Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Purview Information Barriers (IB) is a compliance solution that restricts two-way communication and collaboration between groups and users in Microsoft Teams, SharePoint, and OneDrive. Often used in highly regulated industries, IB helps avoid conflicts of interest and safeguards internal information between users and organizational areas.
When you create IB policies, users who can't communicate or share files with other specific users can't find, select, chat, or call those users. IB policies automatically put checks in place to detect and prevent unauthorized communication and collaboration among defined groups and users. IB policies are independent from compliance boundaries for eDiscovery investigations that control user content locations that eDiscovery managers can search.
IB policies can allow or prevent communication and collaboration between groups and users for the following example scenarios:
- Users in the Day Trader group can't communicate or share files with the Marketing Team
- Instructors in one school can't communicate or share files with students in another school in the same school district.
- Finance personnel working on confidential company information can't communicate or share files with certain groups within their organization
- An internal team with trade secret material can't call or chat online with users in certain groups within their organization
- A research team can only call or chat online with a product development team
- A SharePoint site for Day Trader group can't be shared or accessed by anyone outside of the Day Trader group
Important
Information Barriers only supports two-way communication and collaboration restrictions. For example, a scenario where Marketing can communicate and collaborate with Day Traders, but Day Traders can't communicate and collaborate with Marketing isn't supported.
Information Barriers and Microsoft Teams
In Microsoft Teams, IB policies determine and prevent the following kinds of unauthorized communication and collaboration:
- Searching for a user
- Adding a member to a team
- Starting a chat session with someone
- Starting a group chat
- Inviting someone to join a meeting
- Sharing a screen
- Placing a call
- Sharing a file with another user
- Accessing a file through sharing a link
If the users conducting these activities in Microsoft Teams are included in an IB policy to prevent the activity, they can't proceed. In addition, everyone included in an IB policy can be potentially blocked from communicating with other users in Microsoft Teams. When users affected by IB policies are part of the same team or group chat, they might be removed from those chat sessions and further communication with the group might not be allowed.
For more information, see Information Barriers in Microsoft Teams.
Information Barriers and SharePoint and OneDrive
In SharePoint and OneDrive, IB policies detect and prevent the following kinds of unauthorized collaboration:
- Adding a member to a site
- Accessing site or content by a user
- Sharing site or content with another user
- Searching a site
For more information, see Information Barriers in SharePoint and Information Barriers in OneDrive.
Information Barriers and Microsoft Planner
As a work management tool, Microsoft Planner enables users to collaborate on plans and tasks. If your compliance admin configures IB policies to restrict communication and collaboration between user segments, Microsoft Planner supports these restrictions.
IB policies allow administrators to enable or disable search restrictions in the people picker. With IB support in Planner, when a user searches for others in the People picker to share a plan or to assign a task, they don't see users from segments they're restricted from communicating with. This restriction prevents users from one segment from sharing plans or assigning tasks to users in another segment.
IB support in Microsoft Planner is available for basic plans in the following applications:
- Planner Web
- Planner in Teams web
- Planner in Teams desktop
- Planner in Teams mobile app
When IB policy administrators create a new policy or modify an existing policy, users can still access existing plans shared with them or already assigned tasks. For any subsequent plan sharing or task assignment, an IB policy check is triggered and collaboration is permitted or restricted as defined by the policy.
Information Barriers and Exchange Online
Information barrier (IB) policies can't restrict communication and collaboration between groups and users in email messages. Only Exchange Online deployments currently support IB policies. If your organization needs to define and control email communications, consider using Exchange mail flow rules.
Information Barriers and Exchange for single and multi-segment modes
If your organization uses single or multisegment mode, Information Barriers no longer relies on Exchange Online Address Book Policies (ABPs). Enabling Information Barriers doesn't affect organizations that use ABPs. If users don't have an ABP defined with associated IB segments and policies, the system automatically creates an ABP with empty address lists for these users. You can change these ABPs as needed. We recommend that your ABPs are consistent with the segments you configure in Information Barriers. Avoid user visibility differences between your existing ABPs and your new Information Barriers configuration.
Information Barriers and Exchange for legacy mode
If your organization uses legacy mode, IB policies rely on Exchange Online Address Book Policies (ABPs). ABPs let organizations virtually assign users into specific groups to provide customized views of the organization's global address list (GAL). When you create IB policies, the system automatically creates ABPs for the policies. As you add IB policies in your organization, the structure and behavior of your GAL changes to comply with IB policies.
Before you define and apply IB policies, remove all existing Exchange address book policies in your organization. IB policies rely on address book policies, and existing ABPs policies aren't compatible with the ABPs that IB creates. To remove your existing address book policies, see Remove an address book policy in Exchange Online. When you enable IB policies and enable hierarchical address book, all users not included in an IB segment see the hierarchical address book in Exchange Online.