Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Delete an email using a playbook from MS 365

Brass Contributor

Hello,

 

Can we delete an email using a playbook from MS 365? If anyone has an idea kindly answer

 

Thanks in advance!!

3 Replies

Hi,

I've not seen any playbooks around for this, and I've seen people having issues creating them as the entity for mail related alerts is the network message ID of the mail.

It's worth while implementing the report phishing add-in and training your users up, this way you can make use of Defender for Office 365 P2 (if you have it) and the automated investigation and response capabilities as user reports will trigger them. A few links below verifying this:

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/air-about?view=o365-wor...

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/air-about-office?view=o...

Hope this helps a little


Yes, it is possible to delete an email using an Azure Logic App (aka Sentinel Playbook) "Delete email (V2)" action in a Logic App"
References:
https://stackoverflow.com/questions/63392560/logicapps-graph-api-delete-an-email-from-a-shared-mailb...
and
https://github.com/MicrosoftDocs/azure-docs/issues/19804
I'd love to know if got any further with this. In my environment, I have it set up so that Microsoft ZAP takes care of some emails, but it seems incredibly hit or miss, and will leave some emails sitting in user inboxes. I want to automate it so that I can automatically quarantine anything that is reported as phishing by either the sender email or (even fancier) using a partial match of the subject, since many times, the phishing subject is many times customized for the specific recipient.