Elevate Your Email Experience: Unveiling the Power of Amazon WorkMail

Introduction:

Step into the future of business communication with Amazon WorkMail, where seamless collaboration meets robust security. In a world where effective email communication is pivotal, Amazon WorkMail stands out as a game-changing solution. This blog is your gateway to exploring the advanced features, unparalleled flexibility, and heightened security that Amazon WorkMail brings to the table. Join us as we unravel the potential of this cutting-edge email service, and discover how it can revolutionize the way your team communicates, paving the way for a more connected and productive work environment. Welcome to the next frontier of email solutions — welcome to Amazon WorkMail.

What is Amazon WorkMail:

Amazon WorkMail stands out as a secure and fully managed business email and calendar service, providing robust support for various desktop and mobile email client applications. Users enjoy seamless access to their email, contacts, and calendars through their preferred client application, be it Microsoft Outlook, native iOS and Android email apps, any client supporting the IMAP protocol, or a web browser.

The service offers flexibility by integrating smoothly with your existing corporate directory. It goes beyond basic functionality, enabling email journaling to meet compliance requirements and providing control over both data encryption keys and storage location. This ensures a high level of security and compliance with data management policies.

Additionally, Amazon WorkMail offers interoperability with Microsoft Exchange Server, facilitating a smooth transition for organizations with existing setups. For those looking to customize their experience, the Amazon WorkMail SDK allows for programmatically managing users, groups, and resources.

In essence, Amazon WorkMail combines user-friendly accessibility, strong security measures, compliance capabilities, and customization options, making it a comprehensive solution for businesses seeking a reliable and adaptable email and calendar service.

Amazon WorkMail Features:

Migration Assistance:

Collaborates with audriga and Transend for easy migration.

• Migrate from Microsoft Office 365, Microsoft Exchange, Google Apps, IMAP, and POP.

Microsoft Outlook Compatibility:

• Native support for Microsoft Outlook on Windows and Mac.
• Supports advanced Outlook features like scheduling, delegation, and out-of-office replies.

Security:

• Automatic data encryption at rest using AWS Key Management Service.
• Full control over data locality and storage region.
• Spam and virus protection for incoming and outgoing emails.

Integration:

• Seamless integration with Microsoft Active Directory.
• Interoperability with Microsoft Exchange Server 2010 and 2013.
• Administrative SDK for native integration with existing services.

Web and Mobile Access:

• Feature-rich web client for email and calendar management.
• Mobile Device Management (MDM) for enforcing security policies.
• Access via major mobile devices supporting Microsoft Exchange ActiveSync.

Collaboration:

• Resource booking for meetings and equipment.
• Journaling for recording all email communication.
• Integration with AWS CloudTrail for governance and compliance.

Scalability:

• Large 50 GB mailbox size by default.
• Cost-effective pay-as-you-go pricing model.

IMAP Support:

• Access email with any IMAP-supported client.
• SMTP gateway for sending emails through WorkMail.

Email Flow Rules:

• Customize email flow rules for filtering inbound email traffic.

Free Migration Support:

• Amazon covers usage fees and basic support costs for audriga or Transcend migration tools (limited-time offer).

Use case for Amazon Workmail (For This Blog)

I’m gearing up to dive into AWS Landing Zone services, specifically using Automation Framework (AFT) and Landing Zone Automation (LZA). To set up multiple accounts smoothly, I need a valid email ID for each. As I was searching for an email provider that won’t break the bank, I found Amazon WorkMail.

Amazon WorkMail is like an email helper from AWS. It keeps things secure and well-organized. What’s cool is that it fits perfectly with the Landing Zone setup I’m working on. It’s not just easy on the budget but also brings in handy features, like working with different email apps and making sure our emails are safe and sound.

Choosing Amazon WorkMail for this project means a hassle-free way to handle emails connected to the AWS accounts I’m setting up. It’s a win-win situation with its user-friendly features, integration options, and cost-effectiveness. Looking forward to seeing how smoothly Amazon WorkMail will make this part of my AWS adventure!

Let's get started and set up our domain and email id. I am sure you will find this article useful and informative.

Step 1: Sign in to the Amazon WorkMail Console

Before you can start adding users and managing their accounts and mailboxes, you need to sign in to the Amazon WorkMail console.

To sign in to the Amazon WorkMail console:

1. Open your web browser and go to the Amazon WorkMail console.
2. If needed, check and adjust the AWS Region. At the top of the console window, locate the “Select a Region” list in the navigation bar. Open the list and choose the AWS Region you want to work in. For details about AWS Regions, refer to the Regions and Endpoints section in the Amazon Web Services General Reference.

