Information barriers in Microsoft Teams help control communication and protect sensitive data. Here’s a quick guide to set them up:
-
Check prerequisites:
- Correct Microsoft 365 subscription
- Admin permissions
- Enabled scoped directory search
- Turned on audit logging
- Create user segments in Azure AD
-
Define policies using PowerShell:
New-InformationBarrierPolicy -Name "Policy-Name" -AssignedSegment "Segment-A" -SegmentsBlocked "Segment-B" -State Inactive -
Apply and manage policies:
Set-InformationBarrierPolicy -Identity "Policy-Name" -State Active Start-InformationBarrierPoliciesApplication - Monitor and update regularly
| Feature | Purpose | Example |
|---|---|---|
| Block policies | Stop communication | Prevent Sales from messaging Legal |
| Allow policies | Limit communication | Let HR talk to everyone |
| User segments | Group users | "Department -eq ‘Sales’" |
| Policy application | Activate barriers | Can take up to 24 hours |
Remember: Keep Azure AD info current, plan updates during off-hours, and stay informed about new features.
Related video from YouTube
Before you start
Setting up information barriers in Microsoft Teams needs some prep work. Here’s what you need:
Required subscriptions
You’ll need one of these Microsoft 365 subscriptions:
| Subscription | Includes Information Barriers |
|---|---|
| Microsoft 365 E5 | Yes |
| Office 365 E5 | Yes |
| Office 365 Advanced Compliance | Yes |
| Microsoft 365 E5 Information Protection and Compliance | Yes |
Needed permissions
To manage information barrier policies, you need one of these roles:
- Microsoft 365 global administrator
- Office 365 global administrator
- Compliance administrator
- IB Compliance Management
Want to boost security? Use roles with the fewest permissions.
System needs
Before you dive in:
1. Check directory data
Make sure your org structure matches user account attributes.
2. Enable scoped directory search
Turn this on for Teams. Wait 24 hours before setting policies.
3. Turn on audit logging
This helps you track policy applications.
4. Remove Exchange address book policies
These can mess with information barriers.
5. Provide admin consent
Grant Teams the permissions it needs.
6. Install Azure PowerShell
You’ll need this for some setup tasks.
Microsoft says: "The compliance assistant runs every 24 hours on group-connected SharePoint sites without an associated Teams team."
Planning your barriers
Setting up information barriers in Microsoft Teams? You need a plan. Here’s how to do it:
Identify groups in your organization
Map out your departments that need communication controls. Think:
- Finance
- HR
- Legal
- Sales
- Marketing
How do these groups talk to each other? Where might conflicts pop up?
Set communication rules
Create a matrix showing who can chat with who. Here’s an example:
| Group | Finance | HR | Legal | Sales | Marketing |
|---|---|---|---|---|---|
| Finance | ✓ | ✓ | ✓ | ✗ | ✗ |
| HR | ✓ | ✓ | ✓ | ✓ | ✓ |
| Legal | ✓ | ✓ | ✓ | ✗ | ✗ |
| Sales | ✗ | ✓ | ✗ | ✓ | ✓ |
| Marketing | ✗ | ✓ | ✗ | ✓ | ✓ |
See how Finance and Legal can’t talk to Sales and Marketing? That’s to avoid insider trading risks.
Make a barrier plan
Here’s your step-by-step:
1. List user groups and their attributes
2. Define communication policies for each group
3. Prepare PowerShell scripts for group creation
4. Schedule policy implementation
5. Plan user communication and training
6. Set up monitoring and compliance checks
Make sure your plan fits your company’s rules and industry regulations.
"These guidelines help people make smart communication choices."
Turn on information barriers in Teams
Ready to activate your planned barriers in Microsoft Teams? Let’s do it in three steps:
Enable the feature
Here’s how to turn on information barriers:
- Log in to the Microsoft Purview compliance portal
- Go to Information barriers
- Click "Turn on Information barriers"
- Wait 30 minutes for changes to take effect
You’ll need to be a Microsoft 365 global admin, compliance admin, or information barrier compliance manager.
Set up name search
Now, enable scoped directory search:
- Head to the Microsoft Teams admin center
- Select "Org-wide settings" > "Teams settings"
- Under "Search by name", switch on "Scope directory search in Teams"
- Hit "Save"
This step is key. It uses Exchange Online Address Book Policies to separate user groups.
