Explore Microsoft Purview Information Barriers

Completed

Microsoft 365 enables communication and collaboration across groups and organizations. It also supports ways to restrict communication and collaboration among specific groups of users when necessary. Why would organizations want to restrict communication and collaboration? Well, some of the most common issues that businesses struggle with are conflicts of interest and insider trading with intercommunication and collaborations between certain groups within the organization. These scenarios may require an organization to restrict collaboration between certain employees to safeguard internal information.

Microsoft 365 addresses these types of issues with Microsoft Purview Information Barriers (IB). IB is a compliance solution that allows organizations to restrict two-way communication and collaboration between groups and users in Microsoft Teams, SharePoint, and OneDrive. Highly regulated industries often use information barriers. IB can help organizations avoid conflicts of interest and safeguard internal information between users and organizational areas.

In Microsoft Purview Information Barriers, a segment is a logical grouping of users or groups of users who are subject to the same set of information barrier policies. Organizations typically create segments based on factors such as job function, department, or business unit. When organizations create different segments, they can apply different policies to different groups of users, depending on their specific data access and privacy requirements.

For example, an organization creates a segment for employees in the Finance department who have access to sensitive financial data. It then applies a set of IB policies that restrict their access to that data. The organization then creates a separate segment for employees in the Marketing department who don't have access to financial data. It then applies a different set of IB policies that restrict their access to marketing data.

Segments in Microsoft Purview Information Barriers help organizations to manage and control access to sensitive data. They do so by creating logical groupings of users and applying policies based on those groupings.

What are Microsoft Purview Information Barriers?

Information Barriers is a feature of Microsoft Purview. IB enables organizations to set up policies that control access to sensitive data. It also prevents certain users or groups from accessing that data. IB can help organizations ensure that only authorized users can access their data, and only when they have a legitimate need to access that data. This feature can be useful in scenarios where there are regulatory requirements around data access and privacy, or where there are concerns about conflicts of interest.

A Compliance administrator or an Information Barrier administrator can define policies to allow or prevent communications between groups of users in Microsoft Teams. Organizations can use information barriers for situations like these:

  • Prohibiting communication or file sharing between users on different teams.
  • Prohibiting calling or online chat between users in certain groups within the organization.
  • Restricting a user to only call or chat online with a specific team.
  • Restricting file sharing or access to a certain site by anyone outside a specific team.

Note

Microsoft Purview Information Barriers only support two-way restrictions. With this type of restriction, users from team A can't initiate communication with team B, and users from team B can't initiate communication with team A. Information barriers don't support one-way restrictions. In a one-way restriction, users from team A can't initiate communications with team B, but users from team B can initiate communication with team A.

Microsoft Teams, SharePoint Online, and OneDrive for Business support Microsoft Purview Information Barriers. Microsoft Purview performs checks whenever users covered by IB policies attempt to communicate and collaborate with other users in Microsoft Teams, SharePoint Online, or OneDrive. These checks determine whether Microsoft Purview allows or prevents communication and collaboration based on the IB policies in place. The purpose of these checks is to ensure that users only share information with authorized users, as defined by the IB policies.

The following illustration is a visual representation of how a Microsoft Purview Information Barrier policy works. In this example, an organization has an IB policy that stops the Investment banker team from communicating or collaborating with the Financial advisor team. However, they can still both communicate with other teams, such as the HR group.

Diagram showing how an I B policy to stop the Investment banker team from communicating or collaborating with the Financial advisor team.

The Financial Services sector is traditionally the primary driver for information barriers. The Financial Industry Regulatory Authority (FINRA) reviews information barriers and conflicts of interest within member firms. It then provides guidance about managing such conflicts (such as FINRA 2241, Debt Research Regulatory Notice 15-31).

How do information barrier policies work?

Microsoft Purview Information Barrier policies prevent people who shouldn't communicate or share files with certain users from finding, selecting, chatting with, or calling those users. With Microsoft Purview Information Barriers, checks are in place to prevent these types of unauthorized communication and collaboration.

Information barriers apply to Microsoft Teams (chats and channels), SharePoint Online, and OneDrive. In Microsoft Teams, information barrier policies determine and prevent the following types of unauthorized communication:

  • Searching for a user
  • Adding a member to a team
  • Starting a chat session with someone
  • Starting a group chat
  • Inviting someone to join a meeting
  • Sharing a screen
  • Placing a call
  • Sharing a file with another user
  • Access to file through sharing link

If an IB policy prohibits certain individuals from engaging in a particular activity, the system prevents them from continuing with that activity. Potentially, the system can block everyone included in an information barrier policy from communicating with others in Microsoft Teams. When people affected by information barrier policies are part of the same team or group chat, you can remove them from those chat sessions. In turn, the system may not allow further communication with the group.

In SharePoint Online and OneDrive, information barrier policies determine and prevent the following types of unauthorized collaborations:

  • Adding a member to a site.
  • Accessing site or content by a user.
  • Sharing site or content with another user.
  • Searching a site.

Knowledge check

Choose the best response for the following question.

Check your knowledge

1.

Information barriers apply to which of the following services?