Monday, April 15, 2019

Office 365 Spam Remover - Now supports MFA

Problem: A spam campaign has hit your tenant and affected more mailboxes than can be processed by the Search n Purge option in Exchange Online.

Resolution: Adjust this script to replace CONTOSO with your domain (if not it will prompt you). This will prompt you for your Exchange Admin credentials, offer you the chance to add more exchange admin accounts to run this under, prompt for the evil sender(s), date and time the spam campaign hit, and optionally the subject line(s) of the evil email messages so you don't accidentally remove too many messages. The script uses a message trace of all email sent to your tenant by the evil senders during the time frame specified and then searches those mailboxes to find the message(s) and removes them but uses multiple PowerShell windows to perform this function so that you can watch it in real-time and see quicker progress.

Last Updated May 21, 2019 to improve several sections based on feedback and optimizing. Another version of this script has been posted that has a GUI for all of the initial input using the Windows Presentation Framework built into Windows (so no special installs needed) at As with any script you get from the internet, no warranty is expressed or implied for this script so test it and tweak to your environment. I have tried to make it use UTC and avoid hard-coding any regional settings but your mileage may vary.

Update 2019-06-17 - I have moved my scripts to a github repository so that updates are easier to make. DO NOT WORRY - I do not make my github look freaking weird with folders and cryptic things that non-developers don't scripts are right there in the main folder and you can click them to view/copy/download:

No comments:

Post a Comment