Deleting emails for users inbox?

%3CLINGO-SUB%20id%3D%22lingo-sub-3366771%22%20slang%3D%22en-US%22%3EDeleting%20emails%20for%20users%20inbox%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3366771%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20had%20an%20obvious%20phishing%20email%20slip%20through%20own%20email%20filter%20and%20ended%20up%20in%20some%20of%20our%20users%20inbox.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20using%20O365%20gov%20tenant%20for%20email.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20run%20a%20compliance%20search%20%22phishingemail%22%20and%20have%20found%20where%20the%20email%20went%20and%20also%20who%20forwarded%20the%20email%20to%20other%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BMy%20question%20is%20how%20do%20I%20permanently%20delete%20this%20phishing%20email%20from%20the%20users%20inbox%3F%20So%20far%2C%20I%20have%20used%20this%20powershell%20command%3A%3C%2FP%3E%3CP%3ENew-ComplianceSearchAction%20-SearchName%20%22phishingemail%22%20-Purge%20-PurgeType%20HardDelete%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20color%3D%22%23000000%22%3EThe%20above%20command%20runs%20just%20fine%20and%20changes%20the%20name%20to%20%22phishingemail_Purge%22.%20After%20that%2C%20I%20run%20the%20compliance%20search%20again%20to%20see%20if%20it%20pulls%20up%20any%20results%20and%20it%20still%20shows%20the%20same%20emails%20are%20there.%20It%20doesn't%20seem%20like%20I%20deleted%20any%20emails%20if%20I%20can%20still%20see%20the%20same%20emails%20again%20by%20running%20the%20search%20again.%20I%20read%20somewhere%20that%20running%20the%20above%20delete%20command%20moves%20the%20email%20into%20the%20users%20%22purges%22%20folder%20that%20is%20invisible%20to%20the%20user.%20Is%20that%20why%20I%20am%20pulling%20up%20the%20same%20emails%20after%20running%20the%20search%20command%20again%3F%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20color%3D%22%23000000%22%3EAny%20tips%20would%20be%20helpful%26nbsp%3B%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3366771%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

We had an obvious phishing email slip through own email filter and ended up in some of our users inbox.

 

We are using O365 gov tenant for email. 

 

I have run a compliance search "phishingemail" and have found where the email went and also who forwarded the email to other users.

 

 My question is how do I permanently delete this phishing email from the users inbox? So far, I have used this powershell command:

New-ComplianceSearchAction -SearchName "phishingemail" -Purge -PurgeType HardDelete

 

The above command runs just fine and changes the name to "phishingemail_Purge". After that, I run the compliance search again to see if it pulls up any results and it still shows the same emails are there. It doesn't seem like I deleted any emails if I can still see the same emails again by running the search again. I read somewhere that running the above delete command moves the email into the users "purges" folder that is invisible to the user. Is that why I am pulling up the same emails after running the search command again?

 

Any tips would be helpful  

 

0 Replies