Eight years after its initial launch, Amazon has introduced multi-factor authentication (MFA) to its enterprise cloud-hosted email service WorkMail.
Better late than never seems to be the justification behind the nearly decade-long delay, especially for one of the most basic forms of identity verification that has been standard practice for years.
However, there are still hurdles to enabling MFA for WorkMail as it will not be enabled by default and system administrators will have to manually add each user to the AWS Identity Center.
Finally MFA
Amazon launched WorkMail as a competitor to Microsoft Exchange and has built a modest customer base in recent years, but is still struggling to compete despite many companies migrating to Amazon-provided services and continuing to use Microsoft Exchange.
In late 2023, Amazon signed a $1 billion deal with Microsoft to provide Microsoft 365 licenses to one million Amazon employees and frontline workers, including Outlook.
In response to questions from DeRegisteran Amazon spokesperson said that MFA was available to WorkMail through other methods, stating: “It was previously possible to configure MFA through AWS Directory Service, but installation was complex for customers and it only supported AWS-managed Microsoft ADs.”
“WorkMail continues to adhere to general security updates consistent with AWS standards, such as moving the minimum versions of TLS to 1.2, expanding support for audit logging, and providing guidance to customers on how to implement overarching security protections against a can implement a wide range of potential compromises,” the spokesperson said.