Information Barriers Preview
Published Apr 30 2019 12:30 PM 33.8K Views

Avoid conflicts of interest within your organization by limiting which individuals can communicate and collaborate with each other in Microsoft Teams. Information Barriers in Microsoft Teams, now in Preview, helps limit the flow of information by controlling communication between the holders of information and colleagues representing different interests, for example, in Firstline Worker scenarios.

 

As an Administrator, you can create these policies using the Security & Compliance Center PowerShell cmdlets.

 

Figure 1: Create Information Barriers Policies via PowerShell.Figure 1: Create Information Barriers Policies via PowerShell.

 

Once a policy is in effect, it will apply to Teams events and users will not be able to complete the following actions if they violate any part of the information barrier policy:

 

Action

User Experience if policy is violated

Adding Members to a team 

The user will not show up in search

Start a new private chat 

The chat is not created, and an error message appears

invited a user to join a meeting 

The user will not join the meeting and an error message appears

Screen sharing is initiated 

The screen share won’t be allowed, and an error message appears

Placing a phone call (VOIP)

The voice call is blocked

 

Figure 2: Meet Ethical Wall requirements with Information Barriers in Teams.Figure 2: Meet Ethical Wall requirements with Information Barriers in Teams.

 

When a new information barrier is created, the evaluation service searches across Teams to find any pre-existing communications that may violates the policy:

  • Existing 1:1 chats will become read-only
  • Users will be removed from group chats
  • Team membership will be updated accordingly

The ability to create Information Barriers policies during preview is open to all customers. When we announce General Availability of this capability, only customers with the appropriate licenses will be able to continue using this functionality.

 

Let us know what you think!
If you have suggestions on how to make Teams better, please submit your idea via User Voice or vote for existing ideas to help us prioritize the requests. We read every piece of feedback that we receive to make sure that Microsoft Teams meets your needs.
Christopher Bryan, Microsoft Teams

 

45 Comments
Deleted
Not applicable

Great stuff. This will really unblock some scenarios 

Deleted
Not applicable

This is great stuff indeed! You mention “only customers with the appropriate licenses will be able to continue using this functionality [when GA]”, what licenses will that be exactly?

Hi @Deleted  - you can find this information under the "Required licenses and permissions" section of the documentation:

  • Microsoft 365 E5
  • Office 365 E5
  • Office 365 Advanced Compliance
  • Microsoft 365 E5 Compliance
Copper Contributor

Will both parties need an A5 license? Eg if you wish to block a First Line Worker from being able to chat with the CEO will both the First Line Worker and the CEO need A5? Or can we just license the CEO?

Copper Contributor

When I saw this I honestly thought maybe it was an April fools joke that I was just now seeing or maybe that an account was hacked.  I've never seen a modern organization that was trying to limit communication, collaboration or information sharing. Seems like most organizations are trying to find ways to tear barriers down, not build new ones. 

 

I'm sure there's a valid use for this, I guess I just haven't personally experienced it. I've always operated under the assumption if your organization can't effectively share information both horizontally and vertically, from the front line worker to all the way to the CEO, you'll probably die as soon as a competitor comes in that does.

Loren,

 

Sometimes there are regulatory reasons as to why groups of users need to temporarily or permanently be prevented from communicating with one another. For example, say a law firm is representing both sides of a case, the two teams would need to be restricted from being able to communicate with each other.  There are many verticals such as legal, financial services, etc. that have these requirements.

Iron Contributor
Great to hear this is moving along!! When can we expect it to be available in our tenants? PowerShell cmdlets are not yet showing up...
Microsoft

Hi @Nick Bryant ,

 

In order to use Information Barriers all the users in the Tenant need to be have E5 licenses.

Microsoft

Hi @Dan Myhre,

 

You can enroll to access this feature by following the steps mentioned in sign up here. We are working on releasing this widely in the next few weeks.

Copper Contributor

@Sean van Osnabrugge  That makes sense. I guess the scope of my experience is fairly limited vs the entirety of situations that MS has to support.

 

Keep up the good work, love the product, I hope team rooms get a bit more love. 

 

-Loren

Copper Contributor

@Loren Okuly I published a video explaining the reasons why a business would need this capability - https://www.youtube.com/watch?v=KHq6k1xuxqI

Copper Contributor

This is great work guys, a lot of people have been waiting for this especially in the financial industry. I am looking forward to this being released in GA so I can access the PS Cmdlets. Sounds like this should be moving towards public preview in the next few weeks? It that the timeline we should expect? 

 

Thanks! 

Iron Contributor

@Christopher Bryan Are attempts to cross the barrier logged somewhere, or just blocked for the user?

Iron Contributor

@Christopher Bryan With ethical walls applying to all communication between two people/groups, rather than just communication through a single product between two groups, is Information Barriers a new Office 365-wide ethical walls approach with Microsoft Teams as the first workload, or a Microsoft Teams only approach to ethical walls with other approaches still being required for other Office 365 workloads, e.g., Exchange, SharePoint, etc.? Is there a bigger picture than just Teams?

Microsoft

@danthetechman  we are working towards making this available to all in the next few weeks.

Microsoft

@Michael Sampson Information Barriers feature is designed to work for all Office workloads based on the policy settings  defined in Security and Compliance portal. Teams is the first one to support IB and SharePoint will be supporting this next. 

Also on your question of attempts to violate, we will have reports that will capture those attempts.  

