Search for and delete email messages from Office 365

Step 1: Create a Content Search to find the message to delete

To have access to the Content search page to run searches and preview and export search results you must be a member of the eDiscovery Manager role group in the Security & Compliance Center.

Go to https://protection.office.com and sign in using your email

Click Search > Content search.

On the Search page, click the arrow next to Add icon New search.

Click New search in the drop-down list.

Under Search query, specify the keywords and any other items you wish to use to narrow down your search, for example, sender, receiver and or date send etc.

search query

Specify to search all locations

delete email messages from Office 365

After you’ve set up your search query, click Save & run.

On the Save search page, type a name for the search, and an optional description that helps identify the search. The name of the search has to be unique in your organization.

Click Save to start the search.

After you save and run the search, any results returned by the search are displayed in the results pane. Depending on how you have the preview setting configured, the search results are display or you have to click Preview results to view them.

Step 2: Connect to Security & Compliance Center PowerShell

delete email messages from Office 365

Open PowerShell and run the following command.

$UserCredential = Get-Credential

In the Windows PowerShell Credential Request dialog box, type your username and password, and then click OK.

Run the following command

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

If you’re behind a proxy server, run this command first: 

$ProxyOptions = New-PSSessionOption -ProxyAccessType <Value>, where the ProxyAccessType value is IEConfigWinHttpConfig, or AutoDetect. Then, add the following parameter and value to the end of the $Session = … command: -SessionOption $ProxyOptions.

Run the following command:

Import-PSSession $Session -DisableNameChecking

Be sure to disconnect the remote PowerShell session when you’re finished.

Remove-PSSession $Session

Step 3: Delete the message

The command below soft-deletes (to the recycle bin) the search results returned by a Content Search named “Remove Phishing Message”.

New-ComplianceSearchAction -SearchName "Remove Phishing Message" -Purge -PurgeType SoftDelete

To hard-delete the items returned by the “Remove Phishing Message” content search, you would run this command.

New-ComplianceSearchAction -SearchName "Remove Phishing Message" -Purge -PurgeType HardDelete

When you run the previous command to soft- or hard-delete messages, the search specified by the SearchName parameter is the Content Search that you created in Step 1.

If you found this article helpful, would you consider buying me a Coffee?