In this tutorial i will be shpwing you how to delete an email from anyone’s or everyone’s mailbox in Office 365 using Microsoft 365 Compliance Centre and PowerShell.
You will learn how to search for the email, and delete the email from all users mailboxes using powershell.
Updated: This is now a video post.
The Script – UPDATED 2023 (Use new Script Below)
If you already have the Exchange Online Management Module installed, please update it before running the script by opening an elevated PowerShell window and using the following cmdlet
Update-Module -Name ExchangeOnlineManagement
# Get Microsoft 365 login credentials
##Import Module
Import-Module ExchangeOnlineManagement
#Connect To Security and Compliance Powershell
Connect-IPPSSession
#Purge/Delete Emails
New-ComplianceSearchAction -SearchName "Search Name" -Purge -PurgeType HardDelete
#Change HardDelete to SoftDelete if you wish to test first, Soft Delete will store the email in users 'Recoverable items' folder
#EdTech Network Manager, experienced in Microsoft 365, Server 2019, Intune, SCCM and anything inbetween.
Thank you for this clear explanation. 🙂
how to know if it worked?
The UI has changed Core is not a thing anymore. I can trace and find emails by same criteria doesn’t work in new UI
The UI has changed but the process should still be the same, i will try and update with the new UI
Can you help me
A parameter cannot be found that matches parameter name ‘Purge’.
+ CategoryInfo : InvalidArgument : (:) [New-ComplianceSearchAction], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,New-ComplianceSearchAction
+ PSComputerName : eur03b.ps.compliance.protection.outlook.com
You have to be a member of the Organization Management role group or be assigned the Search And Purge role in the compliance centre, please check you are part of the correct groups, you need to do this even if you are global administrator.
The Script It used to work perfectly for me a while ago, but now it doesn’t work. I tried on different days the same problem. Is there an update or something changed? Check the error
New-PSSession : [eur03b.ps.compliance.protection.outlook.com] Connecting to remote server eur03b.ps.compliance.protection.outlook.com failed
with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
At line:5 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
Import-PSSession : Cannot validate argument on parameter ‘Session’. The argument is null. Provide a valid value for the argument, and then
try running the command again.
At line:8 char:18
+ Import-PSSession $Session -AllowClobber -DisableNameChecking
+ ~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Import-PSSession], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.ImportPSSessionCommand
New-ComplianceSearchAction : The term ‘New-ComplianceSearchAction’ is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:11 char:1
+ New-ComplianceSearchAction -SearchName ” Test” -Purge -PurgeType …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (New-ComplianceSearchAction:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Hi Mohamed, Since Microsoft have phased out legacy authentication there is another way you can do this which works with MFA too. i’ve updated the script for you, give that a try!
Dear, Liam
I hope that you are well
Thank you very much
I tried the new script, it works, thanks
I just ran the command, and it looks like it went through
How Can I check if it worked?
I am interested in this too, that’s exactly what I was going to ask. How can I see if the purge is complete and possibly the metrics. Hello Liam, I will appreciate if you can give us a direction. Thanks
You could try run the compliance search again after the purge, they should no longer show up (I haven’t tested this though). I normally check certain mailboxes and can see it has been removed, depending on your tenant size it could take around 10 mins to purge.
The Script It used to work perfectly for me a while ago, but now it doesn’t work. I tried on different days the same problem. Is there an update or something changed? Check the error
PS C:\Windows\system32> # Get Microsoft 365 login credentials
##Import Module
Import-Module ExchangeOnlineManagement
#Connect To Security and Compliance Powershell
Connect-IPPSSession
#Purge/Delete Emails
New-ComplianceSearchAction -SearchName “ZZ” -Purge -PurgeType HardDelete
WARNING: Your connection has been redirected to the following URI: “https://eur06b.ps.compliance.protection.outlook.com/Powe
rshell-LiveId?BasicAuthToOAuthConversion=true;PSVersion=5.1.19041.3031 ”
New-ExoPSSession : Connecting to remote server eur06b.ps.compliance.protection.outlook.com failed with the following error
message : For more information, see the about_Remote_Troubleshooting Help topic.
At C:\Program
Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.5\netFramework\ExchangeOnlineManagement.psm1:475 char:30
+ … PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [New-ExoPSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.Exchange.Ma
nagement.ExoPowershellSnapin.NewExoPSSession
Hi Liam, thanks for the script, I’m getting this error returned, can you shed some light on this, it looks like it shows BasicAuth ture on the out but I did use your latest script above.