Copper Contributor
We run a large 365 EDU tenant with very specific rules regarding student communications. As we look at Teams to facilitate greater collaboration this will really help lock down visibility concerns and open up new opportunities for students. Great to see it!
Copper Contributor

This is very cool indeed, it removes the need for external and expensive products that traditionally were needed to address these scenarios... I like it a lot! simplification of the landscape is very valuable to us all.  

Copper Contributor
This is great! Like many law firms we have other products which facilitate this in the other platforms we use (eg document repositories, data rooms, time & billing systems). Is there intent to integrate with existing third party barrier products such as Intapp Walls? Would be excellent to only manage IBs once in one place and apply everywhere..
Iron Contributor

Will 'Office 365 A1 for students' licence entitlement include Information Barriers?

Brass Contributor

Could this be a solution for blocking chat between students, but allowing teachers to chat with students?

Copper Contributor

@Vikramj any tentative dates?

Microsoft

@Holly Lanham  : IB should be able to support what you are asking, it all depends on the way how you configure policies.

@fmintah : We are working on deployments and fixing some feedback that we got in preview. It should be very soon 

Iron Contributor

@SamAlexander42 and @Holly Lanham  - Does your students have Office 365 A5, as required licenses for Information Barriers is A5/E5. Let's hope @Vikramj 'Office 365 A1 for students' licence entitlement will include Information Barriers

Copper Contributor

Is this still in Preview? 

 

Thanks 

It’s now generally available

Copper Contributor

Excellent, thanks for the confirmation. 

Microsoft

Here is the link to the Info Barrier documentation

Copper Contributor

This appears to be available only to E5 organizations. When will this be available to organizations on A1? 

Iron Contributor

I am waiting on advice from the Microsoft Education team on A1 Student Benefits

Microsoft

I am seeing an issue with regards to IB:

Admin is trying to add the user to a Team from the desktop client but the user does not show up (expected) but the same user can be added to the team from the Teams admin center. Is that an expected behavior or a bug?

Copper Contributor

@Vikramj So under a scenario where I have

50 total users
5 users in HR
5 users in Accounting

I want to setup an information barrier between HR and Accounting, I need E5 licenses for ALL users and not just HR and Accounting?

Thanks!
Brandon

Microsoft

@BrandonShankss in your case you need 10 E5 Licenses (5 users in HR, 5 users in Accounting)

Copper Contributor

@Vikramj - I understood @BrandonShankss to mean that he wants to stop any of the 50 users outside HR and Accounting from contacting HR or Accounting. In that case as I understand it you need a licence for those 40 users. Or more precisely:
If there are 50 users in total in the organisation
40 standard users
5 HR users
5 Accounting users
If I want to stop any of the 40 users from contacting HR or Accounting, I need 40 licences.
If I want to stop HR from contacting Accounting I need 5 licences.
If I want to stop Accounting from contacting HR I need 5 licences.
So to stop HR contacting Accounting and vice versa, you need 10 licences as you said.
But to stop non-HR/Accounting staff from contacting the protected teams then you need 40 licences.

This makes it very expensive in HE situations where we are trying to stop thousands of Students from contacting a few people. Unless I have misunderstood how licensing works for Information Barriers.

Copper Contributor

I am getting failures when running an 'or' statement when creating information barriers.  Has anyone run into the same issue?  It runs when creating one segment.  all subsequent attempts fail.

 

Copper Contributor

Would you know if or when IB barriers can be scoped to more than two segments? I have a use case where you need more than two segments in the same block policy so as an example: Top Group company and five child companies all in the same single M365 tenant. The group company can communicate with any child company however the child companies may not communicate via Teams with each other using info barriers. I have attempted to set this up for five segments but you obviously cannot due to segment overlap being detected.

Bronze Contributor

Hello @Christopher Bryan 

Could you please explain to me that why is the "New-InformationBarrierPolicy" is not recognized in PowerShell on my machine? As you can see I've installed EXOV2 module.

Little_Joe_0-1632454001505.png

 

Iron Contributor

@Little_Joe I would check 2 things:

1. Did you run Connect-IPPSSession?

2. Are you connecting to a tenant that includes information barriers? Dev tenants do not unfortunately.

 

Dan

Copper Contributor

@Little_Joe have you turned on scoped directory in Teams and waited 24 hours?

Bronze Contributor

Hello @Dan Myhre 

 

Yes, I am running with Connect-IPPSSession cmdlets and connecting to my tenant.

What did u mean regarding the second point? Not every tenant having such feature?

Bronze Contributor

Hello @doggonewater672 ,

 

Yes, I've turned on already and waiting for 72 hours now....

Iron Contributor

Correct @Little_Joe , Information Barriers is an advanced compliance feature, so it will only work in tenants with the proper licensing. If you are trying to test this out using a MSDN or Office Developer tenant, you are out of luck. Try it by spinning up an E5 trial tenant.

Bronze Contributor

@Dan Myhre , 

 

Thanks for your reply.

 

But seriously? Such feature why is not available in Developer tenant? Is there somewhere that MS explicitly said about this? 

Iron Contributor

I feel the same way. I already discussed with support and requested that the PG add this, but no luck. Trial is the best option right now for testing.

 

If you look in AAD, you can see that "Information Barriers" is not listed in the service plan details section for the Microsoft 365 E5 Developer SKU (DEVELOPERPACK_E5)

 

In a real E5 tenant (or one of the other paid licenses that includes IBs), you will see it listed as "Information Barriers"

Bronze Contributor

@Dan Myhre 

 

Thank you!

 

That's so funny... If not available then MS should let the client know, at least you block the feature of to segment the department. :face_with_tears_of_joy: 

Version history
Last update:
‎Jan 26 2021 01:14 PM
Updated by: