Learn about information barriers

Note

Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded. For more information about Microsoft Purview, see the blog announcement and the What is Microsoft Purview? article.

Microsoft Purview Information Barriers (IB) is a compliance solution that allows you to restrict two-way communication and collaboration between groups and users in Microsoft Teams, SharePoint Online, and OneDrive for Business. Often used in highly regulated industries, IB can help to avoid conflicts of interest and safeguard internal information between users and organizational areas.

When IB policies are in place, users who shouldn't communicate or share files with other specific users won't be able to find, select, chat, or call those users. IB policies automatically put checks in place to detect and prevent unauthorized communication and collaboration among defined groups and users. IB policies are independent from compliance boundaries for eDiscovery investigations that control user content locations that eDiscovery managers can search.

IB policies can allow or prevent communication and collaboration between groups and users for the following example scenarios:

  • Users in the Day Trader group shouldn't communicate or share files with the Marketing Team
  • Finance personnel working on confidential company information shouldn't communicate or share files with certain groups within their organization
  • An internal team with trade secret material shouldn't call or chat online with people in certain groups within their organization
  • A research team should only call or chat online with a product development team
  • A SharePoint site for Day Trader group shouldn't be shared or accessed by anyone outside of the Day Trader group

Important

Information barriers only supports two-way communication and collaboration restrictions. For example, a scenario where Marketing can communicate and collaborate with Day Traders, but Day Traders cannot communicate and collaborate with Marketing isn't supported.

Information barriers and Microsoft Teams

In Microsoft Teams, IB policies determine and prevent the following kinds of unauthorized communication and collaboration:

  • Searching for a user
  • Adding a member to a team
  • Starting a chat session with someone
  • Starting a group chat
  • Inviting someone to join a meeting
  • Sharing a screen
  • Placing a call
  • Sharing a file with another user
  • Access to a file through sharing a link

If the users conducting these activities in Microsoft Teams are included in an IB policy to prevent the activity, they won't be able to proceed. In addition, everyone included in an IB policy can be potentially blocked from communicating with other users in Microsoft Teams. When people affected by IB policies are part of the same team or group chat, they may be removed from those chat sessions and further communication with the group may not be allowed.

For more information, see information barriers in Microsoft Teams.

Information barriers and SharePoint and OneDrive

In SharePoint Online and OneDrive, IB policies detect and prevent the following kinds of unauthorized collaboration:

  • Adding a member to a site
  • Accessing site or content by a user
  • Sharing site or content with another user
  • Searching a site

For more information, see Information barriers in SharePoint and Information barriers in OneDrive.

Information barriers and Exchange Online

IB policies aren't available to restrict communication and collaboration between groups and users in email messages. IB policies are based on Exchange Online Address Book Policies (ABPs). ABPs allow organizations to virtually assign users into specific groups in order to provide customized views of the organization's global address book (GAL). When IB policies are created, ABPs for the policies are automatically created. As IB policies are added in your organization, the structure and behavior of your GAL will change to comply with IB policies.

Before you define and apply IB policies, you must remove all existing Exchange address book policies in your organization. IB policies are based on address book policies and existing ABPs policies aren't compatible with the ABPs created by IB. To remove your existing address book policies, see Remove an address book policy in Exchange Online. Once IB policies are enabled and if you have hierarchical address book enabled, all users not included in an IB segment will see the hierarchical address book in Exchange online.

Only Exchange Online deployments are currently supported for IB policies. If your organization needs to define and control email communications, consider using Exchange mail flow rules.

Ready to get started?