Occasionally but hopefully not too often you may get a virus that bypasses your spam filters and ends up in end users' mailboxes. In this post, I'll demonstrate how to delete the email from users' mailboxes in one quick and easy command which you can have on hand to run quickly.
First, ensure you have the correct permissions:
- Log into the Exchange Admin Center using an account that is a member of the Organization Management AD Group
- Click on Permissions
- Double click on Discovery Management and add your user account as a member
- Open a new Exchange Management Shell
Run the below command on a single line:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery from:sales@sales.com,subject:invoice -DeleteContent -Force
Above, you can see a report where it shows that one email was deleted from the Administrator mailbox (ResultItemCount: 1).
To delete an email from all mailboxes and copy the email to the Spam mailbox
Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery from:sales@sales.com,subject:invoice -TargetMailbox Spam -TargetFolder DeletedMessages -DeleteContent
To delete an email according to the attachment file name
Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery attachment:document_826321_pdf.zip -DeleteContent
