Forum Discussion
Delete an email using a playbook from MS 365
Hello,
Can we delete an email using a playbook from MS 365? If anyone has an idea kindly answer
Thanks in advance!!
Hi,
I've not seen any playbooks around for this, and I've seen people having issues creating them as the entity for mail related alerts is the network message ID of the mail.
It's worth while implementing the report phishing add-in and training your users up, this way you can make use of Defender for Office 365 P2 (if you have it) and the automated investigation and response capabilities as user reports will trigger them. A few links below verifying this:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/air-about?view=o365-worldwide#which-alert-policies-trigger-automated-investigations
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/air-about-office?view=o365-worldwide#example-a-user-reported-phish-message-launches-an-investigation-playbook
Hope this helps a little- Yes, it is possible to delete an email using an Azure Logic App (aka Sentinel Playbook) "Delete email (V2)" action in a Logic App"
References:
https://stackoverflow.com/questions/63392560/logicapps-graph-api-delete-an-email-from-a-shared-mailbox
and
https://github.com/MicrosoftDocs/azure-docs/issues/19804 - I'd love to know if got any further with this. In my environment, I have it set up so that Microsoft ZAP takes care of some emails, but it seems incredibly hit or miss, and will leave some emails sitting in user inboxes. I want to automate it so that I can automatically quarantine anything that is reported as phishing by either the sender email or (even fancier) using a partial match of the subject, since many times, the phishing subject is many times customized for the specific recipient.
