Creating communication barriers between your Teams users

With Microsoft Ignite bringing us a lot of new features in Microsoft Teams I thought it was also time to write about one existing feature I like for Teams which are Information Barrier Policies.

What’s that? IBP’s are policies that create boundaries between users so they are not able to communicate with each other based on specific properties you specify in your policies.

As an example, you could block communications between department A and B but allow both to interact with department C like so:

In this blog I’ve created policies based on group membership, but there are all sorts of properties you can use as criteria for your policies.
What’s very important about this is that you only use one of these attributes as the main criteria for all of your policies.
Please take a look here for all of the properties you can use:

https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-attributes?view=o365-worldwide

Requirements

To use IBP’s you’ll need 2 things:

What are we going to do?

In order to look up the status of a policy application, audit logging must be turned on.
To do this log in to the Security & Complaince Center and enable Audit Log Search as shown in the below video. You can also this by using PowerShell commands (click here)

To limit the scope of the search in Teams you will need to enable Scoped directory search.
This will set up Teams to apply the policies during user searches in Teams.

Create AAD Groups & Information Segments and block interaction

Because I’ve used group membership as the criteria for applying the policies I will create these groups and set the policies query to look at the memberof property for every user.
When you create the segments be sure to only use one attribute as was already mentioned in the first part of this blog.

Activate the policies

After we’ve created the policies they will not be actived directly, we will have to do this ourselves. Then to process these policies you will need to create a job for the IBP agent like so:

The End Result

As you can see in below video when I search for a user which is part of a blocked segment I am not able to find the user.

Because I had a chat session with this user before applying the policy I am still able to see this chat but it will not allow me to send anymore messages to the user.
Also searching for the user won’t let it show up in the results, just like we wanted.

I think Information Barriers are a great way to limit the scope of communications and the good thing is that it’s supported for all the Microsoft 365 services like Exchange, Sharepoint, OneDrive etc.

That’s it for now, please leave a message if you have any questions!

Dit vind je misschien ook leuk...

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *

%d bloggers liken dit: