ediscoverySearch: purgeData
Namespace: microsoft.graph.security
Delete Exchange mailbox items or Microsoft Teams messages contained in an eDiscovery search.
Note: This request purges a maximum of 100 items per location only.
You can collect and purge the following categories of Teams content:
- Teams 1:1 chats - Chat messages, posts, and attachments shared in a Teams conversation between two people. Teams 1:1 chats are also called conversations.
- Teams group chats - Chat messages, posts, and attachments shared in a Teams conversation between three or more people. Also called 1:N chats or group conversations.
- Teams channels - Chat messages, posts, replies, and attachments shared in a standard Teams channel.
- Private channels - Message posts, replies, and attachments shared in a private Teams channel.
- Shared channels - Message posts, replies, and attachments shared in a shared Teams channel.
For more information about purging Teams messages, see:
- eDiscovery solution series: Data spillage scenario - Search and purge
- eDiscovery (Premium) workflow for content in Microsoft Teams
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ❌ |
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | eDiscovery.ReadWrite.All | Not available. |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | Not supported. | Not supported. |
HTTP request
POST /security/cases/ediscoveryCases/{ediscoveryCaseId}/searches/{ediscoverySearchId}/purgeData
Request headers
Name | Description |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Request body
In the request body, supply a JSON representation of the parameters.
The following table shows the parameters that you can use with this action.
Parameter | Type | Description |
---|---|---|
purgeAreas | microsoft.graph.security.purgeAreas | Option to define the locations to be in scope of the purge action. Possible values are: mailboxes , teamsMessages , unknownFutureValue . |
purgeType | microsoft.graph.security.purgeType | Options that control whether the action is soft delete or hard delete. Possible values are: recoverable , unknownFutureValue , permanentlyDelete . |
Response
If successful, this action returns a 202 Accepted
response code.
If the purge data operation is started successfully, this action returns a 202 Accepted
response code. The response also contains a Location
header, which contains the location of the Purge data operation that was created to commit the purge. To check the status of the purge data operation, make a GET request to the location URL.
Examples
Request
The following example shows a request.
POST https://graph.microsoft.com/v1.0/security/cases/ediscoveryCases/b0073e4e-4184-41c6-9eb7-8c8cc3e2288b/searches/c61a5860-d634-4d14-aea7-d82b6f4eb7af/purgeData
{
"purgeType": "recoverable",
"purgeAreas": "teamsMessages"
}
Response
The following example shows the response.
HTTP/1.1 202 Accepted