The PST Export Alert is designed to monitor instances where a user performs an eDiscovery search or exports a PST file within the Microsoft 365 platform. This functionality can potentially expose sensitive information such as email body content, attachments, and other confidential data stored in the user’s email account. The rule triggers an alert when it detects a successful event originating from the SecurityComplianceCenter indicating that an eDiscovery search has been initiated or a PST file has been exported. While PST exports can serve legitimate purposes, their ability to handle sensitive data necessitates continuous oversight to prevent data loss or unauthorized access. The rule allows for improved visibility into data handling activities and helps ensure compliance with data governance policies. The alert requires the relevant eDiscovery alert settings to be active within the Microsoft 365 environment, specifically under threat management services. Regular review and updates of this alert policy are recommended to adapt to evolving data protection standards.