Organizations dealing with financial services, legal, public sectors, professional services have a huge concern about insider risks and are sceptical about security & compliance with respect to Modern Workplace. Insider risks can include vulnerabilities ranging across loss of Intellectual properties, frauds, data spillage, violations of specific department’s confidentiality, workplace harassments, regulatory compliance violations, conflicts of interest and more. Microsoft Purview is offering Insider risk capabilities like Communication Compliance, Insider risk management, Information barriers (IB) and Privileged access management.
IB are used to restrict any kind of collaboration and Teams communication between two internal segments of users within an organization. IB offers a comprehensive detect, alert, and remediate mechanism and is applicable to MS Teams, SharePoint, One Drive for business and Exchange Online workloads.
Key Components of IB
1. User Account attributes that are defined in Azure AD & Exchange Online like Department, Job title, Location etc.
2. Segments are set of users created using PowerShell and defined in Compliance portal that use selected User Account attributes.
3. IB policies determine the communication restrictions. There are two types of IB policies
a. Block Policies: To prevent One segment communication with another segment.
b. Allow Policies: Allow one segment to communicate with certain segments only.
4. If you want non-IB users & groups to be visible to IB segment & policy users, use block policy. Non-IB users & groups will not be visible to IB Segment & policy users while using allow policies.
5. Modern groups support IB. Distributed lists & Security groups are considered as non-IB groups
6. In IB enabled tenant, hidden/disabled user accounts are prevented from communicating with all other user accounts.
1. Microsoft 365 Enterprise Global Administrator
2. Global Administrator
3. Compliance Administrator
4. IB Compliance Management (New Role)
If we need to restrict collaboration and communication for Group A & Group B using IB, users in both groups A & B require a license.
Following licenses provides rights to the user to benefit from IB Service
1. Microsoft 365 E5/A5/G5
2. Microsoft 365 E5/A5/G5 Compliance
3. Microsoft 365 E5/A5/G5 Insider Risk Management
4. Office 365 E5/A5/G5
When IB policies are applied, they restrict 2 ways collaboration & communication. When Department A (DeptA) & Department B (DeptB)are segmented under IB policies, they cannot communicate & collaborate with each other. For example, Consider DeptA users trying to communicate & collaborate with DeptB users, follow activities are restricted.
MS Teams
SharePoint Online & One Drive for Business
Surya Pammi is a Technology Enthusiast working as an Infrastructure Architect in Cognizant Technology Solutions. He is MCT Certified and is an MVP aspirant. His technical expertise spans across Microsoft 365, Microsoft SharePoint, MS Teams, MS Viva & Power Platform.
To write your own blog on a topic of interest as a guest blogger in the Microsoft Teams Community, please submit your idea here: https://aka.ms/TeamsCommunityBlogger
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.