Occasionally but hopefully not too often you may get a virus that bypasses your spam filters and ends up in end users’ mailboxes. In this post, I’ll demonstrate how to delete the email from users’ mailboxes in one quick and easy command which you can have on hand to run quickly.
A classic spam email with a zip attachment is below:
First, ensure you have the correct permissions:
- Log into the
Exchange Admin Center using an account that is a member of the Organization
Management AD Group - Click on
Permissions - Double click
on Discovery Management and add your user account as a member - Open a new
Exchange Management Shell
To delete the email from all users’ mailboxes:
Run the below command on a single line:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery from:sales@sales.com,subject:invoice -DeleteContent -Force
Above, you can see a report where it shows that one email was deleted from the Administrator mailbox (ResultItemCount: 1).
To delete an email from all mailboxes and copy the email to the Spam mailbox
Get-Mailbox
-ResultSize unlimited | Search-Mailbox –SearchQuery from:sales@sales.com,subject:invoice -TargetMailbox Spam -TargetFolder
DeletedMessages -DeleteContent
To delete an email according to the attachment file name
Get-Mailbox
-ResultSize unlimited | Search-Mailbox -SearchQuery
attachment:document_826321_pdf.zip -DeleteContent