This post may be a little controversial due to the possible legal implications when you use the scripts I’ll provide. Nevertheless, here we go

Or maybe some users are mailing secret content around inside the company which they are not (yet) allowed to… because it’s supposed to be a secret!
* Or just when you suspect someone is talking smack about you…*

Let’s take a situation where you have content that is not allowed to be mailed about, or at least not outside a specific group of people. You can accomplish that with some native Exchange functionalities… but not every company has implemented this and by the time this is properly done it may be too late.

So, to scan your environment and copy the mails it finds to a specific mailbox:

Get-Mailbox –Database DB1 | New-MailboxExportRequest -Mailbox -ContentFilter {Body -like “*Jeff*”} –TargetMailbox Administrator –TargetFolder ‘ContentScan1’

Or when, for example, students are mailing a ‘funny’ picture of a teachter to eachother…

Get-Mailbox –Database DB1 | New-MailboxExportRequest -Mailbox -ContentFilter {(Body -like “*Jeff*”) –And (Attachment -like “*clown*.jpg”)} –TargetMailbox Administrator –TargetFolder ‘ContentScan1’

But let’s go crazy and assume that you actually want to search for mails consisting of some content and attachment, and some mails based on content in the subject…

Get-Mailbox –Database DB1 | New-MailboxExportRequest -Mailbox -ContentFilter {(Body -like “*Jeff*”) –And (Attachment -like “*clown*.jpg”) –or (Subject -like ‘*Jeff*’)} –TargetMailbox Administrator –TargetFolder ‘ContentScan1’

Big fat note: Although these are some very powerfull oneliners, there is a little thing called ‘privacy’. Please read the law in your country to investigate if and how you are allowed to use this!!!