Information Barriers (IBs) in Microsoft Teams are digital walls that control communication between user groups. Here’s what you need to know:
- Purpose: Prevent unauthorized communication to maintain compliance and protect sensitive data
- Requirements: Microsoft 365 E5/A5 or Office 365 E5/A5 license, specific admin roles
- Setup Process:
- Group users based on organizational structure
- Create IB policies using PowerShell
- Apply policies across Microsoft 365
- Configure SharePoint and OneDrive settings
Key Points:
- Takes up to 24 hours for policies to fully apply
- Affects Teams, SharePoint, and OneDrive
- Requires regular monitoring and maintenance
- Can’t do one-way restrictions or work with distribution lists
Common Issues:
- Unexpected blocking of users
- Policies not applying correctly
- Slow policy application
Remember: IBs are powerful but not perfect. They need careful setup and ongoing management to be effective.
Related video from YouTube
Before You Start
Setting up information barriers (IBs) in Microsoft Teams isn’t a walk in the park. You need to prep before diving in. Here’s what you need to know:
License Requirements
First up: your Microsoft 365 license. You’ll need one of these:
- Microsoft 365 E5
- Office 365 E5
- Office 365 Advanced Compliance
- Microsoft 365 E5 Information Protection and Compliance
Not sure what you’ve got? Ask your IT folks. Without the right license, you’re locked out of IB features.
Admin Access Needs
Regular user account? Not gonna cut it. You need these admin roles:
- Microsoft 365 global administrator
- Office 365 global administrator
- Compliance administrator
- Information Barrier Compliance Management
These roles let you create and manage IB policies. If you don’t have them, find someone who does.
Setup Checklist
Before you jump in, tick off these boxes:
1. Check your directory data
Make sure your org structure is right in your directory. User accounts, group memberships, department names – all that good stuff.
2. Turn on scoped directory search
Do this in Microsoft Teams. But here’s the kicker: wait 24 hours after turning it on before you set up your first IB policy.
3. Audit logging
Make sure it’s on. You’ll need it to keep an eye on your IB policy status.
4. Clear out old policies
If you’re in Legacy mode, ditch any existing Exchange Online address book policies. They don’t play well with IB policies.
5. Give admin consent
Grant the necessary permissions for Microsoft Teams to work with your new IB setup.
Setting up IBs isn’t just about ticking boxes. It’s about making your digital workspace fit your org’s needs and rules. As one user put it: "There are so many catches in teams meetings, SharePoint, OneDrive it’s all integrated into IB." It’s powerful, but you need to think it through.
Before you start configuring, grab your security team or compliance officer. You need to figure out:
- Who needs restrictions?
- What blocks and allowances should each user or group have?
- What unauthorized communications do you need to stop?
- Which user attributes will you use to segment users in your policies?
Get these answers, and you’re ready to roll.
Setting Up User Groups
Let’s dive into creating and managing user groups for information barriers (IBs) in Microsoft Teams. We’ll use PowerShell commands to set up segments and policies.
PowerShell Commands for Groups
To create user groups, you’ll use the New-OrganizationSegment
cmdlet. Here’s how:
- Open PowerShell and connect to your Azure Active Directory:
Connect-AzureAD
- Create segments with
New-OrganizationSegment
:
New-OrganizationSegment -Name "HR" -UserGroupFilter "Department -eq 'HR'"
New-OrganizationSegment -Name "Sales" -UserGroupFilter "Department -eq 'Sales'"
New-OrganizationSegment -Name "Research" -UserGroupFilter "Department -eq 'Research'"
These commands create segments for HR, Sales, and Research departments.
You can have up to 5,000 segments, and users can be in up to 10 segments.
Next, set up IB policies with New-InformationBarrierPolicy
:
New-InformationBarrierPolicy -Name "Sales-Research" -AssignedSegment "Sales" -SegmentsBlocked "Research" -State Inactive
This creates an inactive policy stopping "Sales" from communicating with "Research".
