New-InformationBarrierPolicy
This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.
Use the New-InformationBarrierPolicy cmdlet to create information barrier policies in the Microsoft Purview compliance portal.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
New-InformationBarrierPolicy
[-Name] <String>
-AssignedSegment <String>
-SegmentAllowedFilter <String>
[-Comment <String>]
[-Confirm]
[-Force]
[-ModerationAllowed <Boolean>]
[-State <EopInformationBarrierPolicyState>]
[-WhatIf]
[<CommonParameters>] New-InformationBarrierPolicy
[-Name] <String>
-AssignedSegment <String>
-SegmentsAllowed <MultiValuedProperty>
[-Comment <String>]
[-Confirm]
[-Force]
[-ModerationAllowed <Boolean>]
[-WhatIf]
[<CommonParameters>] New-InformationBarrierPolicy
[-Name] <String>
-AssignedSegment <String>
-SegmentsBlocked <MultiValuedProperty>
[-Comment <String>]
[-Confirm]
[-Force]
[-ModerationAllowed <Boolean>]
[-WhatIf]
[<CommonParameters>] Description
Information barrier policies are not in effect until you set them to active status, and then apply the policies:
- (If needed): Block communications between segments.
- After all of your policies are defined: Apply information barrier policies.
For more information, see Information barrier policies.
To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft Purview compliance portal.
Examples
Example 1
New-InformationBarrierPolicy -Name "Sales-Research" -AssignedSegment "Sales" -SegmentsBlocked "Research" -State InactiveThis example creates an inactive policy named Sales-Research for a segment named Sales. When active and applied, this policy prevents people in Sales from communicating with people in the segment named Research.
Example 2
New-InformationBarrierPolicy -Name "Manufacturing-HR" -AssignedSegment "Manufacturing" -SegmentsAllowed "Manufacturing","HR" -State InactiveThis example creates an inactive policy named Manufacturing-HR for a segment named Manufacturing. When active and applied, this policy allows people in Manufacturing to communicate only with people in the segment named HR. (In this example, Manufacturing can't communicate with users who aren't in HR.)
Example 3
New-InformationBarrierPolicy -Name "Research-HRManufacturing" -AssignedSegment "Research" -SegmentsAllowed "Research","HR","Manufacturing" -State InactiveThis example creates a policy that allows the Research segment to communicate with only HR and Manufacturing.
Parameters
-AssignedSegment
The AssignedSegment parameter specifies the Name value of segment that you want to include in the information barrier policy. You can find existing segments by running the following command: Get-OrganizationSegment | Format-List Name,UserGroupFilter.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-Comment
The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note".
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-Confirm
The Confirm switch doesn't work on this cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-Force
The Force switch hides warning or confirmation messages. You don't need to specify a value with this switch.
You can use this switch to run tasks programmatically where prompting for administrative input is inappropriate.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-ModerationAllowed
{{ Fill ModerationAllowed Description }}
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-Name
The Name parameter specifies a unique name for the information barrier policy that you want to create. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks (").
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-SegmentAllowedFilter
This parameter is reserved for internal Microsoft use.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-SegmentsAllowed
The SegmentsAllowed parameter specifies the segments that are allowed to communicate with the segment in this policy (users defined by the AssignedSegment parameter). Only these specified segments can communicate with the segment in this policy.
You identify the segment by its Name value. If the value contains spaces, enclose the value in quotation marks ("). You can specify multiple segments separated by commas ("Segment1","Segment2",..."SegmentN").
You can't use this parameter with the SegmentsBlocked parameter.
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-SegmentsBlocked
The SegmentsBlocked parameter specifies the segments that aren't allowed to communicate with the segment in this policy (users defined by the AssignedSegment parameter). You can specify multiple segments separated by commas ("Segment1","Segment2",..."SegmentN").
You identify the segment by its Name value. If the value contains spaces, enclose the value in quotation marks ("). You can specify multiple segments separated by commas ("Segment1","Segment2",..."SegmentN").
You can't use this parameter with the SegmentsAllowed parameter.
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-State
The State parameter specifies whether the information barrier policy is active or inactive. Valid values are:
- Active
- Inactive (This is the default value.)
| Type: | EopInformationBarrierPolicyState |
| Accepted values: | Inactive, Active |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-WhatIf
The WhatIf switch doesn't work in Security & Compliance PowerShell.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |