This script connects to Exchange Online and Microsoft Graph using an app registration with "Mail.ReadWrite" permissions. It retrieves emails sent from a specific sender address using the <code>Get-MessageTrace</code> cmdlet. For each email, it attempts to find the corresponding message in the user's mailbox via the Graph API by filtering on the <code>InternetMessageId</code>. If the message is found, it deletes the email from the user's mailbox. This script is useful for selectively deleting messages from Exchange Online mailboxes.
Here is the script:
<code>#Need to create App Reg with "Mail.ReadWrite" permissions</code> <code>Connect-ExchangeOnline -Organization "xxx.com" -Showbanner:$false</code> <code>Connect-MgGraph -TenantId "xxx.com" -ClientId "xxx" -CertificateThumbprint "xx"</code>
<code>$emails = &nbsp;Get-MessageTrace -SenderAddress "spam.co.il"</code> <code>$emails | ForEach-Object{</code>
<code>&nbsp; &nbsp; $from = $_.RecipientAddress</code> <code>&nbsp; &nbsp; $InternetMessageId = $_.MessageId</code>
<code>&nbsp; &nbsp; $Message = Get-MgUserMessage -UserId $from -Filter "InternetMessageId eq '$InternetMessageId'" -ErrorAction SilentlyContinue</code> <code>&nbsp; &nbsp; if($Message){</code> <code>&nbsp; &nbsp; &nbsp; &nbsp; Write-Output "Deleting &nbsp;$Message.Subject from $from"</code> <code>&nbsp; &nbsp; &nbsp; &nbsp; Remove-MgUserMessage -MessageId $Message.Id -UserId $from</code> <code>&nbsp; &nbsp; }</code> <code>}</code>

This script connects to Exchange Online and Microsoft Graph using an app registration with "Mail.ReadWrite" permissions. It retrieves emails sent from a specific sender address using the Get-MessageTrace cmdlet. For each email, it attempts to find the corresponding message in the user's mailbox via the Graph API by filtering on the InternetMessageId. If the message is found, it deletes the email from the user's mailbox. This script is useful for selectively deleting messages from Exchange Online mailboxes.

Here is the script:

#Need to create App Reg with "Mail.ReadWrite" permissions
Connect-ExchangeOnline -Organization "xxx.com" -Showbanner:$false
Connect-MgGraph -TenantId "xxx.com" -ClientId "xxx" -CertificateThumbprint "xx"

$emails =  Get-MessageTrace -SenderAddress "spam.co.il"
$emails | ForEach-Object{

    $from = $_.RecipientAddress
    $InternetMessageId = $_.MessageId

    $Message = Get-MgUserMessage -UserId $from -Filter "InternetMessageId eq '$InternetMessageId'" -ErrorAction SilentlyContinue
    if($Message){
        Write-Output "Deleting  $Message.Subject from $from"
        Remove-MgUserMessage -MessageId $Message.Id -UserId $from
    }
}

Script to Retrieve and Delete Emails Using Exchange Online and Microsoft Graph API

Filevault key rotation 🚀

Ensuring Secure OneDrive Sync with SharePoint Online Tenant Sync Client Restriction

Auditing SharePoint Online Site Sharing Settings with PowerShell

Verifying User Phone Numbers Against MFA Settings with Microsoft Graph PowerShell

Auditing Safe Links Policies in Exchange Online with PowerShell

Identifying Macro-Related Mail Flow Rules in Exchange Online

Auditing Non-Owner Mailbox Access in Exchange Online with PowerShell

Ensuring Anti-Malware Protection for Accepted Domains in Exchange Online

Export of Conditional Access Policies with Microsoft Graph API

Monitoring Risky User Status with Microsoft Graph API: PowerShell Script

How to Sync Exchange Online Proxy Addresses with Active Directory Users while Excluding Specific Domains

Validate Microsoft Graph Application Credentials and Owners with Sign-In Data

Compare UserPrincipalName and Primary Email Address in Active Directory and Flag Discrepancies

Script to Update 'Hide from Address List' Attribute for Active Directory Users Based on CSV Input

Script to Disable SMS Sign-In for Federated Users in Microsoft Graph

Script to Export BitLocker Recovery Keys for Managed Windows Devices to CSV

Script to Export App Role Assignments for Azure AD Integrated Applications to CSV

Script to Export Members of an Azure AD Group to CSV Using Microsoft Graph

Script to Count and Export Users from Azure AD to CSV with Last Sign-In Information

Script to Backup and Restore Azure AD Group Members and Owners by ImmutableId

Script to Backup and Restore Distribution Group Members and Owners Using ImmutableId in Azure AD

Script to Reset User Authentication Methods and Add to Group Using Microsoft Graph

Script to Configure Trusted Domains for Junk Email Settings in Exchange Online for All Mailboxes

Script to Export Mailbox Permissions in Exchange Online to CSV

Script to Export Office 365 Group Information to CSV

Script to Export and Import Transport Rule Collection Between Exchange Online Tenants

Script to Add or Remove User Rights for Defined Users on Specified Computers

Script to Rotate BitLocker Keys and Update Group Membership for Devices Missing Encryption Keys

Script to Generate a Comprehensive List of Network Shares

Script to Add User Shutdown Privileges Efficiently

Uninstalling and Removing Configuration Manager (SCCM) Client

Script for Updating Device Ownership in Microsoft Graph

Script to Sync Windows Devices in Microsoft Graph

Script to Update Primary User of Windows Devices in Microsoft Graph

Intune script To Enforces The Enhanced PIN Policy For BitLocker 

Intune Script For DNS Detection and Remediation

Disabling WinRM Basic Authentication with PowerShell Script

Managing LMCompatibilityLevel with PowerShell Script

Managing Multiple LSA Security Settings with PowerShell Script

Managing OneDrive Permissions with PowerShell: Detecting and Removing Extra Owners

Automating SharePoint Site Deletion and Retention Policy Updates with PowerShell

Automating Microsoft Teams Shared Channel Membership with PowerShell

Automating Microsoft Teams Channel Membership Audit with PowerShell

Automating the Removal of Users from Microsoft Teams Shared Channels with PowerShell

Automating IPv6 Disabling for Network Adapters with PowerShell

Microsoft 365 Scripts