How to Set Up Information Barriers in Microsoft Teams

How to Set Up Information Barriers in Microsoft Teams

Information barriers in Microsoft Teams help control communication and protect sensitive data. Here’s a quick guide to set them up:

  1. Check prerequisites:

    • Correct Microsoft 365 subscription
    • Admin permissions
    • Enabled scoped directory search
    • Turned on audit logging
  2. Create user segments in Azure AD
  3. Define policies using PowerShell:

    New-InformationBarrierPolicy -Name "Policy-Name" -AssignedSegment "Segment-A" -SegmentsBlocked "Segment-B" -State Inactive
    
  4. Apply and manage policies:

    Set-InformationBarrierPolicy -Identity "Policy-Name" -State Active
    Start-InformationBarrierPoliciesApplication
    
  5. Monitor and update regularly
Feature Purpose Example
Block policies Stop communication Prevent Sales from messaging Legal
Allow policies Limit communication Let HR talk to everyone
User segments Group users "Department -eq ‘Sales’"
Policy application Activate barriers Can take up to 24 hours

Remember: Keep Azure AD info current, plan updates during off-hours, and stay informed about new features.

Before you start

Setting up information barriers in Microsoft Teams needs some prep work. Here’s what you need:

Required subscriptions

You’ll need one of these Microsoft 365 subscriptions:

Subscription Includes Information Barriers
Microsoft 365 E5 Yes
Office 365 E5 Yes
Office 365 Advanced Compliance Yes
Microsoft 365 E5 Information Protection and Compliance Yes

Needed permissions

To manage information barrier policies, you need one of these roles:

  • Microsoft 365 global administrator
  • Office 365 global administrator
  • Compliance administrator
  • IB Compliance Management

Want to boost security? Use roles with the fewest permissions.

System needs

Before you dive in:

1. Check directory data

Make sure your org structure matches user account attributes.

2. Enable scoped directory search

Turn this on for Teams. Wait 24 hours before setting policies.

3. Turn on audit logging

This helps you track policy applications.

4. Remove Exchange address book policies

These can mess with information barriers.

5. Provide admin consent

Grant Teams the permissions it needs.

6. Install Azure PowerShell

You’ll need this for some setup tasks.

Microsoft says: "The compliance assistant runs every 24 hours on group-connected SharePoint sites without an associated Teams team."

Planning your barriers

Setting up information barriers in Microsoft Teams? You need a plan. Here’s how to do it:

Identify groups in your organization

Map out your departments that need communication controls. Think:

  • Finance
  • HR
  • Legal
  • Sales
  • Marketing

How do these groups talk to each other? Where might conflicts pop up?

Set communication rules

Create a matrix showing who can chat with who. Here’s an example:

Group Finance HR Legal Sales Marketing
Finance
HR
Legal
Sales
Marketing

See how Finance and Legal can’t talk to Sales and Marketing? That’s to avoid insider trading risks.

Make a barrier plan

Here’s your step-by-step:

1. List user groups and their attributes

2. Define communication policies for each group

3. Prepare PowerShell scripts for group creation

4. Schedule policy implementation

5. Plan user communication and training

6. Set up monitoring and compliance checks

Make sure your plan fits your company’s rules and industry regulations.

"These guidelines help people make smart communication choices."

Turn on information barriers in Teams

Ready to activate your planned barriers in Microsoft Teams? Let’s do it in three steps:

Enable the feature

Here’s how to turn on information barriers:

  1. Log in to the Microsoft Purview compliance portal
  2. Go to Information barriers
  3. Click "Turn on Information barriers"
  4. Wait 30 minutes for changes to take effect

You’ll need to be a Microsoft 365 global admin, compliance admin, or information barrier compliance manager.

Now, enable scoped directory search:

  1. Head to the Microsoft Teams admin center
  2. Select "Org-wide settings" > "Teams settings"
  3. Under "Search by name", switch on "Scope directory search in Teams"
  4. Hit "Save"

This step is key. It uses Exchange Online Address Book Policies to separate user groups.

Check your settings

Double-check everything:

Setting Where to check What to look for
Information barriers Microsoft Purview compliance portal Status: On
Scoped directory search Microsoft Teams admin center Status: On
User segments PowerShell Correct user assignments
Policies Microsoft Purview compliance portal Accurate rules and applications

Use PowerShell to verify user segments and policies:

Get-InformationBarrierRecipientStatus -Identity user@contoso.com

This shows the information barrier status for a specific user.

