By design, Microsoft 365 enables communication and collaboration across groups of users and organizations. In the same light, it provides ways through which administrators can restrict communication and collaboration between different groups of users when necessary. Scenarios where this restriction is necessary to include when one might need to restrict communication and collaboration between different groups to avoid conflict of interest. Similarly, when the administrator intends to safeguard internal information, they might leverage said restriction. Microsoft Purview Information Barriers (IBs) are policies in place configured by an administrator to prevent individuals from collaborating or communicating with each other.
The IBs are supported in Microsoft Teams, SharePoint Online, and OneDrive for Business. Often, we see the compliance administrator or IB administrator be in charge of defining these policies in a bid to either allow or prevent communications between groups of users. Within Microsoft Teams, IBs can determine and prevent a few unauthorized collaborations. These include adding a user to a team or channel, user access to meetings, user access to 1:1 and group chats, and access to team or channel content.
Background of Information Barriers
IBs have their origin in the financial services industry. The Financial Industry Regulatory Authority (FINRA) reviews IBs and conflicts of interest within member firms. The authority provides guidance on managing such conflicts within the financial sector.
After the introduction of IBs, other industries have found these policies beneficial. For instance, within the education industry, students from one school aren’t able to look up contact details of students from other schools. Users in the legal field can use IBs to maintain the confidentiality of data from the different clients. The government can also utilize IBs to access and control information across the different departments. Finally, within professional services, the organization can group people based on their permission and authorization to access information.
Altogether, you use IBs when a team wants to prevent communication or data sharing with the other team. Additionally, the IBs come in handy when the administrator doesn’t want to communicate or share data with anyone else. You require an Information Barrier Policy Evaluation Service to determine whether the communication within your organization complies with IB policies. Note that before you set or define these policies, you’ve got to enable scoped directory search in Microsoft Teams. The IBs administrator role is responsible for managing these policies.
On Teams, IB policies activate if:
Newly Added Team Members
The moment you add a user to an existing team, you must evaluate the user’s policy against the preexisting IB policies. Once a user is successfully added, they can proceed to perform all functions within the team without having to conduct further checks.
New Chat Requests
The moment a user requests a new chat with other users, the chat needs evaluation to ensure that it doesn’t violate the preexisting IB policies. The conversation stops when the chat is flagged as being in violation of the IB policy.
Inviting a User to Join a Meeting
The IB policy takes effect once a user receives an invitation to join a meeting. This new user has to be evaluated against the IB policies in place to decide whether or not they should be allowed to join the meeting.
A Shared Screen Between Users
When users share a screen, this sharing must receive an evaluation to ensure that it doesn’t violate IB policies.
Required Licenses and Permissions
Before you start with IBs, you first have to confirm your Microsoft 365 subscription and additional add-ons that you’ve got. To access and use IB, here’s what you need:
- Microsoft 365 E5/A5/G5
- Microsoft 365 E5/A5/G5/F5 Compliance
- F5 Security & Compliance
- Microsoft 365 E5/A5/G5 Insider Risk Management
- Office 365 E5/A5/G5
Altogether, these provide the rights for a user to benefit from Information Barriers.
Known Issues for Information Barriers in Microsoft Purview
Users Can’t Join Ad-Hoc Meetings
Once enabling your IB policies, you might encounter an issue where users can’t join ad-hoc meetings. This happens when the size of the meeting roster is greater than the meeting attendance limits.
Users Can’t Join Channel Meetings
If IB policies are in place, users might not be allowed to join channel meetings if they are not team members. What happens is the moment a user requests to join a channel meeting, IB checks to show if they can be added to a meeting chat rooster. The reverse occurs without IB policies enabled for the organization. If a non-team member attempts to join a channel meeting, the user can join the meeting.
IB Policies Don’t Work for Federated Users
If you allow federation with external organizations, IB policies do not restrict users within these organizations. Additionally, if users of the organization join a chat or meeting organized by external federated users, IB policies might not apply. Specifically, there won’t be any restriction on communications between users in your organization.
Managing Microsoft Purview Information Barriers
As there are a couple of issues you are likely to experience, you’ve got to be open to consistently making changes to the policies. Consider this the most logical step after defining IB policies. Collectively, consider managing your IBs including troubleshooting and regular maintenance.
Note that the management of the IBs is the responsibility of your IB compliance management, who can then edit user account attributes, set policies on inactive statues, remove a policy or stop a policy application.
Microsoft Purview IBs provides a central and unified solution for data governance. It allows your organization to create a holistic, up-to-date map of your data landscape. Besides, your administrators can better manage and secure your data estate. Think of it this way, while Purview brings governance and compliance under one umbrella, IBs ensure easier management of all the different facets therein. These IBs help with comprehensive management, control, and protection of your data.
Overall, while IBs have their origin in the finance sector, it now benefits a myriad of industries. Whether it is an internal team with trade secrets who shouldn’t communicate online or a research team that should only call or chat online with a specific department, your organization should benefit from having some control over information sharing.
Learn More About Information Barriers in Microsoft Purview
Agile IT helps meet the needs of highly regulated industries in Microsoft 365 and Azure. To find out how you can meet the regulatory needs of your industry with the license you already have, please request a quote.