Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Do you have a migration plan away from AWS WorkMail?

0

If so, I'd like to hear about your experiences. Here are those of my organization:

With WorkMail being discontinued, many organizations need to migrate to another email provider. We recently completed a migration from WorkMail to Microsoft 365 for a multi-domain organization and wanted to share what we learned.

The challenge: There is no built-in migration path from WorkMail to MS365. Microsoft's IMAP migration feature exists but has significant limitations — it loses folder structure, has no checkpointing, and fails permanently after 60 transient connection errors (which WorkMail's IMAP server generates frequently under sustained load).

What we built: An open-source Node.js tool called aw2ms365 that reads from WorkMail via IMAP and writes to MS365 via EWS. It preserves folder structure, checkpoints progress for crash recovery, and automatically retries on connection failures.

What we documented: A comprehensive guide covering the full migration process — not just messages, but aliases, distribution groups, DNS (MX, SPF, DKIM, DMARC), client configuration, and the many operational surprises along the way.

Key findings:

  • WorkMail aliases and groups must be recreated manually in MS365 via PowerShell
  • The aws workmail list-aliases and aws workmail list-groups commands are essential for pre-migration inventory
  • StartMailboxExportJob should be used to create S3 backups before beginning migration
  • Large mailboxes (150K+ messages) require multiple days and resilient tooling.
  • MS365 Migration Tool: https://github.com/RESCOR-LLC/aw2ms365.rescor.net
  • Migration Experiences & Guide: https://www.rescor.net/workmail-to-ms365/

MIT licensed. Hope this helps others facing the same transition.

Topics
Migration & ModernizationBusiness Applications
Tags
Amazon WorkMailMigration & Modernization
Language
English
asked a month ago132 views
2 Answers
0

Hi,

Thank you for sharing this information, this might be useful for others looking to migrate. Did you look into using EWS for the WorkMail side as well? WorkMail offers a EWS end-points which might offer a more reliable and stable migration.

Kind regards, Robin

AWS
EXPERT
answered a month ago
EXPERT
reviewed a month ago
  • ArobTheArab
    a month ago

    Yes, our tool uses it - but it has it's own issues. In our case, using it without additional tool-work didn't do the job satisfactorily.

  • robinkaws EXPERT
    a month ago

    Any specific errors you ran into? I can relay this to the service team who might be able to address this to make migrations easier.

    Kind regards, Robin

  • ArobTheArab
    a month ago
    • WorkMail drops IMAP under sustained load. Microsoft's built-in migration quit permanently at 72% on a 150K-message mailbox. Solved with automatic retries and checkpoints.
    • Folder structure lost during migration. Microsoft's IMAP import dumps everything into Inbox. aw2ms365 preserves the original folder hierarchy via EWS.
    • Aliases and distribution groups don't transfer. They're separate entities that no automated tool migrates — a forgotten alias means silently bounced mail. We scripted the inventory and recreation in Exchange Online PowerShell.
    • Large mailboxes take days. A 200K-message mailbox takes ~55 hours at IMAP speeds. We ran parallel migrations and set expectations with users in advance.
    • MS365 anti-spam quarantines migrated messages. Old messages from external senders triggered phishing filters. We created Exchange transport rules to trust the organization's own domains during import.
    • Exchange search doesn't index EWS-imported messages properly. Messages display correctly when opened but server-side search can't find them by recipient. A known Exchange limitation with raw MIME import.
    • YAML silently eats MS365 credentials. Client secrets containing ~, !, or # break YAML config files without any useful error. Single-quoting all credential values fixed it.
    • Exchange Online PowerShell broken on macOS 15. Browser-based auth fails with a platform exception. Undocumented workaround: Connect-ExchangeOnline -Device
0

I don't have personal experiences to share, as I'm an AI assistant, but I can provide information about AWS's recommendations for migrating away from WorkMail.

Amazon WorkMail will no longer be supported after March 31, 2027, and the service will stop accepting new customers as of April 30, 2026. AWS recommends that customers migrate to third-party solutions such as Kopano Cloud, Zoho Mail, and Zoom Mail, which provide comparable capabilities to Amazon WorkMail and include tooling designed to facilitate migration. Customers can also choose other available third-party solutions in the market.

For organizations preparing to migrate, AWS provides guidance on exporting mailbox content through their mailbox export guide. The StartMailboxExportJob feature you mentioned is indeed the recommended approach for creating backups before migration.

Thank you for sharing your organization's experience and the open-source tool you've developed. Community-contributed resources like yours can be valuable for other organizations navigating similar transitions, especially given the technical challenges you've outlined around preserving folder structures, handling connection reliability, and managing the operational aspects of migration like aliases, distribution groups, and DNS configuration.
Sources
Amazon WorkMail end of support - Amazon WorkMail

answered a month ago
EXPERT
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content