03-04-2019 06:50 AM
03-04-2019 06:50 AM
Has anyone heard of the ability to block particular groups from communicating with each other?
Group A cant talk to Group B, we have compliance restrictions where users cannot communicate and have implemented restrictions via exchange but we would like to block this via teams as well.
03-04-2019 07:03 AMSolution
Teams does have support for "ethical walls", using the same ABP controls that Exchange uses. Where it fails short is the ability to block the actual communication, as we don't have any analog of transport rules for Teams. In other words, you can use ABPs to prevent users from seeing each other in the client, but if they are a member of a common Team, you cannot prevent them from communicating.
03-04-2019 08:11 AM
Hey Yes, I did know you could block "seeing" other users from a Gal block, but right am curious about the transport or other blocking methods teams may be working on.
Thanks for the response!
03-04-2019 12:11 PM
I'm not entirely sure how they could be in a common team, wouldn't the policy prevent team owners adding people from 'the other side' ? Also you could fairly easily create a script to check that this remained the case.
03-04-2019 10:53 PM
The policy applies to some, not necessarily *all* users. Being added to teams by the owner or admin, using dynamic team membership, even things such as "suggested contacts" all allow you to bypass the ABP restrictions.
03-05-2019 12:15 AM
So I see how an admin can make a mistake, either adding people manually or creating a dynamic rules that does so, or by excluding certain users from the ABP that then break the policy as owners. I'm not sure what 'suggested contacts' would be in the context of Teams.
I can't see how or where a 'transport rule' type thing would exist in a platform like teams, channel conversations aren't like email messages, there's no sender and recipient to trap in a list. You are more looking for a means to detect or prevent users from each side of the ABP being in the same teams/groups. This would seem entirely scriptable, if perhaps a bit slow to process in a large environment. Maybe a simple naming scheme on the teams would help.
I've not heard of anything being considered, but adding a request or votes to uservoice would be one way to make the product group aware of the requirement. Maybe look at using the new supervision options to more closely monitor people in a role that should not interact, or the upcoming DLP policies to block sensitive information types in Teams.
03-05-2019 12:37 AM
There is a uservoice for Ethical Walls in Teams, not many votes.
I have a vague memory of hearing something about a Teams ethical wall feature at Ignite, but I can't find anything about it now so maybe it was the ABP they were refering to.
In another thread discussing this topic a third-party tool was mentioned that allows you to setup policies to block external and internal group of users to communicate.
03-05-2019 01:04 AM
03-05-2019 11:46 AM
It's a "suggested contact", the last group on your "recent" chats tab :) Which doesn't seem to care about the fact that my account was out of the scope of the ABP.
As for transport rules analog - think of how we will get DLP implemented in Teams. Same story basically. If you can scan a message for DLP violations and take actions on it, you can most certainly scan it for "ethical wall" violations.
07-24-2019 08:00 AM
MS Teams has Information barriers in teams for ethical walls. See the link below: