Jun 27 2017 11:22 AM
Am trying to perform a content search based on an exact subject phrase in an email that was inadvertenty sent to a lot of users in the org, but keep getting more results than what i actually expected.
The original message was system generated from an intune exchange compliance policy.
e.g here is what i was looking for in my query
Subject: "Action required to access your org's email on your device"
But the results return messages that were forwarded/replied to the original msg.
any idea how i can tweak this query to return an extact subject string match
Jun 27 2017 12:34 PM
The colon notation (:) translates to "contains". If you want exact match, you can use a condition with the equal sign (=). At least according to the documentation that is. In reality, doesnt seem to work.
So the workaround is to exclude anything that starts with the subject, which of course is a crapy way to do this but the only one that seems to work. For example, this should work in your case:
subject="Action required to access your org's email on your device" -subject="RE: Action required to access your org's email on your device"
You will have to account for the different variations of this because of languages, also for forwarding, etc...
Jun 28 2017 12:37 PM
Thx Vasil
I was able to get it to work with the following query
Subject: "Action required to access your org's email on your device" NOT subject:”FW” NOT subject:”RE”
Jun 28 2017 01:07 PM
But those two will only work for English language settings, if you have users using other languages you will have to account for the corresponding abbreviations 🙂