Check Your Group Setup
After setting up, verify your configuration:
- View all segments:
Get-OrganizationSegment
- Check a specific user:
Get-InformationBarrierRecipientStatus -Identity user@example.com
- View all IB policies:
Get-InformationBarrierPolicy
Need changes? Use Set-OrganizationSegment
:
Set-OrganizationSegment -Identity c96e0837-c232-4a8a-841e-ef45787d8fcd -UserGroupFilter "Department -eq 'HRDept'"
After changes, apply policies:
Start-InformationBarrierPoliciesApplication
Setting up user groups for IBs needs careful planning. As TechTarget points out:
"Communication control policies are critical to the security strategy of the enterprise as more users work from home and adopt multiple collaboration tools."
Setting Up Barrier Rules
Now that we’ve got our user groups, let’s dive into the meat of Information Barriers (IBs) in Microsoft Teams: barrier rules. These are the real game-changers.
Types of Rules
There are two main flavors of IB policies:
- Block policies: No talking allowed between certain groups.
- Allow policies: Green light for communication between specific groups.
Let’s use a real-world example. Say you’re setting up IBs for "MoneyWise Investments". They want to keep their day traders and marketing team from chatting to avoid any whiff of insider trading.
Here’s how you’d do it:
New-InformationBarrierPolicy -Name "DayTraders-Marketing-Block" -AssignedSegment "DayTraders" -SegmentsBlocked "Marketing" -State Inactive
This policy puts up a wall between the "DayTraders" and "Marketing" segments.
But maybe you want your research team and product development folks to collaborate:
New-InformationBarrierPolicy -Name "Research-ProductDev-Allow" -AssignedSegment "Research" -SegmentsAllowed "ProductDevelopment" -State Inactive
This policy gives the green light for "Research" and "ProductDevelopment" to chat it up.
Allow and Block Settings
When you’re setting up these rules, you need to think carefully about who should be talking to whom. Here’s a game plan:
- Start by assuming nobody can talk to anyone.
- Figure out who NEEDS to work together.
- Set up "allow" policies for these essential collaborations.
- Identify who should NEVER communicate.
- Create "block" policies for these no-go zones.
Let’s see how this might look for MoneyWise Investments:
# Research and Product Development can chat
New-InformationBarrierPolicy -Name "Research-ProductDev-Allow" -AssignedSegment "Research" -SegmentsAllowed "ProductDevelopment" -State Inactive
# Day Traders can't talk to Marketing
New-InformationBarrierPolicy -Name "DayTraders-Marketing-Block" -AssignedSegment "DayTraders" -SegmentsBlocked "Marketing" -State Inactive
# HR can talk to everyone
New-InformationBarrierPolicy -Name "HR-AllowAll" -AssignedSegment "HR" -SegmentsAllowed "All" -State Inactive
These policies are set to "Inactive" by default. To turn them on, use this:
Set-InformationBarrierPolicy -Identity "DayTraders-Marketing-Block" -State Active
After setting up your policies, you need to apply them:
Start-InformationBarrierPoliciesApplication
Heads up: This can take a while for big organizations – we’re talking 24 hours or more.
Setting up these rules isn’t a walk in the park. It takes some serious thought and planning. But get it right, and you’ll have a communication structure that keeps your organization compliant, conflict-free, and running smoothly.
sbb-itb-8be0fd2
Microsoft Teams Settings
Let’s talk about setting up Microsoft Teams for information barriers. It’s not just about flipping a few switches – you need to get a few things right.
SharePoint and OneDrive Setup
Teams works hand-in-hand with SharePoint and OneDrive. So, to make information barriers work in Teams, you’ve got to set these up correctly too.
Here’s what you need to do:
1. Check your license
Make sure you’ve got Microsoft 365 E5 or Office 365 E5. You need one of these to use information barriers.
