Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph.security
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Delete Exchange mailbox items or Microsoft Teams messages contained in an eDiscovery search.
You can collect and purge the following categories of Teams content:
- Teams 1:1 chats - Chat messages, posts, and attachments shared in a Teams conversation between two people. Teams 1:1 chats are also called conversations.
- Teams group chats - Chat messages, posts, and attachments shared in a Teams conversation between three or more people. Also called 1:N chats or group conversations.
- Teams channels - Chat messages, posts, replies, and attachments shared in a standard Teams channel.
- Private channels - Message posts, replies, and attachments shared in a private Teams channel.
- Shared channels - Message posts, replies, and attachments shared in a shared Teams channel.
Note: This request purges a maximum of 100 items per location only. When purgeType is set to either
recoverableorpermanentlyDeleteand purgeAreas is set toteamsMessages, the Teams messages are permanently deleted.
For more information about purging Teams messages, see:
- eDiscovery solution series: Data spillage scenario - Search and purge
- eDiscovery (Premium) workflow for content in Microsoft Teams
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ❌ |
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | eDiscovery.ReadWrite.All | Not available. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | eDiscovery.ReadWrite.All | Not available. |
Important
In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Purview role through one of the following options:
- eDiscovery Manager. This role allows members to create and manage eDiscovery cases they create, including creating custodians, holds, searches, and other case management tasks. However, eDiscovery Managers can only create and manage the cases they create. This is the least privileged option for managing their own cases.
- eDiscovery Administrator. This role provides all the permissions of eDiscovery Manager, plus the ability to access and manage all eDiscovery cases in the organization, configure eDiscovery settings, and manage any case after adding themselves as a member.
Additional roles that provide write access to eDiscovery features:
- Compliance Administrator. This role includes Case Management, Compliance Search, and Hold permissions.
- Organization Management. This role includes Case Management, Compliance Search, Hold, and Search And Purge permissions.
The eDiscovery Manager and eDiscovery Administrator roles are part of the Microsoft Purview role groups and provide access to eDiscovery features through role-based access control (RBAC).
For more information about eDiscovery permissions and roles, see Assign permissions in eDiscovery.
HTTP request
POST /security/cases/ediscoveryCases/{ediscoveryCaseId}/searches/{ediscoverySearchId}/purgeData
Request headers
| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Request body
In the request body, supply a JSON representation of the parameters.
The following table shows the parameters that you can use with this action.
| Parameter | Type | Description |
|---|---|---|
| purgeAreas | microsoft.graph.security.purgeAreas | Options to define the locations to be in scope of the purge action. The possible values are: mailboxes, teamsMessages, unknownFutureValue. |
| purgeType | microsoft.graph.security.purgeType | Options that control whether the action is soft delete or hard delete. Possible values are recoverable, unknownFutureValue, permanentlyDelete. |
Response
If successful, this action returns a 202 Accepted response code.
If the purge data operation is started successfully, this action returns a 202 Accepted response code. The response also contains a Location header, which contains the location of the purge data operation that was created to commit the purge. To check the status of the purge data operation, make a GET request to the location URL.
Examples
Request
The following example shows a request.
POST https://graph.microsoft.com/beta/security/cases/ediscoveryCases/b0073e4e-4184-41c6-9eb7-8c8cc3e2288b/searches/c61a5860-d634-4d14-aea7-d82b6f4eb7af/purgeData
{
"purgeType": "recoverable",
"purgeAreas": "teamsMessages"
}
Response
The following example shows the response.
HTTP/1.1 202 Accepted