We were recently bombarded with spam emails, and some users received multiple emails, some exceeding 10.
With the Microsoft Graph API, we can delete up to 100 emails per mailbox. In PowerShell, we can delete only 10 emails per mailbox. If you don’t have any holds in place, you can rerun the PowerShell purge command, and it should delete an additional 10 emails per mailbox. This would never work for me, as we had always had some kind of hold in place. During the recent attack, we needed to delete more than 10 emails per user mailbox at once.
This is where the Microsoft Graph API comes into play. Today, we will build an app that lets users easily purge emails in bulk. I prefer to create apps so that team members can use them. We need to create an app registration in Azure with application-only access, and for this, we will need a service principal account set up with access to the relevant Purview roles. So, let’s do this first.
Let’s go to Microsoft Azure > App Registrations > New Registration.
You can configure the permissions as Delegated access or Application only.
For delegates to access the person executing eDiscovery Graph API endpoints, say, via a Power Apps app, they must be assigned to the appropriate roles in Purview. For delegated access, you just need to add the same users to Users and Groups in the App Registration.
To configure Application-only access, we need to create a service principal and assign it to the appropriate eDiscovery role.
I assume that you already know how to create an App Registration. We will focus on configuring Application-only access
You need the object ID of your application; it’s the client ID in the Microsoft Entra admin centre. To retrieve the app object ID, open the Azure portal > in the Microsoft Entra ID section > select Enterprise applications > search for your application by name and get the Object ID associated with your application from the list.
