Amazon Web Services has made AI agent access to Amazon WorkSpaces applications generally available and expanded agent access to desktop applications through managed WorkSpaces environments.
This release is aimed at businesses that still rely on desktop software for core processes, but these systems lack modern application programming interfaces and cannot be easily automated. This service allows agents to connect to streaming sessions and interact with those applications while using existing governance and compliance controls.
Access is handled through managed Model Context Protocol service endpoints. Agents are authenticated through AWS Identity and Access Management, and activity logs are captured through AWS CloudTrail and Amazon CloudWatch.
Customers do not need to build new APIs, migrate existing applications, or add infrastructure to use the agent with the desktop software already running in their WorkSpaces environments. Early users tested agent-driven workflows against traditional desktop software, internal tools, and Windows applications without using modern APIs.
3 additions
The general availability release adds three features: MCP tool transfer, real-time user control of agent sessions, and support for domain-joined fleets.
MCP tool transfer is intended to reduce the need for screen-based automation at each step of a task. Instead of having agents complete all actions through a visual interface, organizations can install an MCP server within a WorkSpaces session and expose those tools directly to agents.
This allows agents to read files, query databases, and call APIs through direct tool calls while falling back to visual interactions where no other interface exists. This creates a hybrid model where desktop automation is reserved for tasks that truly require graphical interaction, such as working with older software or testing user interfaces.
It can also reduce the scope of visual tasks. Rather than asking an agent to complete an entire multi-step workflow through a desktop interface, users can assign small actions within legacy applications while moving other steps directly into the tool.
To use this feature, customers install an MCP server on the image builder and enable tool forwarding on the relevant stack. AWS highlighted file system MCP as the initial option for file operations such as reads and writes that do not use visual navigation.
user control
The second addition allows users to directly monitor the agent during a session. AWS said trust in automation increases when people can monitor agent behavior and intervene when necessary.
User-controlled mode can be configured at the stack level using three settings. VIEW_ONLY allows monitoring of the session, VIEW_STOP allows monitoring and allows the user to immediately remove the agent’s session access, and DISABLED runs the agent transparently to the user.
AWS explained that VIEW_STOP provides teams a way to stop sessions in real time, so it’s likely a starting point for development and testing. Organizations can adjust the level of monitoring depending on their workflow.
Directory identity
The third addition focuses on enterprise identity controls. Domain-joined fleets allow agents to operate under a recognized Active Directory identity, allowing enterprises to enforce the same granular access policies used for human users and associate actions in audit logs with directory identities rather than generic agent accounts.
Certificate-based authentication is required for domain-joined fleet agents, so they don’t directly read or use production Active Directory credentials. The connection method also differs from the connection method for non-domain-joined fleets.
For non-domain-joined fleets, customers use streaming URLs with MCP client connections. For domain-joined fleets, streaming URLs are not available and MCP clients must instead receive a signed SAML assertion from a SAML unified identity provider.
monitoring tools
This service includes built-in monitoring for both development and production use. Amazon S3 screenshot storage records what the agent sees during the session and helps your team investigate unexpected behavior.
CloudWatch metrics report session and error data such as calls, latency, client errors, server errors, session starts, and session ends. CloudTrail logs the agent’s connection, the tools it used, and the time the session ended. If a customer has configured their trail to capture a level of detail, tool calls are logged as data events.
Access to Amazon WorkSpaces with AI agents is available in regions that support MCP endpoints.
