You need to export emails from a user mailbox for an eDiscovery request or internal investigation. Microsoft Purview compliance portal provides a search tool called Content Search that can find items across Exchange Online mailboxes, SharePoint sites, and OneDrive accounts. This article explains how to create a discovery search targeting an Outlook mailbox using the Microsoft Purview compliance portal and then export the results to a PST file or individual messages.
The export process involves running a content search, previewing the results, and then starting an export job that downloads the data to your local machine. You must have the correct permissions in the Microsoft Purview compliance portal to perform these actions. This guide covers each step from initiating the search to downloading the exported files.
By following the instructions below, you will be able to export mailbox content from Outlook using the compliance portal without needing third-party tools or direct access to the user account.
Key Takeaways: Exporting Mailbox Data with Microsoft Purview Content Search
- Microsoft Purview compliance portal > Content search > New search: Creates a search query that scans the target mailbox for specified keywords, senders, or date ranges.
- Export > Export results > Export options: Sends found items to an Azure Storage location where you can download them as PST files or individual messages.
- eDiscovery Manager or eDiscovery Administrator role: Required to create, preview, and export content searches in the compliance portal.
What Is Content Search in Microsoft Purview
Content Search is a tool inside the Microsoft Purview compliance portal that lets authorized users search for content across Microsoft 365 services. It replaces the older In-Place eDiscovery tools in Exchange Online. You can search mailboxes, public folders, SharePoint sites, and OneDrive accounts using keywords, date ranges, sender names, or recipient names.
When you target an Outlook mailbox, Content Search scans all folders including Deleted Items, Junk Email, and Inbox. The search uses the Exchange Online indexing engine which indexes most common attachment types such as PDF, DOCX, and XLSX. Items that cannot be indexed, such as encrypted messages, appear in the search results but cannot be previewed or exported as individual items.
After the search completes, you can preview the results to confirm the correct data was found. Then you start an export job that copies the results to a secure Azure Storage container. Finally, you download the exported data to your local computer. The exported data comes in two formats: a PST file containing all found items, or a folder of individual EML and MSG files.
You need one of the following role groups assigned in the Microsoft Purview compliance portal: eDiscovery Manager, eDiscovery Administrator, or a custom role group that includes the Compliance Search and Export roles.
Steps to Create a Discovery Search and Export Mailbox Data
Follow these steps to create a content search targeting a specific mailbox, preview the results, and export the data.
- Sign in to the Microsoft Purview compliance portal
Open a web browser and go to https://compliance.microsoft.com. Sign in with an account that has the eDiscovery Manager or eDiscovery Administrator role. If you do not have these roles, contact your Microsoft 365 global administrator. - Open the Content search page
In the left navigation pane, select Content search under the Data lifecycle management section. The Content search page shows a list of all previous searches. - Create a new search
Click the New search button at the top of the Content search list. A panel opens on the right side of the screen. - Name the search
Enter a descriptive name for the search, such as “Case 2025-03 User Mailbox Export.” You can also add an optional description. Click Next. - Choose the locations to search
On the Locations page, toggle Exchange mailboxes to On. Then click Choose users, groups, or teams. A list of mailboxes appears. Select the specific user mailbox you want to search. You can select multiple mailboxes if needed. Click Done and then click Next. - Define the search query
On the Query page, you have two options. For a simple keyword search, type terms into the Keyword box. For a more precise search, click the Show keyword list checkbox and enter multiple keywords or phrases. To use date ranges, senders, or recipients, click Add condition and select from the dropdown list. Common conditions include Date, From, To, and Subject. Click Next. - Review and submit the search
Review the search name, locations, and query. Click Submit to start the search. The search runs in the background and may take several minutes depending on the mailbox size and query complexity. - Preview the search results
After the search completes, the Content search page shows the search in the list. Click the search name to open its details panel. On the Search results tab, click Preview results. A preview window shows the first 1000 items found. Review the items to confirm the search is returning the expected data. Close the preview window when done. - Start the export process
Back on the search details panel, click the Actions dropdown button and select Export results. The Export results panel opens. - Configure export settings
In the Export results panel, choose the output format. Select All items, excluding ones that have unrecognized format, are encrypted, or weren’t indexed for other reasons to export only readable items. For the export format, choose either One PST file containing all messages or One PST file per mailbox. If you searched multiple mailboxes, the per-mailbox option creates a separate PST for each user. Optionally, enable Export in a compressed (zipped) folder to reduce download size. Click Start export. - Monitor the export job
The export job appears in the Exports tab of the Content search page. Click the Exports tab to see the job status. Status changes from In progress to Completed when the data is ready. This can take from a few minutes to several hours for large exports. - Download the exported data
When the export job shows Completed, click the job name to open its details panel. Click the Download results button. Your browser downloads a small file named results.csv plus a folder named ExportedItems containing a PowerShell script and a manifest file. Open the results.csv file to see a summary of the exported items. To download the actual PST or EML files, run the PowerShell script provided in the exported folder. The script downloads the data from Azure Storage to your local machine.
If the Export Fails or Returns No Data
Export job shows an error or fails to start
The most common cause is insufficient storage in the Azure Storage container that Microsoft uses for exports. Each export job requires at least 5 GB of free space. If the export fails, delete older export jobs from the Exports tab by selecting them and clicking Delete. Then retry the export.
No items appear in the search preview
If the search returns zero items, the query may be too restrictive. Remove conditions one at a time and rerun the search. Also verify that the mailbox you selected is an active Exchange Online mailbox. Shared mailboxes and inactive mailboxes require additional steps to include in content searches. For shared mailboxes, you must add the shared mailbox as a user location by typing its email address in the Choose users, groups, or teams picker.
Download script fails to run or prompts for credentials
The PowerShell script requires the Azure Az module to be installed on your local machine. Open PowerShell as an administrator and run Install-Module -Name Az -AllowClobber -Force. After installation, run the downloaded script. It will prompt you to sign in with the same account that started the export. If the script still fails, check that your execution policy allows scripts. Run Set-ExecutionPolicy RemoteSigned -Scope CurrentUser to enable script execution.
Content Search Export vs In-Place eDiscovery Export
| Item | Content Search (Microsoft Purview) | In-Place eDiscovery (Exchange Admin Center) |
|---|---|---|
| Interface location | Microsoft Purview compliance portal | Exchange Admin Center (EAC) |
| Search scope | Mailboxes, SharePoint, OneDrive, Teams, public folders | Exchange mailboxes only |
| Export format | PST or individual EML/MSG files | PST only |
| Role required | eDiscovery Manager or eDiscovery Administrator | Discovery Management role group |
| Maximum export size | 1.5 TB per export job | 10 GB per PST |
| Download method | PowerShell script from Azure Storage | Direct browser download |
Content Search is the recommended method for all new eDiscovery exports because it supports a wider range of data sources and larger export sizes. In-Place eDiscovery is deprecated in Exchange Online and should only be used for legacy scenarios where Content Search is not available.
Now you can create a discovery search in the Microsoft Purview compliance portal, target any Outlook mailbox, and export the results as a PST file or individual messages. To maintain compliance, delete export jobs and downloaded files after the investigation is complete. For advanced filtering, use the Keyword Query Language syntax in the query field, such as subject:"quarterly report" AND received:01/01/2025..01/31/2025.