Information barriers in Microsoft Teams

 

What is Information Barrier ?

 

Information barriers (IB) are policies that an admin can configure to prevent individuals or groups from communicating with each other. This is useful if, for example, one department is handling information that shouldn’t be shared with other departments or a group needs to be prevented, or isolated, from communicating with anyone outside of that group.

 

Background

The primary driver for information barriers comes from the financial services industry. The Financial Industry Regulatory Authority (FINRA) reviews information barriers and conflicts of interest within member firms and provides guidance as to how to manage such conflicts (FINRA 2241, Debt Research Regulatory Notice 15-31.

However, since introducing information barriers, many other areas have found them to be useful. Other common scenarios include:

  • Education: Students in one school aren’t able to look up contact details for students of other schools.
  • Legal: Maintaining confidentiality of data obtained by the lawyer of one client from being accessed by a lawyer for the same firm representing a different client.
  • Government: Information access and control is limited across departments and groups.
  • Professional services: A group of people in a company is only able to chat with a client or specific customer via federation or guest access during a customer engagement.

When to use information barriers

You might want to use information barriers in situations like these:

  • A team must be prevented from communicating or sharing data with a specific other team.
  • A team must not communicate or share data with anyone outside of the team.

 

 

 

#Use Az Powershell Module  with Global Admin rights or with right permission level for admin on exchange online role.
Login-AzAccount
$appId=”bcf62038-e005-436d-b970-2a472f8c1982″
$sp=Get-AzADServicePrincipal -ServicePrincipalName $appId
if ($sp -eq $null) { New-AzADServicePrincipal -ApplicationId $appId }
Start-Process  “https://login.microsoftonline.com/common/adminconsent?client_id=$appId”
# Create Segments in Org
# Note: Login to Microsoft Security and Compliance Powershell module.
New-OrganizationSegment -Name “Marketing” -UserGroupFilter “Department -eq ‘Marketing'”
New-OrganizationSegment -Name “research” -UserGroupFilter “Department -eq ‘Research'”
#Create InformationBarrier Policies accrodingly
New-InformationBarrierPolicy -Name “Marketing-Research” -AssignedSegment “Research” -SegmentsBlocked “Marketing” -State Inactive
New-InformationBarrierPolicy -Name “Research-Marketing” -AssignedSegment “Marketing” -SegmentsBlocked “Research” -State Inactive
#after creating InformationBarrier policies, note down GUID of each policy
Set-InformationBarrierPolicy -Identity 54e6d221-794e-4758-9ab7-fecdfc769320 -State Active
Set-InformationBarrierPolicy -Identity 6092d2d0-76dd-4f7d-98bc-93b793564079 -State Active
Get-InformationBarrierPolicy | FT
Start-InformationBarrierPoliciesApplication
Get-InformationBarrierPoliciesApplicationStatus
Assign Users with Department Attribute and test these new Microsoft teams security enhancements

I choose two users from company and changed their department for  respective policies.

Cheers.
Khalid Hussain