A Microsoft 365 certified pro says: "Information barriers in Teams pack a punch, but they need careful setup. Always double-check your settings to match your org’s needs."

Create user groups

To set up information barriers in Microsoft Teams, you need to create user groups. Here’s how:

User account details

You’ll need these account details to make user groups:

  • Department
  • Job title
  • Email address
  • Alias

These help define segments for your barrier policies.

Use PowerShell to make groups

PowerShell

PowerShell is your tool for this job. Here’s what to do:

1. Open PowerShell as admin

2. Connect to Microsoft 365:

Connect-IPPSSession

3. Create a new segment:

New-OrganizationSegment -Name "Sales" -UserGroupFilter "Department -eq 'Sales'"

This makes a segment for all Sales department users.

To see all segments:

Get-OrganizationSegment | Format-List Name,UserGroupFilter

Tips for making groups

  1. Use clear names for your segments.
  2. Start with a few key groups.
  3. Check a user’s status:
Get-InformationBarrierRecipientStatus -Identity user@contoso.com
  1. Update your groups as your org changes.

"Information barriers in Teams are powerful, but need careful setup. Always double-check your settings." – Microsoft 365 pro

Make barrier policies

Here’s how to set up information barrier policies in Microsoft Teams:

Block or allow policies

You’ve got two main options:

  1. Block policies: Stop communication between specific groups
  2. Allow policies: Let communication happen only with certain groups
Policy What it does When to use it
Block Stops communication Most groups can talk freely
Allow Limits communication Groups need strict separation

Stick with block policies most of the time. It’s simpler for users.

Write policy rules

To create a policy:

  1. Open PowerShell as admin
  2. Connect to Microsoft 365:
Connect-IPPSSession
  1. Create the policy:
New-InformationBarrierPolicy -Name "Policy-Name" -AssignedSegment "Segment-A" -SegmentsBlocked "Segment-B" -State Inactive

Remember:

  • One policy per segment
  • Keep policies inactive until you’re ready

Test policies

Before going big:

  1. Make test segments with a few users
  2. Apply policies to these segments
  3. Check if test users can communicate
  4. Verify policy status:
Get-InformationBarrierPoliciesApplicationStatus -All

"Information barriers restrict communication between users inside a tenant." – Microsoft 365 Teams Administrator Associate Cert Prep Instructor

Ready to go? Apply policies:

Start-InformationBarrierPoliciesApplication

Heads up: It takes about an hour for every 5,000 user accounts. Plan accordingly for big orgs.

sbb-itb-8be0fd2

Use barrier policies

You’ve made your information barrier policies. Now let’s put them to work in Microsoft Teams.

Apply policies to groups

Here’s how to apply policies to user groups:

  1. Open PowerShell as admin
  2. Connect to Microsoft 365:
Connect-IPPSSession
  1. Apply policy to a segment:
New-OrganizationSegment -Name "Sales" -UserGroupFilter "Department -eq 'Sales'"
  1. Do this for each segment

Turn on policies

To activate your policies:

  1. Set policy to active:
Set-InformationBarrierPolicy -Identity "Policy-Name" -State Active
  1. Apply all active policies:
Start-InformationBarrierPoliciesApplication

This can take up to 24 hours for big organizations. Plan ahead.

Check policy status

Keep an eye on your policies:

  1. View all policies:
Get-InformationBarrierPolicy
  1. Check application status:
Get-InformationBarrierPoliciesApplicationStatus -All

This shows if policies are NotStarted, InProgress, or Completed.

Status Meaning
NotStarted Policy not applied yet
InProgress Policy being applied
Completed Policy fully applied

To stop the process:

Stop-InformationBarrierPoliciesApplication -Identity <ApplicationId>

Update your policies as your organization changes. It keeps your information barriers effective.

