Created
July 5, 2018 02:37
-
-
Save colindix/396dc3c9c0caa35f4ecaea44cac7833c to your computer and use it in GitHub Desktop.
Search O365 mailboxes for badness
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get login credentials | |
| $UserCredential = Get-Credential | |
| $psOption = New-PSSessionOption -ProxyAccessType IEConfig -ProxyAuthentication Negotiate | |
| $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $UserCredential -Authentication Basic -AllowRedirection -SessionOption $psOption | |
| Import-PSSession $Session -AllowClobber -DisableNameChecking | |
| $searchQry = '(Subject:<YOUR SUBJECT HERE) AND (Received:today)' #KQL https://msdn.microsoft.com/library/ee558911(v=office.15).aspx | |
| $compName = "20180514-01-MalwareEmails" | |
| ## | |
| ## Initiate Search query | |
| ## | |
| $compSearch = New-ComplianceSearch -Name $compName -ExchangeLocation all -ContentMatchQuery $searchQry | |
| ## | |
| ## Start Actual search | |
| ## | |
| Start-ComplianceSearch -Identity $compName | |
| ## | |
| ## Get status of search, rinse repeat until finished. | |
| ## | |
| Get-ComplianceSearch -Identity $compName | fl | |
| ## | |
| ## Now purge the emails/items found | |
| ## | |
| New-ComplianceSearchAction -SearchName $compName -Purge -PurgeType SoftDelete | |
| ## | |
| ## Get status of search and purge, rinse repeat until finished. | |
| ## | |
| Get-ComplianceSearchAction -Identity "$($compName)_Purge" | |
| ## End session | |
| Remove-PSSession $Session |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment