Delete email from tenant level

Cloud Microsoft Office 365
1

Hi,

Recently our users are started to getting phishing emails however we have given some basic training to our users on phishing emails but still I don’t want to depend on the users action So, i am looking for a way to delete a phishing email from all users inbox using like O365 admin portal etc.

2

Hi @AnthonyD,

Yes, you can delete the emails from end-user mailboxes accounts for that you need to use PowerShell commands. A maximum of 10 items per mailbox can be removed at one time.

Prerequisites:

  1. To create and run a Content Search, you have to be a member of the eDiscovery Manager role group or be assigned the Compliance Search management role.
  2. Powershell console with administrator permission

Search email with Content search option in O365 admin portal

  1. Login to the O365 admin portal
  2. Security & Compliance
  3. Expand the Search and click Content search it will open in a new tab
  4. Click New search “Enter the subject of the email”
  5. Click add conditions select Subject/Title
  6. In location Select the one which has exchange email listed
  7. Click Save & run and wait for the result

Deleting email using PowerShell console

Copy the below command to your PowerShell console:

# This script will help to delete suspicious email from all user mailbox for across domain 
# Emails will be deleted also from Deleted Items
# Deleted emails will not be recoverable



# This below command will get the O365 administrator credentails and redirect to Office 365 Security & Compliance Center
$UserCredential = Get-Credential 
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $UserCredential -Authentication Basic -AllowRedirection 
Import-PSSession $Session -AllowClobber -DisableNameChecking 
$Host.UI.RawUI.WindowTitle = $UserCredential.UserName + " (Office 365 Security & Compliance Center)"


# Search for the email in all mailboxes
# This command will search the given query in all user mailbox 
# Change the query name, from, subject 

New-ComplianceSearch -Name "search_name" -ExchangeLocation all -ContentMatchQuery '(Subject:"type_the_subject_of_the_email")"'
Start-ComplianceSearch -Identity "search_name"

# Wait a minute and the below command will get the query view the results
# Check for the item count for all the mailboxes 
Get-ComplianceSearch -Identity "search_name"
Get-ComplianceSearch -Identity "search_name" | Format-List


# Confirm and run this command to delete the mail if the results look right
New-ComplianceSearchAction -SearchName "search_name " -Purge -PurgeType SoftDelete

# check when it is completed add _purge at the end of the search query
Get-ComplianceSearchAction -Identity "search_name_Purge"

Follow the command instruction to successfully delete the mail Note always double check the entry before deleting the email

Hope this is helpful.

1 Like
3

Sorry for the late reply, I was stuck in the other works. Anyhow thanks for the above information I run a test delete and succeed. Now I am prepared and ready to delete phishing emails instantly.
@tjnihal

1 Like
4

Glad it helped. :grinning: