Amazon recently added multifactor authentication (MFA) to its cloud-based e-mail service and Microsoft Exchange competitor WorkMail. Previously, only workarounds were available to apply some form of MFA to this service.
Recently, it has become possible to provide WorkMail with MFA by connecting to IAM Identity Center, AWS’ identity and access management service. However, MFA is not enabled by default for WorkMail. Administrators must manually configure MFA by adding each WorkMail user within their organization to IAM Identity Center. Other IAM services, such as Okta or Microsoft Entra ID, can also do this.
Previous workarounds
Although late, the MFA now available through IAM Identity Center is not the first way to enable MFA for WorkMail. As of late 2022, applying MFA via a workaround was possible, thanks to AWS’ support of SAML 2.0 for WorkSpaces.
In addition, Amazon offered MFA for WorkMail through the AWS Directory Service. However, this setup was complex and only supported AWS-managed Microsoft Active Directories. Integration through IAM Identity Center has simplified MFA functionality for the AWS enterprise email and calendar service.
Workmail from Amazon
Amazon WorkMail is a relatively unknown product. Launched in 2016 as a competitor to Microsoft Exchange, it primarily targets organizations that have migrated to AWS but still use Exchange for email.
From the start, the service integrates with various email applications from other providers, such as Outlook, Apple Mail and third-party email apps for iOS or Android. WorkMail also features a webmail portal.
Also read: As of October, MFA is mandatory for Microsoft Azure portal, Entra and Intune