2. In the navigation pane, choose Directories.
  3. Choose Create directory.
  4. Under WorkSpace type choose Personal.
  5. Under WorkSpaces device management, choose Microsoft Entra ID.Create Entra ID Directory
  6. Enter the Microsoft Entra tenant ID and choose Entra Application ID and password from AWS Secrets Manager.
    Create Entra ID Directory
  7. Under IAM Identity Center choose the Identity Center Instance created in the prerequisites.
    Create Entra ID Directory
  8. Under Directory information, enter Directory name and Directory description. Choose VPC, Subnet 1, and Subnet 2.
    Create Entra ID Directory
  9. Under Configuration choose Enable dedicated WorkSpace.
    Create Entra Directory
  10. Choose Create Directory.

Deploying an Amazon WorkSpace with Entra ID join

Once the prerequisites are in place and the directory connector is set up, you can deploy the WorkSpace via the familiar AWS Console or by using the CLI.

First time login for end users

When users connect to their WorkSpace for the first time, they will be prompted with the out-of-box experience. This is the same experience that users are accustomed to if they are using Autopilot on a desktop or a laptop today.EntraID User Login

Managing your WorkSpaces instances

Once the user completes the out-of-box experience, the WorkSpace is joined to Entra ID and managed by Intune without any additional configuration changes. From here you can deploy applications, apply patches, and make configuration changes as necessary.

Manage WorkSpace with Intune

Conclusion:

In this post, we discussed how to set up and deploy Amazon WorkSpaces with Entra ID and Intune. For more information, see Create a directory for WorkSpaces Personal. If you have any questions, please reach out to your AWS support team.

Dan is a Senior AWS End User Compute Solutions Architect, focusing on helping customers configure and optimize end-user computing solutions. Dan also focuses on EC2, Microsoft, and Linux based workloads. Dan has been at AWS since March 2016, and was a Premium Support escalation engineer and Specialist Technical Account Manager prior to becoming a specialist Solutions Architect.
Dave Jaskie Dave Jaskie brings 15 years of experience in the End User Computing space. Outside of Work, Dave enjoys traveling and hiking with his wife and 4 kids.
Gekai Gekai Zou is Sr. Product Manager Technical in AWS End User Computing. Gekai has been with AWS since 2019. Outside of work, Gekai enjoys camping and skiing with his family.