Dealing with phishing incidents in on-prem Exchange environments can quickly turn into a nightmare, especially when you need to remove malicious emails across multiple mailboxes.
Manual cleanup is slow, error-prone, and not really an option when time matters.
Recently I had to handle exactly this situation, so I put together a simple PowerShell script to speed things up.
What the script does:
- Searches for phishing emails across mailboxes
- Removes them using Exchange Management Shell
- Helps automate incident response
Nothing overly complex, but very useful in real-world scenarios.
Example usage
Run the script from Exchange Management Shell:
powershell:
.\cleanup-phishing.ps1
Why this matters
If you've ever dealt with phishing in a corporate environment, you know how painful cleanup can be.
Automating even a small part of the process can save a lot of time and reduce human error.
GitHub repository
You can find the script here:
https://github.com/Servant-of-Inos/exchange-phishing-cleanup-script
Full step-by-step guide
I also wrote a detailed guide explaining how it works and how to use it safely:
https://www.hiddenobelisk.com/mass-phishing-cleanup-script-for-on-premises-exchange-2010-2016-2019/
Curious how others handle phishing cleanup in Exchange — do you rely on scripts, tools, or manual processes?
Top comments (0)