Before we start, please not that if you want to see a table of contents for all the sections of this blog and their various Purview topics, you can locate the in the following link:
Microsoft Purview- Paint By Numbers Series (Part 0) - Overview - Microsoft Tech Community
This document is not meant to replace any official documentation, including those found at docs.microsoft.com. Those documents are continually updated and maintained by Microsoft Corporation. If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed. Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.
All of the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.
The Information Protection section of this blog series is aimed at Security and Compliance officers who need to properly label data, encrypt it where needed.
This document is meant to guide an administrator who is “net new” to Microsoft E5 Compliance through.
We will be setting up an Information Barrier between two groups of users. Here are the primary steps we will be performing:
This will be communications between teams (Teams chat and emai).
This document does not cover any other aspect of Microsoft E5 Compliance, including:
It is presumed that you have a pre-existing of understanding of what Microsoft E5 Compliance does and how to navigate the User Interface (UI).
This document will walk an administrator through setting up a basic Information Barrier between two groups of users.
You need to prevent 2 groups within an organization from communicating.
To do a block of 2 users/groups from communicating, you will Need to set up a minimum of 2 Polices. Each policy will block 1-way communication e direction. Here is a not from the official documentation (also referenced in the Appendix links).
For Exchange and Information Barriers, please read the following. This is also referenced in the Appendix below.
The full list of pre-requisites and can be found in the following link:
Get started with information barriers - Microsoft Purview (compliance) | Microsoft Docs
To start, you will need to understand which properties the users are associated with.
You will need to set up a minimum of 2 segments.
You will need to set up a minimum of 2 Polices. Each policy will block communication one direction.
Now that your two 1-way policies are created and activated, you have to Apply them to your tenant.
If you are having issues with your policies not being applied to Teams or your tenant, you can try the following steps from an elevated PowerShell command.
a. Here is the raw cmdlet: Connect-IPPSSession -UserPrincipalName <UPN> [-ConnectionUri <URL>] [-AzureADAuthorizationEndpointUri <URL>] [-PSSessionOption $ProxyOptions]
b. Note – “-UserPrincipalNameUPN. <UPN> is your account in user principal name format (ex admin@companyx.com )
c. Here is a sample of how this cmdlet: Connect-IPPSSession -UserPrincipalName admin@companyx.com
a. Here is the 1st cmdlet: Import-Module ExchangeOnlineManagement
b. Here is the 2nd cmdlet: Install-Module -Name ExchangeOnlineManagement
a. Here is the cmdlet: Set-ExecutionPolicy RemoteSigned
a. Use is the cmdlet: Start-InformationBarrierPoliciesApplication
List of your Information Barriers policies
a. Here is the cmdlet: Get-InformationBarrierPolicy
b. Example results:
Get started with information barriers - Microsoft Purview (compliance) | Microsoft Docs
Manage information barriers policies - Microsoft Purview (compliance) | Microsoft Docs
Use information barriers with SharePoint - SharePoint in Microsoft 365 | Microsoft Docs
Connect to Security & Compliance PowerShell using the EXO V2 module | Microsoft Docs
Get started with information barriers - Microsoft Purview (compliance) | Microsoft Docs
Learn about information barriers - Microsoft Purview (compliance) | Microsoft Docs
Note: This solution is a sample and may be used with Microsoft Compliance tools for dissemination of reference information only. This solution is not intended or made available for use as a replacement for professional and individualized technical advice from Microsoft or a Microsoft certified partner when it comes to the implementation of a compliance and/or advanced eDiscovery solution and no license or right is granted by Microsoft to use this solution for such purposes. This solution is not designed or intended to be a substitute for professional technical advice from Microsoft or a Microsoft certified partner when it comes to the design or implementation of a compliance and/or advanced eDiscovery solution and should not be used as such. Customer bears the sole risk and responsibility for any use. Microsoft does not warrant that the solution or any materials provided in connection therewith will be sufficient for any business purposes or meet the business requirements of any person or organization.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.