May 12 2022 11:35 AM
We had an obvious phishing email slip through own email filter and ended up in some of our users inbox.
We are using O365 gov tenant for email.
I have run a compliance search "phishingemail" and have found where the email went and also who forwarded the email to other users.
My question is how do I permanently delete this phishing email from the users inbox? So far, I have used this powershell command:
New-ComplianceSearchAction -SearchName "phishingemail" -Purge -PurgeType HardDelete
The above command runs just fine and changes the name to "phishingemail_Purge". After that, I run the compliance search again to see if it pulls up any results and it still shows the same emails are there. It doesn't seem like I deleted any emails if I can still see the same emails again by running the search again. I read somewhere that running the above delete command moves the email into the users "purges" folder that is invisible to the user. Is that why I am pulling up the same emails after running the search command again?
Any tips would be helpful