—————Output—————
WARNING: Your connection has been redirected to the following URI: “https://can01b.ps.compliance.protection.outlook.com/Powershell-LiveId?BasicAuthToOAuthConversion=true;
PSVersion=5.1.19041.3570 ”
Connecting to remote server can01b.ps.compliance.protection.outlook.com failed with the following error message : For more information, see the
about_Remote_Troubleshooting Help topic.
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.1.0\netFramework\ExchangeOnlineManagement.psm1:733 char:21
+ throw $_.Exception;
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException
Hi Johnny, does the user account to are using have the correct permissions? The account running the command needs to be part of the four groups outlined in the video, by default global admins are not part of these groups.
Sign in to the Office 365 portal (https://portal.office.com) as an administrator.
Click Admin, and then click Exchange.
Click permissions, and then click admin roles.
Double-click the role group to which you want to add the user.
To add the user to the list, click Add under Members.
Click Save.
Hi Johnny, sorry for the late reply, i’ve found the issue, the problem lies in an outdated EOM Module, run Powershell as admin and use the CMDlet Update-Module -Name ExchangeOnlineManagement to install the latest version. Close Powershell and re-open, try the above script again!
Thanks for your help Liam.
I am a member of the 4 groups mentioned in the video, and enter in the above code. I am not prompted to sign in when I run the code, and I’m greeted with the error:
WARNING: Your connection has been redirected to the following URI: “https://nam12b.ps.compliance.protection.outlook.com/Powershell-LiveId?BasicAuthToOAuthConversion=true;
PSVersion=5.1.17763.4974 ”
Connecting to remote server nam12b.ps.compliance.protection.outlook.com failed with the following error message : 䖈翼 For more information, see the
about_Remote_Troubleshooting Help topic.
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.1.0\netFramework\ExchangeOnlineManagement.psm1:733 char:21
+ throw $_.Exception;
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException
Could you please advise?
i think the problem lies in an outdated EOM Module, run Powershell as admin and use the CMDlet Update-Module -Name ExchangeOnlineManagement to install the latest version. Close Powershell and re-open, try the above script again!
Is it just me or is Microsoft continuously changing how this works??? I triple checked and I have all of the required roles to do this but when I get to the “Connect-IPPSSession” step it throws this error and I can’t go on any further.
PS C:\windows\system32> Connect-IPPSSession
Connecting to remote server ps.compliance.protection.outlook.com failed with the following error message : For more information, see the
about_Remote_Troubleshooting Help topic.
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.1.0\netFramework\ExchangeOnlineManagement.psm1:733 char:21
+ throw $_.Exception;
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException
Apologies for the slow response, it does appear MS have messed with things again, i think the problem lies in an outdated EOM Module, run Powershell as admin and use the CMDlet Update-Module -Name ExchangeOnlineManagement to install the latest version. Close Powershell and re-open, try the above script again!
Just wanted to reply and let you know that did the trick! Thank you for being so helpful.
Glad to hear it!
Import-Module : The specified module ‘ExchangeOnlineManagement’ was not loaded because no valid module file was found in any module directory.
At line:1 char:1
+ Import-Module ExchangeOnlineManagement
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (ExchangeOnlineManagement:String) [Import-Module], FileNotFoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
This is the error I’m getting when i try to import the module
Hi Tom, apologies, if you haven’t already installed the EOL module you will need to run Install-Module ExchangeOnlineManagement first
Hi Liam,
Thanks for this, are we able to delete more than 10 emails at a time? It seems to only say its deleted 10 when I run the command: Get-ComplianceSearchAction -Identity ‘No-reply1_Purge’ | Format-list
However when I perform another content search, it still shows the same number of items in the mailbox as when I first conducted the content search. Is there a way to delete all items rather than just 10?
You can remove items from up to 50,000 mailboxes at any one time however as this is designed to remove emails quickly (for security and data protection purposes) you can only remove a maximum of 10 items at once. It’s not designed as a tool to cleanup mailboxes fully, only remove certain emails i.e phishing/virus email.
So to recap I can remove upto 10 items (Phishing Email 1, Email 2 ,..Email 10) at once from up to 50,000 users mailboxes in one go.
Hope that makes sense!
thanks brother
its really working