This Microsoft 365 Audit & Investigation training course will guide you through the Microsoft 365 environment tools that you will need to run an internal audit and investigation within your organisation.
This course will give you the confidence to identify what information is being shared in your organisation and how to search for information inside your Microsoft 365 tenant.
You will learn how to use the Investigation Analytics, Configuring Polices, Alerts and Triage experiences, Remediation and Litigation procedure.
This course is for members of an Audit Team or anyone associated with a type of role that provides an audit function for internal investigations at all levels.
About our presenter Andrea McIntosh, Leadership Through Data

Andrea has worked in information and technology management for over two decades. As an experienced Information Manager, mainly in the public records space, she brings extensive experience in strategy, information and data architecture, and project delivery. As a skilled trainer and business coach, she shares her passion for information and records management and empowers others around her. Increasing stakeholder engagement and bringing people along on the journey, while delivering pragmatic solutions with sustainable information management at the heart of them is always the aim. Andrea is also actively involved in the development of IM standards and delivery of support to the sector in this space.
Course outline:
Section 1 – Investigation Analytics: You will see how to use the scan function to quickly get an understanding of the insider risks an organization is exposed to, show suggested policies, and, see how to customize built-in policies as part of setup and deployment.
Section 2: Configuring Policies: You will use the Microsoft 365 compliance centre to create an insider risk policy for the data theft by departing employee use case. We will create policies to trigger events on specific risk activities we want to detect and investigate.
Section 3 – Alerts and Triage Experience: We will look at the steps involved to triage alerts, investigate to determine the actual event or issue, and drill down to determine validity by creating a case and preparing for remediation.
Section 4 – Remediation: We will look at available escalation paths such as inviting others, sending a notice, and escalating to Advanced eDiscovery. We will also take a quick look at Power Automate, Teams integration, and SIEM integration and see how easy it is to package up relevant details and send to others for review.
Section 5 – Litigation Procedure: We will look at connecting an investigation to litigation proceedings through an Advanced eDiscovery experience. We will take a look at how information collected through events will be packaged for investigations and packaging for submitting evidence for litigation events. E.g. Court proceedings.
What you need to know
- CPD Points: 12
- Course level: Intermediate
- Platform: Microsoft Teams will be used for this training session. You will receive a Teams Meeting link prior to the training date.
- Sessions are limited to 6 - 10 participants
- We recommend you log in ten minutes before the training session starts to ensure there are no tech issues.
- You will need a microphone and webcam/video as interaction with others on the course is necessary and strongly encouraged.
- You will need a quiet space so there are no distractions for the participants.
For any questions, please contact service@algim.org.nz