How to delete Recoverable Items folder of the mailbox?

Posted on November 18, 2020 by Pankaj

Problem

This was a customer requirement, to delete a “Purge” folder using MS Graph API. There was no mention of purge folder when I checked mailFolder resource type documentation. The closest I found was ‘recoverableitemsdeletions’, I did not even know what ‘purge’ folder meant. So I took some help from a friend Boris Lokhvitsky (an Exchange SME).

Step By Step Solution

To protect from accidental or malicious deletion and to facilitate discovery efforts commonly undertaken before or during litigation or investigations, Exchange Server and Exchange Online use the Recoverable Items folder.

Each user mailbox is divided into two subtrees: 

  1. The IPM (interpersonal messaging) subtree
  2. The non-IPM subtree

The IPM tree is what user can see in Outlook, but the non-IPM can not be seen by the users.

The following few steps are needed to make the mailbox for a litigation hold. The EXO will create the non-IPM folders like ‘Purge’ folder and more. After that you will need to create Azure AD app with MS Graph permission “Mailbox.ReadWrite” to use in the PowerShell script.

Step # 1 Install and import the Exchange PowerShell module

# In PowerShell command prompt install and import the module.
 Install-module ExchangeOnlineManagement

 Import-module ExchangeOnlineManagement

Step # 2 Connect to Exchange Online

 $userCred = Get-Credential

 Connect-ExchangeOnlie -Crendential $userCred -ShoProgress $true

Step # 3 Set litigation hold on a mailbox

In this step run the following command for a specific mailbox to set a litigation hold.

Set-Mailbox admin@CRMbc755713.onmicrosoft.com 
            -LitigationHoldEnabled $true `
            -LitigationHoldDuration 2555

Step # 4 Create an Azure AD app with “Mailbox.ReadWrite” MS Graph permission with admin consented. Please make a note of the Client ID and Client Secret to use in the next steps in PowerShell.

“Mailbox.ReadWrite” MS Graph permission with admin consented

Step # 5 Get a token from Azure AD

The following call with return an Access Token.

# make a call to Azure AD with Azure AD App in a body 
POST https://login.microsoftonline.com/{TenantID}/ouath2/v2.0/token 
# body
 grant_type=client_credentials
 &client_id={appid}
 &client_secret={appSecret}
 &scope=‘Mail.ReadWrite’

Step # 5 MS Graph GET call using Bearer

 $headers = @{}
 $headers.Add("Authorization", $("{0} {1}" -f 
 $responseAuth.token_type, $responseAuth.access_token))

 https://graph.microsoft.com/v1.0/users/{USER_UPN}/mailFolders

The above script steps are located here for you to use.

Results

The purge folder deletion is a tricky step. I hope that it is clarified with this blog post. If there is any comments or questions please post them here so I can improve this blog post.

Refer the following article for an additional details.

Clean up or delete items from the Recoverable Items folder

About Pankaj

I am a Developer and my linked profile is https://www.linkedin.com/in/pankajsurti/
This entry was posted in Exchange Online. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s