Posted On: Mar 20, 2024
HAQM WorkMail now supports Audit Logging, which allows you to get insights into mailbox access patterns. Using Audit Logging, you can choose to receive authentication, access control, and mailbox access logs on HAQM CloudWatch Logs, HAQM S3, and HAQM Data Firehose. You will also receive new mailbox metrics in CloudWatch about your WorkMail organizations.
The Audit Logging feature provides logs for administrators to find out why users were unable to access their mailbox, the IP address that accessed a particular mailbox, and who moved or deleted mailbox data. Administrators can set alarms when authentication or access failures exceed a predefined level, or customize processing on the logs delivered as JSON records.
To learn more, see Audit Logging on HAQM WorkMail. To learn more about HAQM WorkMail, or to create a no-cost 30-day test organization, see HAQM WorkMail.