Amazon WorkSpaces gains AI agent access for desktop apps
Wed, 1st Jul 2026 (Today)
Amazon Web Services has made AI agent access to Amazon WorkSpaces Applications generally available, extending agent access to desktop applications through managed WorkSpaces environments.
The release targets companies that still rely on desktop software for core processes but cannot easily automate them because those systems lack modern application programming interfaces. The service lets agents connect to streaming sessions and interact with those applications while using existing governance and compliance controls.
Access is handled through a managed Model Context Protocol service endpoint. Agents authenticate through AWS Identity and Access Management, while activity logs are captured through AWS CloudTrail and Amazon CloudWatch.
Customers do not need to build new APIs, migrate existing applications, or add infrastructure to use agents with desktop software already running in their WorkSpaces environments. Early users tested agent-led workflows against legacy desktop software, internal tools, and Windows applications without modern APIs.
Three additions
The general availability release adds three features: MCP tool forwarding, real-time user control of agent sessions, and support for domain-joined fleets.
MCP tool forwarding is intended to reduce the need for screen-based automation at every step of a task. Instead of requiring an agent to complete all actions through a visual interface, organisations can install MCP servers inside a WorkSpaces session and expose those tools directly to the agent.
This allows an agent to read a file, query a database, or call an API through a direct tool call, while still falling back to visual interaction where no other interface exists. It creates a hybrid model in which desktop automation is reserved for tasks that genuinely require graphical interaction, such as work in older software or user interface testing.
It can also narrow the scope of visual tasks. Rather than asking an agent to complete an entire multi-step workflow through a desktop interface, a user can assign a smaller action within a legacy application while shifting other steps to direct tool use.
To use the feature, customers install an MCP server on an image builder and enable tool forwarding on the relevant stack. AWS highlighted the filesystem MCP as an initial option for file operations, such as reading and writing, without visual navigation.
User control
The second addition gives users direct oversight of an agent during a session. AWS said trust in automation improves when people can monitor what an agent is doing and intervene if needed.
User control mode can be configured at the stack level with three settings. VIEW_ONLY allows observation of the session, VIEW_STOP allows observation and lets a user immediately remove the agent's session access, and DISABLED runs agents without user visibility.
AWS described VIEW_STOP as a likely starting point for development and testing because it provides teams with a way to halt a session in real time. Organisations can then adjust the level of oversight depending on the workflow.
Directory identity
The third addition focuses on enterprise identity controls. Domain-joined fleets allow agents to operate under a recognised Active Directory identity, enabling businesses to apply the same fine-grained access policies used for human users and to attribute actions in audit logs to a directory identity rather than a generic agent account.
Certificate-based authentication is mandatory for agents in domain-joined fleets so they do not directly read or use production Active Directory credentials. The connection method also differs from that of non-domain-joined fleets.
For non-domain-joined fleets, customers use a streaming URL in the MCP client connection. For domain-joined fleets, streaming URLs cannot be used, so the MCP client must instead receive a signed SAML assertion from a SAML-integrated identity provider.
Monitoring tools
The service includes built-in monitoring for both development and production use. Screenshot storage in Amazon S3 records what the agent saw during a session, helping teams investigate unexpected behaviour.
CloudWatch metrics report session and error data, including invocations, latency, client errors, server errors, session start, and session end. CloudTrail logs agent connections, the tools agents used, and when sessions ended. Tool calls are recorded as data events if customers configure their trail to capture that level of detail.
AI agent access to Amazon WorkSpaces is available in regions that support an MCP endpoint.