Search for and delete bulk email messages

Microsoft 365

Scenario

In Office 365, the admin can easily delete emails on a specific folder at a scheduled time. This feature can be helpful when there are certain emails that need to be deleted regularly, such as spam or marketing emails. To set up this feature, the admin should go to the Exchange admin center and navigate to the retention policies section.

From there, they can create a new retention policy that applies to the specific folder and schedule it to run at the desired time. Once the policy is in place, the admin can rest assured that the emails in that folder will be automatically deleted according to the set schedule.

In some extreme cases, where an admin needs to delete bulk email urgently (spam, intrusive emails, data leaks, and the likes). This article will guide you through on how to search for and delete target email messages in bulk.

In summary, Admin needs to delete emails on certain folder on a certain time.

Steps

In this instance,

We will delete items in the sent folder of [email protected] sent on 7/12/2019.

  1. Get the Folder ID of the Sent Folder from target user mailbox.

  2. Create a Content Search

    • Go to https://protection.office.com.
    • Sign in to Office 365 using the account and credentials that you used to run the script in Step 1.
    • In the left pane of the Security & Compliance Center, click Search > Content search, and then click New

  3. On the New search page, type a name for the Content Search. This name has to be unique in your organization.

    Query : folderid:07D918FDB06F1347B1CDCDBD245CB4630000000001090000 AND (sent:07/12/2019)
Location : Specific Location ([email protected])
Search Name: Twerrwr

    scc-search-for-and-delete-email-messages-m365-img-1

    The reference on the search query are found here (folderid and sent:)

    Preview

    scc-search-for-and-delete-email-messages-m365-img-2

  4. Connect to Security & Compliance and run following cmdlets.

    To get the Search Names available.

    Get-ComplianceSearch

    Use “Twerwrw” search preview and apply ComplianceSearchAction to purge the email accordingly.

    New-ComplianceSearchAction -SearchName "Twerwrw" -Purge -PurgeType SoftDelete

    The PurgeType parameter specifies how to remove items when the action is Purge. Valid values are:

    SoftDelete: Purged items are recoverable by users until the deleted item retention period expires.

    HardDelete: Purged items are marked for permanent removal from the mailbox and will be permanently removed the next time the mailbox is processed by the Managed Folder Assistant. If single item recovery is enabled on the mailbox, purged items will be permanently removed after the deleted item retention period expires.

    To check the status of the purge action

    Get-ComplianceSearchAction

    scc-search-for-and-delete-email-messages-m365-img-3

 

References