Integrating MS Exchange with AWS

If you’ve always thought Microsoft and Amazon are fierce competitors, you’re absolutely right! But, that’s only one side of the coin. On the other, both the companies together make a great combination because Amazon still doesn’t have the same line of products as that of Microsoft, despite being the market leader in cloud. Take for instance, Microsoft Exchange or Office 365. Amazon sure doesn’t have anything even close.

Though Amazon can choose to create its own exchange server or office application, it would just be a waste of time and effort for two reasons. Firstly, most people are already using a particular product, and they are happy with it. They find no compelling reason to rock the boat and shift to another similar product, which means, creating a customer base can be an uphill task, to say the least. Secondly, instead of duplicating an existing product, Amazon can spend its resources towards creating other products that would greatly enhance the value of technology for end-users. Moreover, Amazon can use its resources to partner with companies like Microsoft to offer superior service for its customers.

In fact, that’s exactly what it’s doing now! It’s possible to use MS Exchange on Amazon’s AWS, and get the combined benefits of both these services.

Besides understanding the benefits that come with such a combination, you also need to understand the nitty-gritty aspects of integrating both these services, especially if you’re an admin user. Before going into the details of integrating MS Exchange with AWS mail gateways, let’s briefly see what’s Amazon SES.

Amazon SES

Amazon Simple Email Service (SES) is a service built on the Amazon infrastructure, and it allows you to send and receive emails. The obvious advantage with using SES is you can build a large-scale email application without investing in costly infrastructure. When you integrate SES with Exchange, it’s all the better as you get to make the most of both applications.

Integrating MS Exchange with Amazon SES

There are two ways to integrate MS Exchange 2013 with Amazon’s SES. In the first way, you can use Windows PowerShell, while in the second one, you can use Microsoft Exchange’s admin console. However, make sure you only use one method, as combining the two can cause errors.

Using Microsoft Exchange Web Console

If you decide to use Microsoft Exchange’s web console, here are the steps:

  • Visit Exchange Admin Center (EAC), and sign into it as an admin user. If you’re new to MS Exchange, EAC is a web-based management console that’s available in version 2013 and higher. It replaces the Exchange Management Console (EMC) and the Exchange Control Panel (ECP) that was available in Exchange 2010. EAC combines the interface and functionality of both EMC and ECP. However, you still have to use the ECP virtual directory URL to access it. The URL is https://<CASServerName>/ecp if you access it through your organization’s firewall, and if you access it outside your organization’s firewall.
  • As soon as you log in, you’ll see the menu on your left-hand side.


Click on “mail flow”. This action will open up the mail flow options for you, like this:

Source: Exchange Server Pro

  • Next, click on the “+” sign you see just above the status table.
  • Give a name for the connector, and choose “Internet” from the options, like this:


  • When you click on the “Next” button, it’ll take you to the Network settings page. In this page, choose the second option – “Route mail through SMART HOSTS”. You’ll see another “+” sign below this option. Click that too, and enter the endpoint of Amazon SES for your region. For example, this URL will be for the US east coast, but something else for other regions. It’s best to check with Amazon as to which endpoint is right for your region.
  • When you click the “Save” button, you’ll see this endpoint listed in the Smart Host table. Then, click on “Next” again.
  • Now, you’ll have to configure your smart host. From the options, choose “Basic configuration”, and also select “Offer basic authentication only after starting TLS”. Then, enter your AWS SES username and password. These security credentials helps to identify who you are, and whether you have the permission to use AWS SES. There are three different kinds of credentials, and you’ll have to choose one depending on what you want to do. The three credentials are:
    • When you want to access the Amazon SES API directly or through the AWS SDK, use the AWS access keys. This should consist of an access key ID and a secret access key.
    • When you want to access the SMTP interface, use your SMTP credentials that consists of your name and password.
    • If you want to access the Amazon SES console, use the IAM username and password, which is usually an email address and password.
  • In this case though, you need to use your SMTP credentials, as you want to uses SES to send messages. Click “Next”, and the “+” sign again in the next screen.
  • In this page, you’ll have to add the domain. Verify that the type of connection is SMTP. Enter a value “*” in the Fully Qualified Domain Name (FQDN) field and the number “1” in Cost field. Click on “Save” and “Next”.
  • Again, you’ll see a “+” sign to select transport servers. Click on this sign, and add all the transport servers you want to be associated with AWS SES for sending emails. So, if you have multiple servers in your organization that should send email, make sure to add all of them.
  • Click the “OK” button, and this should list all the servers you added earlier. Run through this list, and ensure they’re all correct. After verifying, click on the “Finish” button.
  • Now, you should be able to see a send connector associated with SES, and this connector should have a status called “enabled”. When you get to this point, you’re done integrating Exchange with SES, and your system should be able to send messages.

Using Windows PowerShell

Windows PowerShell is a faster way to integrate your MS Exchange with AWS SES, and it requires far fewer steps than the EAC console.

  • As a first step, open the Exchange Management Shell, and send a request to open the Credential Request Dialog box. The command for that it “$ses_cred = Get-Credential”
  • When the Dialog Box opens, enter your AWS credentials. As with the previous method, this should be your SMTP credentials.
  • Next, use a script to replace the ENDPOINT with Amazon SES SMTP URL, which as mentioned above, is region-specific. Make sure to check the URL before entering it.
  • Finally, check if the command line displays a send connector associated with Amazon SES. That’s it! Now, all your outbound email will go through Amazon SES.

In short, Microsoft and Amazon have come together to leverage the power of both their products, and the result is the possible integration of MS Exchange with AWS. This process is simpler than you think, as you can do it either on Windows PowerShell or through the web console EAC. Regardless of which method you choose, the integration is sure to bring a ton of benefit for your organization. 

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top