How Can I Effectively Delete Phishing Emails from User Mailboxes?

I found that using the Explorer feature in the Microsoft Defender portal works much better for handling this. I used to struggle with PowerShell, so this was a lifesaver for me. You just go to the Email & Collaboration section in the Security portal, find Explorer, and set your filters. You can choose a timeframe and search by sender or subject. Once you find the messages, you can take action and soft delete them. It really simplifies the process! Just a heads up, this only applies to emails from the last 30 days, which is perfect for urgent phishing situations.

I still rely on PowerShell for these tasks. Just the other day, I launched a search and successfully purged a finance email that was mistakenly sent to the wrong group. It worked well, but I understand the frustration since it hasn’t been consistent lately. I hope to get back to normal soon!

I really miss the simplicity of having Exchange on-prem. It used to be so easy to search mailboxes and delete contact-related emails quickly. The new Purview system has made things complicated and it just doesn’t work for contacts. After a long ticket with Microsoft, they concluded it simply doesn’t function as it should for some operations. It’s frustrating! If only we could go back to how it was.

You're not alone in your struggles — Purview's purge feature is pretty unreliable now. We’ve had the same experience: the search finds emails, the purge completes, but nothing gets deleted. We've mostly shifted to using Defender for these situations, as it allows filtering by sender or subject and manages to delete without issues. For anything older than 30 days, we try to rely on user reports and fix the filtering rules instead of mass purges; it's definitely not perfect, but it’s what we've settled on.

Don’t forget about the power of cybersecurity training. Keeping users informed about phishing attacks is just as crucial for managing threats that slip through!