This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
I am having issue similar to:
It happens in Exchange Online, I would like to use the following query - same query as Online Protection DSR uses:
participants:"TestUser2@keyman .co.uk" OR author:"TestUser2" OR createdby:"TestUser2"(c:c)(ItemClass=IPM.Document)(ItemClass=IPM.Note)(ItemClass=IPM.Note.Microsoft.Conversation)(ItemClass=IPM.Note.Microsoft.Missed)(ItemClass=IPM.Note.Microsoft.Conversation.Voice)(ItemClass=IPM.Note.Microsoft.Missed.Voice)(ItemClass=IPM.SkypeTeams.Message)
Action "-Purge" worked yesterday almost all good (messges from the TesUser2 Teams were not removed), then tried today just to double check why / maybe it was one time issue - and no success.
Not a single message has been removed this time - which is weird as yesterday it worked and IM messages got removed (as I said apart from 1 from the TestUser2 Teams), I run the "-Purge" action several times - no success.
How come something works yestarday and today not? Tried with creating new searches, ran the old ones sevral times (I am fully aware it removes 10 items at one go) - nothing. I am doing tests, there was reallysmall amount of messges, there are not hundreds of them but around 10.
Is there something I am forgetting about?
Pawel Jarosz
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hi @PawelJarosz-0356
Is there any progress about your issue? Do suggestions below from michev help?
Hi
Any progress?
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi, Sorry for late response,.
In general I managed to solve it with retention policies, that worked well.
Additionally: Search-Mailbox says it is retired, New-MailboxSearch says it is retired and to use New-ComplianceSearch. I know I can use them, but would like to leverage this certain query from DSR.
Additionally2: New-MailboxSearch says it uses KQL in quesry language - same as New-ComplianceSearch,, however when I use the same Searchquesry in mailbox search - it says:
"CalculatedQuery: The query of mailbox search 'pjarosz_test1' is invalid. Details: The property keyword isn't supported."
Purge will not work immediately, unless you have disabled SIR, and made sure no other holds are in effect. Basically. check all the steps here: https://learn.microsoft.com/en-us/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-worldwide
Search-Mailbox is still available and working btw, but it will have similar issues unless everything in the list above is disabled.
Hi Michev,
Thanks for your engagement in this thread. The thing is I see these items normally in the chat window, not in any hidden folders, visible only for admins. Will go through the steps you have send but on the first glance from what I can see it is about messages being retained after deletion in some sort of "Purges" or "SubstrateHold" folder.
I do know that Search-Mailbox still works ^^, even use it in some GDPR processes, the thing is when running -DeleteContent against a mailbox all emails are getting removed immediately - except teams messages on Teams - they are untouched, and not just 10 minutes after running the command but like for 2 days, so it should work till then.
I said I ran this, but doubt that this command has power to remove actual messages on MS Teams, and from what I've tested - compliance search does remove these kind of items. I know there are retention policies for MS Teams (not sure whether I need M365 E3 or O365 E3 tho, for this to work), the thing is I need to remove only certain messages between this one person and certain people, on certain times - not all of them.
Cheers,
J
Aaaaand as I clicked "submit" for my latest comment here I went to other tab where I had teams web client opened for that particular user - and seems that almost all messages got removed. Not all of them - which is weird. One message is still there where this used says "hello" - weird stuff, but better that than nothing.
Seems there is a huge lag between when the action is done and when the elements actually got removed.
Anyway, thanks Michev, will try to run compliance searches for this particular pieces of data and seems it might work for most of them, but it seems I need to check the effects after few days.
Cheers,
J
The cmdlet works against the copies of Teams messages stored inside the mailbox, not directly against the Teams chat service. Once those copies are removed, there is some background process that should remove the corresponding entries in the Teams chat service, eventually, but that process is a black box for us as customers.