How to Use Security & Compliance Center to Remove Harmful Messages From Office 365 Inboxes

Office 365 has protections against phishing and virus emails in Outlook, but sometimes malicious messages slip past security measures. If this happens, it’s possible to use the Security and Compliance Center and PowerShell to remove these harmful phishing and virus messages from inboxes.

Start by going to the Office 365 Security & Compliance Center in a web browser. Under Search and Investigation section, do a Content Search. Give this search a descriptive name, as you will need to refer to this later. For this example, let’s call it “Virus message.”

Use the search filters to whittle down your results to find the message, or messages, that you need to remove. Filter by date ranges, exact phrases, and/or subject-only searches to find the exact messages you need. Once you have a search that contains the message(s) you want to remove, it’s time to open PowerShell. Be sure to run this session as an administrator.

Make sure that you configure PowerShell to run scripts. If it’s not, use the command Set-ExecutionPolicy RemoteSigned to enable running scripts on your computer.

Now use the command $UserCredential = Get-Credential, and then enter your account email and password to log in. Now run this command: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection and finally run Import-PSSession $Session to initiate your session with the Security & Compliance Center.

Note that these steps will not work if you use multi-factor authentication. Microsoft has a guide to connect using MFA. Once you complete this process, you can continue with the compliance action.

Once you connect to Security and Compliance Center through PowerShell, run the command New-ComplianceSearchAction -SearchName “Virus message” -Purge -PurgeType SoftDelete. This will pull up the search you defined with the name “Virus message.” The command will move the message to users’ Recoverable Items folder. Microsoft’s PowerShell documentation covers additional commands that work with the New-ComplianceSearchAction command if additional steps are required for managing user messages while you are in this session.

Once you finish, run the command Remove-PSSession $Session to ensure that you free up your remote PowerShell session slot without waiting for it to expire.

You are now finished, but make sure that users are aware of the concerns of emails that might be phishing or viruses. Built-in security measures will always be a step behind the latest work of phishers and virus creators.

Have more questions about Office 365? Let’s chat. Sikich is an award-winning Microsoft Office 365 partner. We’ve helped hundreds of others and we can help you too.

By |2018-06-11T15:48:29+00:00June 12th, 2018|Office 365|0 Comments

About the Author:

Rudi Goeldi
Rudi Goeldi is a supervisor on the Sikich managed services team. He works to streamline technology management and provide the support required to increase profitability, reduce costs and improve client satisfaction. With 21 years of technology experience under his belt, Rudi is the perfect individual to ensure the highest quality standards are met and services delivered timely to our clients.
This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.

Privacy Information

We use cookies to personalize the website for you and to analyze the use of our website. Click 'Privacy Options' to configure how we can interact with you and your device or computer.

Privacy policy | Close
Settings
private equity services construction accountants Agriculture Services Construction Services Non-Profit Services Government Services