The PowerShell command to recover deleted email for a user has been around for some time. However, these PowerShell commands now have a graphical interface in the new Exchange Admin Center.
In this article, we explore how to recover deleted email for a user. But first, there are some permission prerequisites.
Assigning your admin account recovery permissions
Before we can restore mail for a user we need permission to do so. The permission in question is the Mailbox Import / Export permission. By default, no one is assigned this permission in Exchange.
Log onto the Exchange Admin Center and navigate to Permissions > Admin Roles.
At this point, we have two options. We can either assign the Mailbox Import / Export role to an existing role group (such as Organization Management) or, we can create a new role group. Let’s do the latter.
Click the New button (
). This launches the new role group dialog.
Type a Name and Description for your role. In our example, we went with Email Recovery Role.
If needed select a custom write scope, or, leave at default. The default scope allows the role holder to apply these permissions to the entire organization. You can define a custom write scope to limit the scope of this permission. For example, the scope could be limited to a specific business unit or group of users. This is particularly useful if you need to delegate this role.
Under Roles click the Add button ().
Double-click Mailbox Import Export and click Ok.
Under Members click the Add button ().
Double-click each administrator you want to assign this role and click Ok.
Click Save.
Note: Once the role group is created it can take up to one hour for the permissions to take effect.
Recovering email for a user
Note: Mail can only be recovered up to the single item recovery limit. For Office 365 this is 14 days by default. This limit can be increased to a maximum of 30 days. For more information check this article.
With our permissions in place, we can now recover mail for a user. To do this we need to use the new Exchange Admin Center. Select Try it now from the classic admin center or navigate to https://admin.exchange.microsoft.com/.
From the new Exchange Admin Center expand Recipients and select Mailboxes.
From the Mailboxes view select the user you wish to restore mail to and select the Recover Deleted Items button.
This will return all items under the users Recoverable Items folder.
We can further refine this view by selecting various filters at the top of the page. For example, we can pick a custom date range, search for a specific subject, select the item or folder type, or, search for a specific object ID.
In our example, Amy has four items we can recover. We can either select an individual item or select all items for recovery. Once we have selected what we need to recover, select the Recover Deleted Items button.
In our example, we are recovering a single message with the subject line Follow Up – Marquee Equity.
The item will then be restored to our user’s mailbox, specifically to the folder it was hard deleted from.
If you prefer to execute this process via PowerShell, then I recommend checking out Tony’s Redmond’s writeup on Petri.
Is this a process you have tried yet? How was your experience? Drop a comment below or join the conversation on Twitter @SuperTekBoy
Printer Friendly Page
I’m a global administrator of my tenant and also manually assigned myself a role that has the import/export permission, but when I got into my users’ mailboxes from the admin center, the recover deleted items option is greyed out. Mousing over the option states “you do not have permission to edit this information”. Any ideas?
It can take some time for the permissions to apply. How long has it been since you applied the rights?
Thanks for the post– now what happens if there is a specific email sent to— how can we filter so we only recover an email that was sent to a specific email address?