"Information barriers restrict communication between users inside a tenant." – Microsoft 365 Teams Administrator Associate Cert Prep Instructor

Set up barriers in SharePoint and OneDrive

SharePoint

Information barriers in SharePoint and OneDrive control communication between groups. Here’s how to set them up:

Barrier modes

SharePoint and OneDrive use different modes:

Mode SharePoint OneDrive
Open No segments, default for non-segmented sites Default for non-segmented users
Owner Moderated Allows collaboration between incompatible segments with oversight Allows sharing with incompatible users when owner present
Implicit Default for Teams-provisioned sites N/A
Explicit Applied when segment added to site Only matching segments can share
Mixed N/A Allows sharing with segmented and unsegmented users

SharePoint setup

  1. Enable barriers via PowerShell:
Set-SPOTenant -InformationBarriersSuspension $false
  1. Wait an hour for changes to take effect.
  2. Add segments to sites:
Set-SPOSite -Identity <site URL> -AddInformationSegment <segment GUID>
  1. Remove segments if needed:
Set-SPOSite -Identity <site URL> -RemoveInformationSegment <segment GUID>

OneDrive setup

  1. Enable barriers (same as SharePoint).
  2. Segmented users’ OneDrive is auto-protected.
  3. Manage user OneDrive segments:
  • Add:
Set-SPOSite -Identity <OneDrive URL> -AddInformationSegment <segment GUID>
  • Remove:
Set-SPOSite -Identity <OneDrive URL> -RemoveInformationSegment <segment GUID>
  1. Changes apply org-wide within 24 hours.
  2. OneDrive segments and modes auto-update if a user’s segment changes.

Fix barrier problems

Setting up information barriers in Teams? You might hit some snags. Here’s how to spot and solve common issues:

Common issues and fixes

1. Address Book Policy (ABP) conflicts

Users in segments can’t see the Global Address List in Outlook Web App or search names in Teams? They might have the "Empty AddressBook Mailbox Policy" applied.

Fix: Ditch all existing ABPs before setting up information barriers. Don’t create ABPs yourself – the barriers will do it automatically.

2. Policy creation errors

Getting a "Could not run the command New-InformationBarrierPolicy" error when creating block policies?

Fix: Make sure you have the Information Barrier Management role in Azure AD. If not, ask your admin to give it to you.

3. Unexpected user removals

Users suddenly vanishing from Teams, group chats, and meetings? Your Information Barrier (IB) policies might not be activated properly.

Fix: ALWAYS run Start-InformationBarrierPoliciesApplication right after activating IB policies.

PowerShell to the rescue

Use these PowerShell commands to diagnose and fix barrier issues:

# Check policy status
Get-InformationBarrierPolicy

# Evaluate user segments
Get-InformationBarrierRecipientStatus -Identity user@example.com

# Re-add users to Microsoft 365 groups
Add-UnifiedGroupLinks -Identity "GroupName" -LinkType Members -Links "user1@example.com","user2@example.com"

Need more help?

Still stuck?

  1. Check Microsoft’s docs for the latest updates and known issues.
  2. Use Azure AD audit search to find team member removals related to Information Barriers.
  3. If you’re still scratching your head, open a support ticket with Microsoft.

Help users adapt

Implementing information barriers in Microsoft Teams can shake things up. Here’s how to smooth the transition:

How barriers affect daily work

Information barriers put limits on who can talk to who. This means:

  • Some Teams channels or chats might be off-limits
  • Searching for or contacting certain colleagues could be tricky
  • Some SharePoint sites and OneDrive content might disappear

Think of a financial firm where investment bankers can’t message research analysts. It’s all about keeping things above board and avoiding insider trading risks.

Tell users about changes

When rolling out these barriers, communication is key. Here’s the game plan:

1. Start early

Give your team a heads up well before D-Day. This gives them time to process and ask questions.

2. Use multiple channels

Spread the word through emails, meetings, intranet posts, and training sessions.

3. Explain the why

Help your team understand the reasoning. For example:

"We’re putting up these barriers to play by the rules and keep sensitive data safe. It’s all about avoiding conflicts and keeping our clients’ trust."

4. Be specific

Lay out who’s affected and how. A simple table can work wonders:

Group Can talk to Can’t talk to
Sales Marketing, Support Finance, Legal
HR Everyone No one
Legal Finance, HR Sales, Marketing

Offer user support

To help your team roll with the changes:

  1. Create a FAQ
  2. Set up a help desk
  3. Provide training
  4. Keep an eye on things and be ready to adjust

Keep barriers up to date

Managing information barriers in Microsoft Teams isn’t a set-it-and-forget-it task. You need to stay on top of it. Here’s how:

Check policies regularly

Look at your information barrier policies at least every three months. Make sure they still fit your company’s needs and follow the rules.