Check your settings
Double-check everything:
| Setting | Where to check | What to look for |
|---|---|---|
| Information barriers | Microsoft Purview compliance portal | Status: On |
| Scoped directory search | Microsoft Teams admin center | Status: On |
| User segments | PowerShell | Correct user assignments |
| Policies | Microsoft Purview compliance portal | Accurate rules and applications |
Use PowerShell to verify user segments and policies:
Get-InformationBarrierRecipientStatus -Identity user@contoso.com
This shows the information barrier status for a specific user.
A Microsoft 365 certified pro says: "Information barriers in Teams pack a punch, but they need careful setup. Always double-check your settings to match your org’s needs."
Create user groups
To set up information barriers in Microsoft Teams, you need to create user groups. Here’s how:
User account details
You’ll need these account details to make user groups:
- Department
- Job title
- Email address
- Alias
These help define segments for your barrier policies.
Use PowerShell to make groups
PowerShell is your tool for this job. Here’s what to do:
1. Open PowerShell as admin
2. Connect to Microsoft 365:
Connect-IPPSSession
3. Create a new segment:
New-OrganizationSegment -Name "Sales" -UserGroupFilter "Department -eq 'Sales'"
This makes a segment for all Sales department users.
To see all segments:
Get-OrganizationSegment | Format-List Name,UserGroupFilter
Tips for making groups
- Use clear names for your segments.
- Start with a few key groups.
- Check a user’s status:
Get-InformationBarrierRecipientStatus -Identity user@contoso.com
- Update your groups as your org changes.
"Information barriers in Teams are powerful, but need careful setup. Always double-check your settings." – Microsoft 365 pro
Make barrier policies
Here’s how to set up information barrier policies in Microsoft Teams:
Block or allow policies
You’ve got two main options:
- Block policies: Stop communication between specific groups
- Allow policies: Let communication happen only with certain groups
| Policy | What it does | When to use it |
|---|---|---|
| Block | Stops communication | Most groups can talk freely |
| Allow | Limits communication | Groups need strict separation |
Stick with block policies most of the time. It’s simpler for users.
Write policy rules
To create a policy:
- Open PowerShell as admin
- Connect to Microsoft 365:
Connect-IPPSSession
- Create the policy:
New-InformationBarrierPolicy -Name "Policy-Name" -AssignedSegment "Segment-A" -SegmentsBlocked "Segment-B" -State Inactive
Remember:
- One policy per segment
- Keep policies inactive until you’re ready
Test policies
Before going big:
- Make test segments with a few users
- Apply policies to these segments
- Check if test users can communicate
- Verify policy status:
Get-InformationBarrierPoliciesApplicationStatus -All
"Information barriers restrict communication between users inside a tenant." – Microsoft 365 Teams Administrator Associate Cert Prep Instructor
Ready to go? Apply policies:
Start-InformationBarrierPoliciesApplication
Heads up: It takes about an hour for every 5,000 user accounts. Plan accordingly for big orgs.
sbb-itb-8be0fd2
Use barrier policies
You’ve made your information barrier policies. Now let’s put them to work in Microsoft Teams.
Apply policies to groups
Here’s how to apply policies to user groups:
- Open PowerShell as admin
- Connect to Microsoft 365:
Connect-IPPSSession
- Apply policy to a segment:
New-OrganizationSegment -Name "Sales" -UserGroupFilter "Department -eq 'Sales'"
- Do this for each segment
Turn on policies
To activate your policies:
- Set policy to active:
Set-InformationBarrierPolicy -Identity "Policy-Name" -State Active
- Apply all active policies:
Start-InformationBarrierPoliciesApplication
This can take up to 24 hours for big organizations. Plan ahead.
Check policy status
Keep an eye on your policies:
- View all policies:
Get-InformationBarrierPolicy
- Check application status:
Get-InformationBarrierPoliciesApplicationStatus -All
This shows if policies are NotStarted, InProgress, or Completed.
| Status | Meaning |
|---|---|
| NotStarted | Policy not applied yet |
| InProgress | Policy being applied |
| Completed | Policy fully applied |
To stop the process:
Stop-InformationBarrierPoliciesApplication -Identity <ApplicationId>
Update your policies as your organization changes. It keeps your information barriers effective.