2. Set up your policies
Use PowerShell to create and turn on your information barrier policies.
3. Wait it out
After you’ve set everything up, give it a day. It takes about 24 hours for the changes to spread across your organization.
Now, let’s break down how information barrier modes work in SharePoint and OneDrive:
Mode | What it does | Example |
---|---|---|
Open | No restrictions | A site for the whole company |
Owner Moderated | Different groups can work together if the owner says it’s okay | Sales and Research working together, with HR keeping an eye on things |
Explicit | Only certain groups can access | A Research site that only the Research team can use |
Implicit | Access based on Microsoft 365 group membership | A Sales team site that all Sales team members can use |
Want to use Microsoft 365 group membership for all Implicit mode sites? Run this PowerShell command:
Set-SPOTenant -IBImplicitGroupBased $true
Don’t forget to check your SharePoint and OneDrive settings regularly. Make sure they still match up with your information barrier policies.
User Search Settings
Controlling who can find and contact others in Teams is a big deal for information barriers. Here’s how to set it up:
1. Turn on scoped directory search
This uses Exchange Online Address Book Policies to separate user groups. Here’s how:
- Go to the Teams admin center
- Click on Teams > Teams settings
- Under Search by name, turn on Scope directory search using an Exchange address book policy
2. Set up Global Address List (GAL) segmentation
This helps stop people from accidentally talking to the wrong groups. One IT admin on Reddit said:
"I use this for 10 schools that share the same tenant. It really helps in my Org because the users expect the people picker to be the same across email, SharePoint and teams."
3. Create Information Barrier segments
Group your users based on things like departments or roles. These groups are the building blocks of your information barrier policies.
4. Set communication rules
Use PowerShell to create policies that control who can talk to who. For example:
New-InformationBarrierPolicy -Name "Sales-Research-Block" -AssignedSegment "Sales" -SegmentsBlocked "Research" -State Active
This policy stops the Sales team from talking to the Research team.
Fix Problems and Monitor
Setting up information barriers in Microsoft Teams is just step one. You need to keep tabs on things and be ready to fix issues when they pop up. Let’s look at how to tackle common problems and make sure your barriers are doing their job.
Common Problems and Fixes
Even with careful setup, you might hit some snags. Here are typical issues and how to fix them:
1. Users unexpectedly blocked from communicating
If team members suddenly can’t chat or join meetings, it’s time to dig in. Use this PowerShell cmdlet:
Get-InformationBarrierRecipientStatus -Identity username@company.com
This shows if the user is affected by an information barrier policy. If they’re not in any policy, you might need to call Microsoft support.
2. Communications allowed between users who should be blocked
This is a big deal that could cause compliance issues. First, check if the users are actually in an information barrier policy:
Get-InformationBarrierRecipientStatus -Identity username@company.com
If they are, check which segments are in the policy:
Get-InformationBarrierPolicy -Identity policyID
Make sure the segments are set up right:
Get-OrganizationSegment
3. Slow policy application
Information barrier policies can take a while to apply, especially in big organizations. If it’s taking too long, check the status:
Get-InformationBarrierPoliciesApplicationStatus
It can take up to 24 hours or more for changes to fully spread. As a rule of thumb, it takes about an hour to process 5,000 user accounts.
4. Policies not applying at all
If your policies seem to be ignored, check for any existing Exchange address book policies. These can stop information barrier policies from working. You’ll need to get rid of them before your IB policies can kick in.
Check the Logs
Keeping an eye on things is key to make sure your information barriers are working right. Here’s how to do it:
1. Use audit logs
Turn on audit logging in the Microsoft 365 compliance center. This helps you track changes to your information barrier policies and user segments.
2. Regular policy reviews
Set up a schedule to review your policies, maybe every three months. Use this cmdlet to get an overview:
Get-InformationBarrierPolicy
3. Monitor user feedback
Keep your ears open for user complaints or confusion. Sometimes, the first sign of a problem is a user saying they’re unexpectedly blocked.
