[Update]: This post was updated on July 27, 2022 to reflect the latest developments in the Microsoft Purview compliance center user interface.
Exporting Microsoft 365 mailbox content to PST is usually used for litigation purposes. However, it also works as a workaround for backup, archiving and migration. In a previous article, I’ve shown you how to use this mechanism with the eDiscovery tool. This article demonstrates how to produce similar results using PowerShell and New-ComplianceSearch cmdlet (with some follow-up cmdlets as well).
Before you start, you need to make sure that you meet the following requirements:
- You are an eDiscovery Manager or an eDiscovery Administrator – these are the only default role groups to include the required Export role.
- You have started a remote connection to the Microsoft 365 Security & Compliance Center (read more on this Microsoft’s site).
Export Microsoft 365 mailboxes to PST
Before you export mailboxes to PST, you need to use the New-ComplianceSearch cmdlet to create a search. In the example below, I’m searching for all Exchange Online mailboxes and starting the search right away.
New-ComplianceSearch "your_descriptive_name" -ExchangeLocation all | Start-ComplianceSearch
Next, I’m using the New-ComplianceSearchAction cmdlet to export the data returned by the new compliance search.
Note: To use the cmdlet below, you need to be assigned the Export role which is a part of the eDiscovery Manager role group. To set yourself as eDiscovery Manager, go to Role groups settings page in the Microsoft Compliance admin center (Microsoft Purview), click eDiscovery Manager on the list, choose yourself as the manager, save the changes, and reconnect to Exchange Online PowerShell.
New-ComplianceSearchAction "your_descriptive_name" -Export -Format Fxstream
Once the tool finishes exporting the results, you can run the Get-ComplianceSearchAction cmdlet to find out the url required to download the exported data:
Get-ComplianceSearchAction "your_descriptive_name_export" -IncludeCredential | FL
The Results include two pieces of information you need to download the PSTs: the Container url and the SAS token. Together, they form a full URL.
To learn more about using the New-ComplianceSearch and related cmdlets, refer to this article.
Now, I could play with the Start-Process cmdlet and look all over the LocalApps directory for the exact location of the Unified Export (aka eDiscovery Export) tool. But I find it much easier to launch it from the eDiscovery web panel (which you need to visit anyway to download the tool), and paste the link and the target pst location directly into the Unified Export tool. To do so, go to content search in Microsoft Purview, select your job on the Export tab and click Download results to run the eDiscovery Export Tool.
The eDiscovery Export Tool is a ClickOnce application and works like a charm if you use IE or Edge. To run it successfully in another browser, Google Chrome for example, you need a ClickOnce extension. The export tool is where you paste the SAS token. Once you choose the target location for the PST files, you can click Start to download data.
But you might ask: “why use PowerShell at all if you could go to EAC to finish the job anyway?” Personally, I find it is slightly quicker to do it this way, especially since I don’t have to refresh the browser constantly to see the search or export progress. Instead, I only send an occasional Get-ComplianceSearch or Get-ComplianceSearchAction one-liner to check how the job is progressing.
Alternative Backup & Archive option
PST backup or archiving is better than not having any additional security layer at all. However, PST files do not excel in the reliability department. If you want to try a reliable Microsoft 365 Backup tool instead, try CodeTwo Backup for Office 365. Check out the short video below to see what it can do.
See related articles: