Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Purview Information Barriers (IB) is a compliance solution that restricts two-way communication and collaboration between groups and users in Microsoft Teams, SharePoint, and OneDrive. Often used in highly regulated industries, IB helps avoid conflicts of interest and safeguards internal information between users and organizational areas.
When you create IB policies, users who can't communicate or share files with other specific users can't find, select, chat, or call those users. IB policies automatically put checks in place to detect and prevent unauthorized communication and collaboration among defined groups and users. IB policies are independent from compliance boundaries for eDiscovery investigations that control user content locations that eDiscovery managers can search.
IB policies can allow or prevent communication and collaboration between groups and users for the following example scenarios:
- Users in the Day Trader group can't communicate or share files with the Marketing Team
- Instructors in one school can't communicate or share files with students in another school in the same school district.
- Finance personnel working on confidential company information can't communicate or share files with certain groups within their organization
- An internal team with trade secret material can't call or chat online with users in certain groups within their organization
- A research team can only call or chat online with a product development team
- A SharePoint site for Day Trader group can't be shared or accessed by anyone outside of the Day Trader group
Important
Information Barriers only supports two-way communication and collaboration restrictions. For example, a scenario where Marketing can communicate and collaborate with Day Traders, but Day Traders cannot communicate and collaborate with Marketing isn't supported.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Microsoft Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.
Information Barriers and Microsoft Teams
In Microsoft Teams, IB policies determine and prevent the following kinds of unauthorized communication and collaboration:
- Searching for a user
- Adding a member to a team
- Starting a chat session with someone
- Starting a group chat
- Inviting someone to join a meeting
- Sharing a screen
- Placing a call
- Sharing a file with another user
- Access to a file through sharing a link
If the users conducting these activities in Microsoft Teams are included in an IB policy to prevent the activity, they can't proceed. In addition, everyone included in an IB policy can be potentially blocked from communicating with other users in Microsoft Teams. When users affected by IB policies are part of the same team or group chat, they might be removed from those chat sessions and further communication with the group might not be allowed.
For more information, see Information Barriers in Microsoft Teams.
Information Barriers and SharePoint and OneDrive
In SharePoint and OneDrive, IB policies detect and prevent the following kinds of unauthorized collaboration:
- Adding a member to a site
- Accessing site or content by a user
- Sharing site or content with another user
- Searching a site
For more information, see Information Barriers in SharePoint and Information Barriers in OneDrive.
Information Barriers and Exchange Online
Information barrier (IB) policies can't restrict communication and collaboration between groups and users in email messages. Only Exchange Online deployments currently support IB policies. If your organization needs to define and control email communications, consider using Exchange mail flow rules.
Information Barriers and Exchange for single and multi-segment modes
If your organization uses single or multi-segment mode, Information Barriers no longer relies on Exchange Online Address Book Policies (ABPs). Enabling Information Barriers doesn't affect organizations that use ABPs. If users don't have an ABP defined with associated IB segments and policies, the system automatically creates an ABP with empty address lists for these users. You can change these ABPs as needed. We recommend that your ABPs are consistent with the segments you configure in Information Barriers. Avoid user visibility differences between your existing ABPs and your new Information Barriers configuration.
Information Barriers and Exchange for legacy mode
If your organization uses legacy mode, IB policies rely on Exchange Online Address Book Policies (ABPs). ABPs let organizations virtually assign users into specific groups to provide customized views of the organization's global address list (GAL). When you create IB policies, the system automatically creates ABPs for the policies. As you add IB policies in your organization, the structure and behavior of your GAL changes to comply with IB policies.
Before you define and apply IB policies, remove all existing Exchange address book policies in your organization. IB policies rely on address book policies, and existing ABPs policies aren't compatible with the ABPs that IB creates. To remove your existing address book policies, see Remove an address book policy in Exchange Online. When you enable IB policies and enable hierarchical address book, all users not included in an IB segment see the hierarchical address book in Exchange Online.