1- Go to Office 365 Security & Compliance
- https://protection.office.com/contentsearchbeta?ContentOnly=1
2- Open Search
- Search button
3- Search Phishing Emails based on the Query
- Sender address
- If the sender address is spoofed or multiple phishers exist, use keywords from the body text
4. Run the Windows PowerShell as the Administrator.
5. Connect to Office 365 PowerShell via
$SccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $SccSession -Prefix cc
*(Note: No worries about the warnings - you should use your admin email address with domain name)
6. Connect to Security & Compliance Center via
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection
Import-PSSession $Session
7. Delete Emails that have been found on the Content Search with Search Name
New-ComplianceSearchAction -SearchName "THE_SEARCH_NAME" -Purge -PurgeType SoftDelete
8. Confirm Delete
Y
9. See Status
Get-ComplianceSearchAction -Identity "THE_SEARCH_NAME_Purge"
*(Note that PowerShell adds “_Purge” to the Search Name, you should add it to search name to get status)
Comments
Post a Comment