Microsoft Exchange limits the number of emails that can be simultaneously deleted from a single mailbox with one command to 10. While it’s possible to delete one email from thousands of mailboxes, the same command used to search for and delete messages across user accounts has a built in limitation on how many emails it will delete at once.
New-ComplianceSearchAction is a cmdlet (a PowerShell script or operation) which an admin can implement on Exchange that can search through the subject line, body, and metadata fields for certain key terms.
The cmdlet is designed to respond to cyber security breaches (such as purging a phishing email) not help businesses comply with the need to remediate data pursuant to a protective order.
See confirmation on this limitation for the purge switch here: https://learn.microsoft.com/en-us/powershell/module/exchange/new-compliancesearchaction?view=exchange-ps
The PowerShell script to delete emails will specify a named search:
New-ComplianceSearchAction -SearchName "Remove Phishing Message" -Purge -PurgeType SoftDelete
Not any Exchange admin can run this cmdlet. The admin needs to have Discovery Management rights.
The cmdlet transfers emails to the Deletions folder of a user account’s Recoverable Items. (When an Outlook user holds down the SHIFT key and presses DEL the message is not gone forever - it goes to Recoverable Items.). On Exchange, users’ Outlook data is divided between Recoverable Items, Interpersonal Messaging (IPM - all of the data visible to the user), and non-IPM data (operational data). Recoverable Items contains additional folders:
Purges - items hard deleted when a litigation hold is in place. Emails sent here won’t be deleted until the period set for retention ends. But even then it will only be deleted until the mailbox is processed by the Managed Folder assistant, which can be set to run once every 1 to 7 days.
Audits - logs activity in the account.
DiscoveryHolds - items subject to an Office 365 litigation hold that are hard deleted.
Versions - this folder will retain multiple versions of Outlook items that have been modified.
Note that when rerun the cmdlet will include messages in the Recoverable Items folder in the results, so the total count in the results will not change as successive searches are run.
Microsoft has posted a PowerShell script which can be used to delete multiple batches of 10 emails automatically:
. . . but it notes that this is not a supported script, and it cannot be run on multiple mailboxes.
Exchange will retain deleted items by default for up to 14 days but this period can be increased to 30 days.