Information Barriers in Microsoft Teams

 

Hands from a guy typing on his phone

With the current technologies, we can communicate and engage with colleagues from work at any time. However, this “open communication” could represent a serious risk for some organizations or industries. When some departments are handling information that shouldn’t be shared with other departments, or when a group needs to be prevented from communicating with anyone outside of that group, those are some of the scenarios that companies have to deal with. That’s what Information Barriers are made for.

What are information barriers?

Microsoft offers Information barriers as a solution for companies to handle and control this kind of scenarios. Information barriers are policies that an admin can configure to prevent individuals or groups from communicating with each other. The difference from Scoped Directory Search is that information barrier also enforces the policy to block the communication and lets the user know this.

The compliance administrator or information barriers administrator can define policies to allow or prevent communications between groups of users in Microsoft Teams. Information barrier policies can be used for situations like the following:

  •  A day trader cannot call someone from the marketing team
  • Finance personnel working on confidential company information cannot receive calls from certain groups within their organization
  • An internal team with trade secret material cannot call or chat online with people in certain groups within their organization
  • A research team can only call or chat online with a product development team.
    Additionally, Information barrier policies prevent user lookup and discovery of people outside your group. This means that if you attempt to communicate with someone you should not be communicating with, you will not find that user in the people picker.

Information barriers use cases:

  • Education: Students from one school are not able to see or search for contact details of students from other schools.
  • Legal: Maintaining confidentiality of data obtained by the lawyer of one client from being accessed by a lawyer for the same firm representing a different client.
  • Government: Information access and control is limited across departments and groups.
  • Professional services: A group of people in a company is only able to chat with a client or specific customer via federation or guest access during a customer engagement.

The flexibility of Information Barrier policies allows you to control how much communication you restrict. For example, you can only restrict screen-sharing or video calls, or you can completely silo one department from another.

License

Information barriers are only available to the following license levels:

  • Microsoft 365 E5
  • Office 365 E5
  • Office 365 Advanced Compliance
  • Microsoft 365 E5 Compliance

Key elements

The key elements involved in creating the information barrier policy are:

  • Segment the users in your organization.
  • Define Information barrier policies.
  • Apply the information barrier policies.

Roles

To define or edit information barrier policies, you must be assigned one of the following roles:

  • Microsoft 365 global administrator
  • Office 365 global administrator
  • Compliance administrator
  • IB Compliance Management

When someone attempt to communicating with an user that is part of a segment with restrictions, a message like the one below will show up:

Windows of restrictions alert on Teams

There are many situations where different users in an Azure Active Directory should not be able to communicate with each other. Organizations should not underestimate the implications of Information Barriers as they will drastically impact the daily tasks of the entire staff. Reason enough to start planning now.

Implementing Information Barriers starts with checking potential legal regulations and includes a variety of steps such as defining roles and responsibilities, identifying segments, communicating to the staff, reviewing existing business processes, defining policies, training, user adoption, change management, and more.

If you want to learn more about Microsoft Team features, best practices as well as to learn how to drive Teams adoption within your organization, connect with our specialist here or visit our blog to stay up to date.