If you are reading this, chances are you or somebody else has mistakenly sent an embarrassing email to
“all staff” or even worse. You’ve been tasked on retrieving the email before its seen to reduce damage limitation.
To start you need to ensure your Office365 admin is a member of the following admin roles, by default you wont be, so these will need to be added manually.
Head over to Exchange Admin Center > Permissions > Admin Roles.
You will need to add your admin account to the following four admin roles, you can do this by double clicking and choosing ‘members’
# Get login credentials $UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session -AllowClobber -DisableNameChecking $Host.UI.RawUI.WindowTitle = $UserCredential.UserName + " (Office 365 Security & Compliance Center)"
New-ComplianceSearchAction -SearchName "Remove Phishing Message" -Purge -PurgeType SoftDelete