In this example, the name of the search is Phish1, the query combines the subject and sent property values.Īnd that’s it. Make sure to change the parameter values as appropriate to your situation.
To create the content search, copy the code below and paste it into your PowerShell console. The query format that is accepted is in the form of a KQL or Keyword Query Language. ContentMatchQuery – This parameter is the main factor that will determine the search results’ accuracy.In this article, the value to use is All to make sure to target all mailboxes in the search. ExchangeLocation – This accepts that Exchange location that will be targeted by the search.
This can be any name, you don’t need to put too much thought into it.
The New-ComplianceSearch cmdlet comes with several parameters and switches. The key to keeping the search results as accurate as possible depends on the adequately formulated search criteria. Using the New-ComplianceSearch, the message properties listed above will be used to create a search query.
Subject: You must change your bank password now.Suppose the spam/phishing message to delete has the following properties: When you’re satisfied that you have all the information you need about the message, it is time to fire up PowerShell and start creating the content search. Creating and Running the Office 365 Email Content Search Then, it is up to you to determine which of these search parameters would be most applicable. In most cases, one or two of the information listed above should be sufficient to formulate a search query. What’s the date of the first reported occurrence?.Are there file attachments, and what are the filenames?.For example, some of the most basic information you need to get are:
Knowing as many details about the message as possible would help you decide how to formulate the search query. Not unless all information is provided to you already. Gathering Information About the Message to Deleteīefore you start creating the content search for the message that needs to be deleted, you must gather all the pertinent information about the message first.
Follow this link to connect without MFA, or this link to connect with MFA.