I recently had a need to delete a phishing email that had slipped through my emailing filter solution. Manually deleting the email from hundreds of mailboxes wouldn’t have been fun or quick so I can came up the below solution.

The Office 365 Content Search feature can be used to search Exchange, Skype and SharePoint amongst other things. In my case I wanted to search and delete all exchange email delivered after a certain date with a specific keyword in the subject.

Step 1: Creating the Content Search Rule

  • Head over to https://protection.office.com
  • Expand Search & Investigation => Content Search and click the plus icon to create a new rule
  • Give the rule a name, rather than searching everywhere I selected the option to “Search all mailboxes” for my needs. Click Next

Deleting an email from all mailboxes using the Content Search feature

  • At the bottom entire the relevant criteria to identify the emails you wish to delete. Click Search

  • IMPORTANT Use the search statistics and the “Preview search results” link to verify you rule is only matching the intended emails, else you may be deleting more than desired.

Step 2: Deleting the matched emails via PowerShell

1. Connecting to the Security and Compliance Center

2. Deleting the emails matching the Content Search rule

Step 3: Checking the Status

Using the below command you can get a summary of the status of the action;

Or you can get a detailed output for the action using the below;


Run a Content Search in the Office 365 Security & Compliance Center