Have a Question?
< All Topics
Print

Delete Email from User’s Mailbox on O365

Steps on how to delete email from user’s mailbox on O365

Compliance Search

Login to Microsoft 365 with PowerShell

Login to MSOL, Exchange Online v2 and Securiry & Compliance Center – Refer to Connect To Office 365 With PowerShell for more detail

#Login to Office 365
$UserName = "[email protected]" 
$Password = ConvertTo-SecureString "xxxxxxxxxxxxx" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PsCredential($UserName,$Password)

Import-Module MSOnline
Connect-MsolService -Credential $Credential

### Exchange Online v2
Import-Module ExchangeOnlineManagement

# Login to Exchange Online with MFA Enabled with EXO v2
Connect-ExchangeOnline -UserPrincipalName $UserName -ShowProgress $true

#Connect to Security & Compliance Center
Connect-IPPSSession -UserPrincipalName $UserName

Assign [email protected] to member of eDiscovery Administrator & Compliance Administrator groups

Add-RoleGroupMember "eDiscoveryManager" -member [email protected]
Add-RoleGroupMember "ComplianceAdministrator" -member [email protected]

New-ComplianceSearch

Create a new Compliance Search to search for all email from [email protected] in AllanD Mailbox only

$Name = "Email from [email protected]"
New-ComplianceSearch -Name $Name -ExchangeLocation [email protected] -ContentMatchQuery "from:[email protected]"
  • -ExchangeLocation – All for all users’ mailboxes or [email protected] for users or group mailbox
  • -ContentMatchQuery – Refer to this link for further detail

Start Compliance Search and verify the result

Start-ComplianceSearch -Identity $Name

# Verify the ComplianceSeach is completed successfully
Get-ComplianceSearch $Name

Name                             RunBy             JobEndTime           Status   
----                             -----             ----------           ------   
Email from [email protected] MOD Administrator 23/1/2021 1:47:17 AM Completed

# Detail information 
Get-ComplianceSearch $Name | Select Name, ContentMatchQuery, Items, SuccessResults

Name                             ContentMatchQuery          Items SuccessResults                                                   
----                             -----------------          ----- --------------                                                   
Email from [email protected] from:[email protected]     2 {Location: [email protected], Item count: 2, Total size: 188826}

Delete Email Items

Only maximum of 10 items per mailbox can be removed at one time

Delete email from [email protected] from [email protected] mailbox with New-ComplianceSearchAction

New-ComplianceSearchAction -SearchName $Name -Purge -PurgeType SoftDelete -Force

Content Search in Portal

Login to Compliance & Security Center – Content Search and click Guided Search

Enter a Name for this new Content Search

Select Specific Locations and Click on Choose Users, Groups or Teams to select the user’s mailbox.

Enter Keywords you would like to search for or click Add Conditions to specific email related search, like sender, recipients, subject and etc.

Verify the result / items found once the Content Search is completed successfully

Click on More > Export Results to export the result to PST File

Go to Export and highlight the export job to download the result (PST File) using Internet Explorer

There is no option to delete search items in GUI, but to use PowerShell – New-ComplianceSearchAction

Mailbox Search

Mailbox Search can no longer be used with the announcement of Retirement of legacy eDiscovery tools

Add Mailbox Search and Mailbox Import Export Roles to Organization Management Group

New-ManagementRoleAssignment -SecurityGroup "Organization Management" -Role "Mailbox Search"
New-ManagementRoleAssignment -SecurityGroup "Organization Management" -Role "Mailbox Import Export"

Disconnect the existing PowerShell Session for Exchange

#Disconnect existing Exchange Session 
Remove-PSSession $Session

#Reconnect to Exchange / Exchange Online
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ `
-Credential $Credential -Authentication  Basic -AllowRedirection 

Import-PSSession $Session

Search for a particular Email in user’s mailbox

$User = "[email protected]"
$SearchQuery = 'from:"[email protected]"'

Search-Mailbox -Identity $User -SearchQuery $SearchQuery -EstimateResultOnly

Search for a particular Email in user’s mailbox and delete it permanently

$User = "[email protected]"
$SearchQuery = 'from:"[email protected]"'

Search-Mailbox -Identity $User -SearchQuery $SearchQuery -DeleteContent -Force

Search for a particular Email in user’s mailbox and copy to other mailbox for reference

$User = "[email protected]"
$SearchQuery = 'from:"[email protected]"'

Search-Mailbox -Identity $User -SearchQuery $SearchQuery -

Delete Email from User's Mailbox on O365

The Search Query is using Keyword Query Language (KQL) and refer to the following commonly used SearchQuery for reference

# Email send from SENDER
$SearchQuery = 'from:"[email protected]"'
# Email send to RECIPIENT
$SearchQuery = 'to:"[email protected]"'
# Email with subject 
$SearchQuery = 'subject:"important notice"'
# Email with Attachement
$SearchQuery = 'attachment:"xxxx.ppt"'

Commonly used parameter with Search-Mailbox

  • -EstimateResultOnly – Estimation of the totol number of message returned by the search provided
  • -DeleteContent -Force – Delete permanently for the messages return by the search provided in user’s mailbox
  • -TargetMailbox – Destination mailbox where search results are copied
  • -TargetFolder – Folder name in which search results are saved in the target mailbox
  • -LogOnly – Messages returned by the search aren’t copied to the target mailbox.

Refer to Message properties and search operators for In-Place eDiscovery for more information

Reference Links

  1. Manage role groups in Exchange Online
Table of Contents
Scroll to Top