Navigating the Windows 10 to 11 Migration for Amazon WorkSpaces Personal

As the deadline approaches for Windows 10 Enterprise, which will reach its end-of-support (EOS) on October 14, 2025, it becomes imperative for end-user computing administrators to transition to Windows 11. This article provides a detailed overview of the migration process for Amazon WorkSpaces Personal users utilizing the Bring Your Own License (BYOL) model.

Scope

This guide is tailored for customers who are currently operating or contemplating the use of Windows BYOL workloads. It is essential to clarify that this guidance does not extend to WorkSpaces that include Windows licenses, such as those labeled “Performance with Windows 10 (Server 2022 based).” These WorkSpaces operate on Windows Server, which has a distinct EOS timeline. For further details, refer to the lifecycle pages for Server 2016, Server 2019, and Server 2022. Additionally, this guide does not apply to Windows 10 LTSC 2019 or 2021 for similar reasons; please consult the respective lifecycle pages for more information.

Post-EOS Considerations

Once Windows 10 reaches its EOS date, the following points must be noted:

• Existing Windows 10 WorkSpaces will remain operational.
• Provisioning of Windows 10 WorkSpaces from existing custom bundles will still be feasible.
• However, importing new Windows 10 images into WorkSpaces will no longer be supported.

Migration Paths

Windows 11 introduces advanced security features that leverage TPM and UEFI Secure Boot technology. To harness these enhanced security capabilities, a new instance supporting these technologies is necessary, rather than opting for an in-place upgrade. Amazon WorkSpaces facilitates migration through two primary pathways:

1. WorkSpaces Migration API [recommended].
2. New Windows 11 WorkSpaces Infrastructure.

AWS Well-Architected: Profile Independence

Prior to initiating a WorkSpace migration, several preparatory steps are crucial. It is vital to back up any important data from the C: drive to an alternative location, as this drive will be entirely erased during the migration. Ensure that the WorkSpace is at least 12 hours old to confirm that a snapshot of the user volume has been created. You can check the timestamp of the last snapshot on the Migrate WorkSpaces page within the Amazon WorkSpaces console. Be aware that any data generated after the last snapshot will be lost during migration. To mitigate potential data loss, users should log out of their WorkSpaces and remain logged out until the migration concludes. Additionally, confirm that the WorkSpaces slated for migration have a status of AVAILABLE, STOPPED, or ERROR.

It is also advisable to back up user profiles to shared storage solutions such as Amazon FSx, utilizing tools like Liquidware ProfileUnity or Microsoft FSLogix. Verify that sufficient IP addresses are available for the migrating WorkSpaces, as new IP addresses will be allocated during the process. If scripts are employed for migration, it is prudent to migrate WorkSpaces in batches of no more than 25 to effectively monitor for exceptions.

Option 1: WorkSpaces Migration API

The WorkSpaces Migration API offers a straightforward migration process with several advantages. This method does not necessitate the establishment of new infrastructure, thus avoiding additional costs, making it an efficient choice for many organizations. Furthermore, users can retain their existing Registration Code, minimizing disruption to their workflow.

However, it is important to note that this approach is a one-way migration, lacking a rollback option. If users find that critical files previously stored on their Windows 10 WorkSpace’s C: drive are missing post-migration, these files cannot be recovered. Therefore, while this method provides simplicity and cost-effectiveness, it requires meticulous planning and communication with end-users to ensure all essential data is accounted for before migration begins.

Steps:

1. Import your new Windows 11 BYOL image.
2. Launch a Windows 11 BYOL WorkSpace from your new BYOL image.
3. On your new Windows 11 BYOL WorkSpace, apply necessary customizations and install essential programs, such as your management agent and security agents.
4. Create a custom image and bundle from this new Windows 11 BYOL WorkSpace.
5. Using the custom bundle, launch a second Windows 11 BYOL WorkSpace and validate its full functionality.
6. Once validated, migrate end users in small batches from their current Windows 10 bundle to the new Windows 11 bundle.

Option 2: New Windows 11 BYOL WorkSpaces Infrastructure

Establishing new Windows 11 BYOL WorkSpaces infrastructure allows for more granular control over the migration process, akin to replacing an end user’s laptop with a newer model. This option affords employees the time to transfer their documents and preferences between the old and new WorkSpaces. Additionally, it provides the flexibility to roll back if issues arise, as both Windows 10 and Windows 11 environments can coexist temporarily.

Nonetheless, this approach requires careful planning and coordination, as it is more manual and resource-intensive. Administrators must consider factors such as VPC and subnet utilization, directory services setup, and Active Directory management. Furthermore, this option may incur additional costs due to the necessity of running parallel environments during the transition. To mitigate these costs, it is advisable to perform this migration near the end of the billing cycle and terminate the existing WorkSpaces just prior to the end of the month. While this option offers greater control and a safety net, it demands more time, effort, and potentially more resources from the IT team. Organizations should evaluate these factors against their specific needs and capabilities when determining their migration strategy.

Steps:

1. Import your new Windows 11 BYOL image.
2. Launch a Windows 11 BYOL WorkSpace from your new BYOL image, ideally within the new AD Connector instance created for your Windows 11 infrastructure.
3. On your new Windows 11 BYOL WorkSpace, apply important customizations and install essential programs, such as your management agent and security agents.
4. Create a custom image and bundle from this new Windows 11 BYOL WorkSpace.
5. Using your new AD Connector setup and your new custom bundle (and custom VPC if applicable), launch Windows 11 instances for your end users.
6. Provide end users with the new registration code for their Windows 11 WorkSpaces, advising them to migrate their files and data as needed.
7. Once ready, delete the original Windows 10 BYOL WorkSpaces using either the console or the API.
8. Clean up any infrastructure specific to the old WorkSpaces that is no longer needed, such as Directory Services instances and VPCs.
9. Remove any Active Directory computer objects that are no longer required.