4. Check for inconsistencies
Users have reported weird behavior, like being blocked from a meeting one minute and allowed in the next. As one user said:
"A user is invited to join a meeting: When a user is invited to join a meeting, the IB policy that applies to the user is evaluated against the IB policies that apply to the other team members. If there’s a violation, the user won’t be allowed to join the meeting."
This inconsistency shows why you need to keep checking and fix problems fast.
5. Stay updated
Watch for updates from Microsoft. For example, in March 2023, they pushed an update that fixed an issue with creating information barrier policies. After any update, test your setup to make sure barriers are still working right.
Summary
Setting up Information Barriers (IBs) in Microsoft Teams is a big deal for companies that need to keep things under wraps. Let’s break down the key points:
What’s the Point?
IBs are like digital walls. They stop certain groups or people from chatting with each other. This is huge for industries like finance, healthcare, and law, where keeping secrets is a must.
For example, a bank could use IBs to stop insider trading by keeping their investment and retail banking teams from talking to each other.
What You Need
You’ll need specific licenses (like Microsoft 365 E5/A5 or Office 365 E5/A5) and the right admin roles. Make sure you’ve got these before you start.
How to Set It Up
- Group your users based on your company structure
- Create IB policies using PowerShell
- Apply these policies across Microsoft 365
Heads up: It might take a full day for everything to kick in, especially if you’ve got a big company.
Don’t Forget SharePoint and OneDrive
IBs in Teams work with SharePoint and OneDrive too. You’ll need to set these up to match your IB policies.
Keep an Eye on Things
Once you’ve set everything up, don’t just forget about it. Check your audit logs regularly and review your policies from time to time. Be ready to fix common problems like unexpected blocking.
Real-World Examples
- A law firm could use IBs to keep client info secret by stopping teams working on opposing cases from talking to each other.
- A hospital could use IBs to protect patient privacy by only letting authorized medical staff access patient info.
Limitations
IBs are powerful, but they’re not perfect. They can’t do one-way restrictions or work with distribution lists. Also, you’ll need to use PowerShell to manage policies, which might be tricky for some people.
In the end, IBs in Microsoft Teams can really boost your information security. As Suzy Kassem said:
"In an age where information is power, one’s control over the flow of information is essential."
That’s exactly what IBs do – they help you control your information in today’s digital world.
FAQs
How to set up information barriers?
Setting up information barriers in Microsoft Teams isn’t rocket science. Here’s what you need to do:
- Log into the Microsoft 365 compliance portal with your admin account.
- Head to Information barriers > Policies.
- Hit Create policy to make a new IB policy.
- Give your policy a name that makes sense, then click Next.
Just remember: You’ll need to be a Microsoft 365 global admin or Compliance admin to set this up.
Thomas Juhl Olesen, who knows his stuff about Microsoft tech, puts it this way:
"Microsoft Purview Information Barriers (IBs) are policies that an admin can configure to prevent individuals or groups from communicating with each other."
What is the information barrier policy in Microsoft Teams?
Think of information barrier policies in Teams as digital walls. They stop certain groups or people from chatting with each other in your organization. Why? To keep things compliant with your internal rules or industry regulations.
Picture this: A law firm uses IBs to make sure lawyers working on opposite sides of a case can’t talk to each other. Or a bank might use them to block day traders from chatting with outside folks, avoiding any whiff of insider trading.
Microsoft explains it like this:
"IBs are useful if, for example, one department is handling information that shouldn’t be shared with other departments."
Here’s the cool part: These policies work in real-time. Joanna, an Independent Advisor, breaks it down:
"When a user is invited to join a meeting, the IB policy that applies to the user is evaluated against the IB policies that apply to the other team members. If there’s a violation, the user won’t be allowed to join the meeting."
So, it’s like having a bouncer at every digital door, making sure only the right people get in.