Step 2:Creating an Organization in Amazon WorkMail

To set up a new organization in the Amazon WorkMail console, follow these steps:

1. Open the Amazon WorkMail console by navigating to https://console.aws.amazon.com/workmail/.
2. If needed, adjust the AWS Region by selecting a Region from the “Select a Region” list in the console’s top bar. Refer to the Region and Endpoints section in the Amazon Web Services General Reference for more information.
3. In the navigation bar, click on “Organization.”
4. On the Organizations page, your existing organizations (if any) will be displayed. Click on “Create organization.”
5. Under “Email domain,” choose the domain for your organization’s email addresses:

• Existing Route 53 domain: Select a domain managed with Amazon Route 53.
• New Route 53 domain: Register a new Route 53 domain for Amazon WorkMail.
• External domain: Enter an existing domain managed externally.
• Free test domain: Utilize a free test domain provided by Amazon WorkMail.

6. If your domain is managed through Amazon Route 53, select your Route 53 domain for “Route 53 hosted zone.”

7. Provide a unique alias for your organization under “Alias.”

8. Click “Advanced settings” and choose the user directory option:

• “Create new Amazon WorkMail directory”: Establish a new directory for user management.
• “Use existing directory”: Utilize an existing directory, such as on-premises Microsoft Active Directory, AWS Managed Active Directory, or Simple AD.

9. For Encryption, select one of the following:

• “Use an Amazon WorkMail managed key”: Create a new encryption key in your account.
• “Use existing KMS key”: Utilize an existing KMS key created in AWS KMS.

10. Click “Create organization” to complete the process.

If you use an external domain, ensure its verification by adding the required TXT and MX records to your DNS service. TXT records allow you to include notes about the DNS service, while MX records specify the incoming mail server.

Step 3:Adding a Domain in Amazon WorkMail

To include a new domain in Amazon WorkMail, follow these straightforward steps:

1. Sign in to the AWS Management Console and access the Amazon WorkMail console by going to https://console.aws.amazon.com/workmail/.
2. If required, modify the AWS Region by selecting a Region from the “Select a Region” list in the top bar of the console window. Detailed information about AWS Regions can be found in the Regions and Endpoints section in the Amazon Web Services General Reference.
3. In the navigation pane, click on “Organizations,” and then select the name of the organization to which you want to add a domain.
4. In the navigation pane, click on “Domains,” and then select “Add domain.”
5. On the “Add domain” screen, input the desired domain name. Remember, domain names can only contain Basic Latin (ASCII) characters.

6. After selecting “Add domain,” a page displays DNS records grouped into sections like Domain ownership, WorkMail configuration, Improved security, and Improved email delivery.

7. Each section has DNS records with different status values like “Verified,” “Pending,” or “Failed.” These indicate the verification status of each record.

8. Records include TXT ownership, MX WorkMail configuration, AutoDiscover, DKIM CNAME, SPF TXT, DMARC TXT, TXT MAIL FROM domain, and MX MAIL FROM domain.

9. For Route 53 users, choose “Update all in Route 53” at the top of the page. For other DNS providers, copy and paste the records individually or in bulk. Use the refresh icon to update the status for each record.

10. This verification process ensures domain ownership and proper configuration with Amazon WorkMail. It’s a crucial step to enhance security and email delivery.

Step 4: Adding a User in Amazon WorkMail

1. Go to Amazon WorkMail console.
2. If needed, change the AWS Region using the “Select a Region” list.
3. In the navigation pane, click “Organizations” and choose your organization.
4. Click “Users” and then “Add User.”
5. In the “Add a user” screen:

• Enter the user’s name in the User name field.
• Optionally, add first and last names.
• Enter a display name and email address.

6. Optionally, hide the user from the global address list.

7. Select “Remote user” if adding a user externally.

8. Set up a password in the Password and Repeat password boxes.

9. Click “Add user” to complete the process.

Step 5:Login to Amazon work email :

1- Open the URL of your Amazon workmail and provide a username and password for login.

2- After login, the UI will be similar to most of email services. Now you are good to draft and send an email.

Amazon WorkMail’s standout feature is its automatic management of DKIM and SPF records, especially for domains hosted on Route 53. This results in the first email being delivered to your Gmail inbox with verified DKIM and SPF records, streamlining the setup process and ensuring secure and reliable email communication.

Reference Link:

Getting started with Amazon WorkMail

Creating an organization

Adding a domain

Adding a user

Conclusion and Costing:

In conclusion, Amazon WorkMail offers a robust and secure solution for business email and calendar management. With features like seamless integration, flexible domain options, and automated handling of DKIM and SPF records, it simplifies the email setup process.

With Amazon WorkMail, there are no upfront fees, no required minimum commitments, and no long-term contracts.

Amazon WorkMail costs $4.00 per user per month and includes 50 GB of mailbox storage for each user. You can get started with a 30-day free trial for up to 25 users.

If a user is created after the first of a month, then the monthly fee for that mailbox will be adjusted on a pro-rata basis from the first day it was active to the end of that month. If a user is terminated or deleted before the end of a month, then the monthly fee for that user will still apply through the end of the month.