Prerequisites for using Microsoft BYOL with Amazon WorkSpaces
Before you begin, verify the following:
-
Your Microsoft licensing agreement allows Windows to run in a virtual hosted environment.
-
If you will be using non-GPU-enabled bundles (bundles other than Graphics.g4dn, GraphicsPro.g4dn, Graphics, and GraphicsPro), verify that you will use a minimum of 100 WorkSpaces per Region. These 100 WorkSpaces can be any mix of AlwaysOn and AutoStop WorkSpaces. Using a minimum of 100 WorkSpaces per Region is a requirement for running your WorkSpaces on dedicated hardware. Running your WorkSpaces on dedicated hardware is necessary to comply with Microsoft licensing requirements. The dedicated hardware is provisioned on the AWS side, so your VPC can stay on default tenancy.
If you plan to use GPU-enabled (Graphics.g4dn, GraphicsPro.g4dn, Graphics, and GraphicsPro) bundles, verify that you will run a minimum of 4 AlwaysOn or 20 AutoStop GPU-enabled WorkSpaces in a Region per month on dedicated hardware.
Note
-
GraphicsPro bundle reaches end-of-life on October 31, 2025. We recommend migrating your GraphicsPro WorkSpaces to supported bundles before October 31, 2025. For more information, see Migrate a WorkSpace in WorkSpaces Personal.
-
Graphics bundle is no longer supported after November 30, 2023. We recommend migrating your WorkSpaces to Graphics.g4dn bundle. For more information, see Migrate a WorkSpace in WorkSpaces Personal.
-
Graphics and GraphicsPro bundles aren't available in the Asia Pacific (Mumbai) Region.
-
Graphics.g4dn, GraphicsPro.g4dn, Graphics, and GraphicsPro bundles are not available in the Africa (Cape Town) Region and the Israel (Tel Aviv) Region.
-
To run your WorkSpaces in the Africa (Cape Town) Region, you are required to run a minimum of 400 WorkSpaces in the Africa (Cape Town) Region.
-
Windows 11 bundles can be created for DCV for WorkSpaces. Windows 11 bundles are also supported for partner protocols with WorkSpaces Core.
-
Graphics and GraphicsPro bundles are not supported for Windows 11.
-
Value bundles are not available for Windows 11 and WorkSpaces Pools. For more information about migrating your existing value bundle WorkSpaces see Migrate a WorkSpace in WorkSpaces Personal.
-
For the best video conferencing experience we recommend using Power or PowerPro bundles
-
Windows 11 requires the Unified Extensible Firmware Interface (UEFI) boot mode to function. Make sure you specify the optional
--boot-modeparameter as UEFI to successfully import of your VM.
-
-
WorkSpaces can use a management interface in the /16 IP address range. The management interface is connected to a secure WorkSpaces management network used for interactive streaming. This allows WorkSpaces to manage your WorkSpaces. For more information, see Network interfaces. You must reserve a /16 netmask from at least one of the following IP address ranges for this purpose:
-
10.0.0.0/8
-
100.64.0.0/10
-
172.16.0.0/12
-
192.168.0.0/16
-
198.18.0.0/15
Note
-
As you adopt the WorkSpaces service, the available management interface IP address ranges frequently change. To determine which ranges are currently available, run the list-available-management-cidr-ranges AWS Command Line Interface (AWS CLI) command.
-
In addition to the /16 CIDR block that you select, the 54.239.224.0/20 IP address range is used for management interface traffic in all AWS Regions.
-
-
Make sure you have opened the necessary management interface ports for Microsoft Windows and Microsoft Office KMS activation for BYOL WorkSpaces. For more information, see Management interface ports.
-
You have a virtual machine (VM) that runs a supported 64-bit version of Windows. For a list of supported versions, see the next section in this topic, Windows versions supported for BYOL. The VM must also meet these requirements:
-
The Windows operating system must be activated against your key management servers.
-
The Windows operating system must have English (United States) as the primary language.
-
No software beyond what is included with Windows can be installed on the VM. You can add additional software, such as an antivirus solution, when you later create a custom image.
-
Do not customize the default user profile (
C:\Users\Default) or make other customizations before creating an image. All customizations should be made after image creation. We recommend making any customizations to the user profile through Group Policy Objects (GPOs) and applying them after image creation. This is because customizations done through GPOs can be easily modified or rolled back and are less prone to error than customizations made to the default user profile. -
You must create a WorkSpaces_BYOL account with local administrator access before you share the image. The password for this account might be required later, so make note of it.
-
The VM must be on a single volume with a maximum size of 70 GB and at least 10 GB of free space. If you're also planning to subscribe to Microsoft Office for your BYOL image, the VM must be on a single volume with a maximum size of 70 GB and at least 20 GB of free space. The DISK that the root volume is on cannot exceed 70GB.
-
Your VM must run Windows PowerShell version 4 or later.
-
-
Make sure that you have installed the latest Microsoft Windows patches before you run the BYOL checker script in Confirm that the Windows VM in Amazon WorkSpaces meets the requirements for Microsoft BYOL.
-
The Windows default system unattend files in the
%WINDIR%\pantherand%WINDIR%\panther\unattendpaths should not be modified.
Note
For BYOL AutoStop WorkSpaces, a large number of concurrent logins could result in significantly increased time for WorkSpaces to be available. If you expect many users to log into your BYOL AutoStop WorkSpaces at the same time, please consult your account manager for advice.
Encrypted AMIs are not supported in the importing process. Ensure you disable the instance used to create the EC2 AMI has EBS encryption. Encryption can be enabled after the final WorkSpaces is provisioned.