"Information barriers restrict communication between users inside a tenant." – Microsoft 365 Teams Administrator Associate Cert Prep Instructor
Set up barriers in SharePoint and OneDrive
Information barriers in SharePoint and OneDrive control communication between groups. Here’s how to set them up:
Barrier modes
SharePoint and OneDrive use different modes:
| Mode | SharePoint | OneDrive |
|---|---|---|
| Open | No segments, default for non-segmented sites | Default for non-segmented users |
| Owner Moderated | Allows collaboration between incompatible segments with oversight | Allows sharing with incompatible users when owner present |
| Implicit | Default for Teams-provisioned sites | N/A |
| Explicit | Applied when segment added to site | Only matching segments can share |
| Mixed | N/A | Allows sharing with segmented and unsegmented users |
SharePoint setup
- Enable barriers via PowerShell:
Set-SPOTenant -InformationBarriersSuspension $false
- Wait an hour for changes to take effect.
- Add segments to sites:
Set-SPOSite -Identity <site URL> -AddInformationSegment <segment GUID>
- Remove segments if needed:
Set-SPOSite -Identity <site URL> -RemoveInformationSegment <segment GUID>
OneDrive setup
- Enable barriers (same as SharePoint).
- Segmented users’ OneDrive is auto-protected.
- Manage user OneDrive segments:
- Add:
Set-SPOSite -Identity <OneDrive URL> -AddInformationSegment <segment GUID>
- Remove:
Set-SPOSite -Identity <OneDrive URL> -RemoveInformationSegment <segment GUID>
- Changes apply org-wide within 24 hours.
- OneDrive segments and modes auto-update if a user’s segment changes.
Fix barrier problems
Setting up information barriers in Teams? You might hit some snags. Here’s how to spot and solve common issues:
Common issues and fixes
1. Address Book Policy (ABP) conflicts
Users in segments can’t see the Global Address List in Outlook Web App or search names in Teams? They might have the "Empty AddressBook Mailbox Policy" applied.
Fix: Ditch all existing ABPs before setting up information barriers. Don’t create ABPs yourself – the barriers will do it automatically.
2. Policy creation errors
Getting a "Could not run the command New-InformationBarrierPolicy" error when creating block policies?
Fix: Make sure you have the Information Barrier Management role in Azure AD. If not, ask your admin to give it to you.
3. Unexpected user removals
Users suddenly vanishing from Teams, group chats, and meetings? Your Information Barrier (IB) policies might not be activated properly.
Fix: ALWAYS run Start-InformationBarrierPoliciesApplication right after activating IB policies.
PowerShell to the rescue
Use these PowerShell commands to diagnose and fix barrier issues:
# Check policy status
Get-InformationBarrierPolicy
# Evaluate user segments
Get-InformationBarrierRecipientStatus -Identity user@example.com
# Re-add users to Microsoft 365 groups
Add-UnifiedGroupLinks -Identity "GroupName" -LinkType Members -Links "user1@example.com","user2@example.com"
Need more help?
Still stuck?
- Check Microsoft’s docs for the latest updates and known issues.
- Use Azure AD audit search to find team member removals related to Information Barriers.
- If you’re still scratching your head, open a support ticket with Microsoft.
Help users adapt
Implementing information barriers in Microsoft Teams can shake things up. Here’s how to smooth the transition:
How barriers affect daily work
Information barriers put limits on who can talk to who. This means:
- Some Teams channels or chats might be off-limits
- Searching for or contacting certain colleagues could be tricky
- Some SharePoint sites and OneDrive content might disappear
Think of a financial firm where investment bankers can’t message research analysts. It’s all about keeping things above board and avoiding insider trading risks.
Tell users about changes
When rolling out these barriers, communication is key. Here’s the game plan:
1. Start early
Give your team a heads up well before D-Day. This gives them time to process and ask questions.
2. Use multiple channels
Spread the word through emails, meetings, intranet posts, and training sessions.
3. Explain the why
Help your team understand the reasoning. For example:
"We’re putting up these barriers to play by the rules and keep sensitive data safe. It’s all about avoiding conflicts and keeping our clients’ trust."
4. Be specific
Lay out who’s affected and how. A simple table can work wonders:
| Group | Can talk to | Can’t talk to |
|---|---|---|
| Sales | Marketing, Support | Finance, Legal |
| HR | Everyone | No one |
| Legal | Finance, HR | Sales, Marketing |
Offer user support
To help your team roll with the changes:
- Create a FAQ
- Set up a help desk
- Provide training
- Keep an eye on things and be ready to adjust
Keep barriers up to date
Managing information barriers in Microsoft Teams isn’t a set-it-and-forget-it task. You need to stay on top of it. Here’s how:
Check policies regularly
Look at your information barrier policies at least every three months. Make sure they still fit your company’s needs and follow the rules.
Example: In March 2023, a big financial company found out during a routine check that their policies weren’t updated after a department merger. This could have led to information leaks.
Use this checklist:
- [ ] Are all user segments still correct?
- [ ] Any new rules to follow?
- [ ] Do policies match recent company changes?
- [ ] Test some user accounts to check restrictions
Update groups and policies
When your company changes, your barriers need to change too:
1. Spot changes: New departments? Role changes? Company shakeups?
2. Fix user segments: Update PowerShell scripts for new groups.
3. Tweak policies: Change existing ones or make new ones.
4. Test and apply: Use Start-InformationBarrierPoliciesApplication to update all active policies.
Changes can take up to 24 hours to kick in. Try to update during off-hours to avoid disruptions.
Keep up with new features
Microsoft’s always adding new tools for information barriers. Stay in the loop:
- Check the Microsoft 365 roadmap
- Join Microsoft Teams admin forums
- Go to Microsoft events (online or in-person)
Fun fact: In late 2022, Microsoft rolled out better reporting for information barriers. Now admins can spot policy conflicts and user assignment issues faster.
| Feature | When | What it does |
|---|---|---|
| Better Reporting | Q4 2022 | Spots policy conflicts easier |
| Segment Analyzer | Q2 2023 | Suggests best user groupings |
| Policy Simulator | Planned Q4 2023 | Tests policy effects before you use them |
Wrap-up
Here’s a quick rundown of setting up information barriers in Microsoft Teams:
1. Check prerequisites
Make sure you have the right licenses, enable scoped directory search, turn on Microsoft 365 audit log, and get admin consent for IB policies.
2. Segment users
Update Azure AD properties, create segments (up to 5,000), and assign users to a max of 10 segments each.
3. Create IB policies
Use PowerShell to define Block or Allow policies. For example:
New-InformationBarrierPolicy -Name "Sales-Research" -AssignedSegment "Sales" -SegmentsBlocked "Research" -State Inactive
4. Apply and manage policies
Set policies to "Active" and use Start-InformationBarrierPoliciesApplication to apply changes. Give it up to 24 hours for large orgs.
Don’t forget to keep managing your barriers:
- Check policies quarterly
- Update when your org changes
- Use PowerShell for updates
Some final tips:
- Use as few policies as possible
- Keep Azure AD info current
- Plan updates during off-hours
- Stay up-to-date on new IB features
FAQs
How to set up information barriers in Teams?
Here’s how to set up information barriers in Microsoft Teams:
- Log into the compliance portal with admin credentials
- Navigate to Information barriers > Policies
- Click Create policy
- Name your policy and follow the wizard
Don’t forget to check your license and permissions first.
How do you set up information barriers in Teams?
Setting up information barriers in Teams involves:
- Planning your barrier strategy
- Creating user segments in Azure AD
- Defining policies with PowerShell
- Applying and managing those policies
Here’s an example of creating a policy:
New-InformationBarrierPolicy -Name "Finance-Marketing" -AssignedSegment "Finance" -SegmentsBlocked "Marketing" -State Inactive
What is the information barrier policy in Microsoft Teams?
Information barrier policies in Teams are rules that:
- Stop certain groups from communicating
- Protect sensitive info
- Help maintain compliance
For example, a policy might prevent Finance from chatting with Marketing to avoid insider trading risks.
How to configure information barriers?
To configure information barriers:
- Enable scoped directory search in Teams
- Update Azure AD with user segments
- Use PowerShell to create policies
- Apply policies and monitor their status
It can take up to 24 hours for changes to take effect in large organizations.
What is the information barrier policy in Teams?
Information barrier policies in Teams:
- Block unauthorized collaboration
- Restrict adding users to teams/channels
- Limit content access
- Prevent 1:1 and group chats
- Control meeting invites
- Affect user visibility in people search
For instance, if Enrico (Banking) and Pradeep (Financial Advisor) are in segments with a blocking policy, they can’t communicate in Teams.