Example: In March 2023, a big financial company found out during a routine check that their policies weren’t updated after a department merger. This could have led to information leaks.

Use this checklist:

  • [ ] Are all user segments still correct?
  • [ ] Any new rules to follow?
  • [ ] Do policies match recent company changes?
  • [ ] Test some user accounts to check restrictions

Update groups and policies

When your company changes, your barriers need to change too:

1. Spot changes: New departments? Role changes? Company shakeups?

2. Fix user segments: Update PowerShell scripts for new groups.

3. Tweak policies: Change existing ones or make new ones.

4. Test and apply: Use Start-InformationBarrierPoliciesApplication to update all active policies.

Changes can take up to 24 hours to kick in. Try to update during off-hours to avoid disruptions.

Keep up with new features

Microsoft’s always adding new tools for information barriers. Stay in the loop:

  • Check the Microsoft 365 roadmap
  • Join Microsoft Teams admin forums
  • Go to Microsoft events (online or in-person)

Fun fact: In late 2022, Microsoft rolled out better reporting for information barriers. Now admins can spot policy conflicts and user assignment issues faster.

Feature When What it does
Better Reporting Q4 2022 Spots policy conflicts easier
Segment Analyzer Q2 2023 Suggests best user groupings
Policy Simulator Planned Q4 2023 Tests policy effects before you use them

Wrap-up

Here’s a quick rundown of setting up information barriers in Microsoft Teams:

1. Check prerequisites

Make sure you have the right licenses, enable scoped directory search, turn on Microsoft 365 audit log, and get admin consent for IB policies.

2. Segment users

Update Azure AD properties, create segments (up to 5,000), and assign users to a max of 10 segments each.

3. Create IB policies

Use PowerShell to define Block or Allow policies. For example:

New-InformationBarrierPolicy -Name "Sales-Research" -AssignedSegment "Sales" -SegmentsBlocked "Research" -State Inactive

4. Apply and manage policies

Set policies to "Active" and use Start-InformationBarrierPoliciesApplication to apply changes. Give it up to 24 hours for large orgs.

Don’t forget to keep managing your barriers:

  • Check policies quarterly
  • Update when your org changes
  • Use PowerShell for updates

Some final tips:

  • Use as few policies as possible
  • Keep Azure AD info current
  • Plan updates during off-hours
  • Stay up-to-date on new IB features

FAQs

How to set up information barriers in Teams?

Here’s how to set up information barriers in Microsoft Teams:

  1. Log into the compliance portal with admin credentials
  2. Navigate to Information barriers > Policies
  3. Click Create policy
  4. Name your policy and follow the wizard

Don’t forget to check your license and permissions first.

How do you set up information barriers in Teams?

Setting up information barriers in Teams involves:

  1. Planning your barrier strategy
  2. Creating user segments in Azure AD
  3. Defining policies with PowerShell
  4. Applying and managing those policies

Here’s an example of creating a policy:

New-InformationBarrierPolicy -Name "Finance-Marketing" -AssignedSegment "Finance" -SegmentsBlocked "Marketing" -State Inactive

What is the information barrier policy in Microsoft Teams?

Information barrier policies in Teams are rules that:

  • Stop certain groups from communicating
  • Protect sensitive info
  • Help maintain compliance

For example, a policy might prevent Finance from chatting with Marketing to avoid insider trading risks.

How to configure information barriers?

To configure information barriers:

  1. Enable scoped directory search in Teams
  2. Update Azure AD with user segments
  3. Use PowerShell to create policies
  4. Apply policies and monitor their status

It can take up to 24 hours for changes to take effect in large organizations.

What is the information barrier policy in Teams?

Information barrier policies in Teams:

  • Block unauthorized collaboration
  • Restrict adding users to teams/channels
  • Limit content access
  • Prevent 1:1 and group chats
  • Control meeting invites
  • Affect user visibility in people search

For instance, if Enrico (Banking) and Pradeep (Financial Advisor) are in segments with a blocking policy, they can’t communicate in Teams.

Related posts

Spend less time managing Teams and more time collaborating
Let us handle the details