AWS Workspaces - User Access and first time setup

Title: AWS Workspaces User Access Initial Setup

Number: N/A

Effective Date: 3/14/2025

HIPAA Citation: N/A

Revision Date: 3/14/2025

Last Updated By: Ivan Elion Lomeli

PURPOSE:

This document will go over the initial setup of an Amazon Web Services (AWS) Workspaces. There are light definitions of two different types of workspaces however the use case is the same. Any deviations from standard operating procedures must be authorized by the director, and may be subject to approval to Senior Cloud Staff

SCOPE:

Persistent: These machines stay on 24/7 and update once a month and are not generally available for staff - these are reserved for Special Task Groups (STG's), external reviewers, vendors, or IT Staff. Deployment of these assets requires direct approval from supervisor as there is costs associated.

Pools: More general use desktop's as a service model - where users are able to log into an auto-scaling fleet of machines to work in a desktop platform - these machines ARE volatile and will terminate themselves after the user disconnects, or the user has been idle for an extended period of time. ALL KSM users are authorized for these machines. In order to save session data from machine to machine - FSLogix is utilized for these and is stored on KSMAWSSHARE02 - See (PENDING DOCUMENT) for Profile resets.

POLICIES AND PROCEDURES:

Client Launching:

Launch the Amazon WorkSpaces Client on the desktop or from start menu
A registration code should automatcally apply, (if this computer was a previous users, you will have to enter: SLiad+LGJ8JB
Note, if the user has access to multiple environments (INDY,CSA,NEWSITE) you will need to switch registration codes as illustrated
Next, click on Continue to sign into WorkSpaces, this will launch a browser (system preferences) and require the user to sign in (if the user has already authenticated, allow the redirection to proceed)
1. Note you may need to allow the browser to launch the session
Once launched, you will begin your loading into the environment

M365 configuration:

After the system loads, log into M365 as you would on a laptop or another device
Note you may need to untick the Allow my organization to manage my device at the time of this writing there is a WAM bug issue that impacts physical and virtual environments.
Process the Outlook configuration/onedrive and allow syncing.

Ending Session gracefully:

When complete, as mentioned above, these systems are volatile if using pools. Click on the top Amazon Workspaces and End Session

RESPONSIBILITIES:

This platforms backbone infrastructure is managed by AWS however KSM Infrastructure team is responsible for managing the scaling policies as needed to meet demand. Business applications team is responsible for pushing any application changes but can engage infrastructure to update imaging if needed. Patching is to follow the Server patching SOP-0018

Users are automatically enrolled through user creation onboarding and are authorized for pools.

Application install is handled through intune and configuration of the accounts through intune.

APPROVED BY:

Ivan Elion Lomeli - Senior Cloud Infrastructure Engineer