Post Delivery Email Deletion (Retract)
Post Delivery Email Deletion is a feature of Email Security that allows an administrator to delete email that has been delivered and stored in a Microsoft 365 / Office 365 mailbox, including any replies or forwards of the message within the domain. This feature is particularly useful to delete and remotely wipe any messages that were accidentally released from quarantine or that contain suspicious or confidential data.
To set up, you will need:
- A Microsoft / Office 365 domain protected by Email Security
- A Microsoft / Office 365 user with administrator privileges
- A USS administrator user that matches a registered mailbox email address
- If using a roles based administrator, the EMS - Retract Message permission must be granted
Set up permissions for Post Delivery Email Deletion
To enable Post Delivery Email Deletion you must grant permissions to the Email Security system to read and write to user mailboxes.
Navigate to Products -> Email Security -> Product Configuration -> Domains.
The Grant Permissions button can be used to apply the required permissions to all registered domains. If the grant is successful, the Retract column will show "Granted" next to each domain.
If there are domains in the list which are not configured in Microsoft / Office 365 then the grant will fail for those domains. You can use the Grant Permissions multiple times to retry. It is recommended that you remove any domains that are not in use.
Click the Grant Permissions button to start the consent flow.
Click OK to proceed.
Sign in with a Microsoft /Office 365 administrator user.
Review the permissions requested (see table below) and press Accept if you agree to them.
API Permission (see reference)
Why is it needed?
Read all users' full profiles
Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
For the ability to search for users by their email address and other identifying properties such as domain association.
Read and write mail in all mailboxes
Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail.
For the ability to delete (retract) messages from a users mailbox.
Allows the app to read all domain properties without a signed-in user.
For the ability to verify the email domain is registered to the Microsoft tenant
Sign in and read user profile
Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users
To authenticate the administrator, verify the tenant details and ensure there is permission to create the EMS Retract Enterprise App.
Once accepted, you will be able to close the tab window and return to the Domains list.
If successful, the domain(s) should now have Granted status in the Retract column.
The set up is now complete and ready to use.
Using Post Delivery Email Deletion
You can use the retract feature when an email has been delivered through Email Security to a recipient within one or more managed domains. A managed domain must also be a Microsoft / Office 365 custom domain, and the administrator must have permissions to use the Post Delivery Email Deletion feature to retract the message.
Navigate to Analytics -> Email Activity and search for an email message.
Double click the message or use the info icon on the far right to open Message Details.
Click on the Retract tab.
A list of recipient email addresses that can have their messages retracted will be summarised in the Email column. The Status column will indicate if there are any API permission issues with the recipient domain which may prevent the action being carried out.
Tick the Include checkbox for all the recipients that you want to apply the delete action to, and then click Retract.
The following options are also available:
- Also retract conversations (forwards/replies) - when a message is delivered it is given a Message-ID and a new Conversation-ID. When a message is replied to or forwarded, it preserves the original Conversation-ID even if it is given a new Message-ID. This allows the system to find replies and forwarded messages up to the specified conversation depth. Increasing the depth will increase the time it takes to remove messages.
You can confirm the Retract action action was dispatched by navigating to Analytics -> Admin Audit -> search by section "Retract" and expanding the entries. For example: