Learn about information barriers
Microsoft Purview Information Barriers (IB) is a compliance solution that allows you to restrict two-way communication and collaboration between groups and users in Microsoft Teams, SharePoint, and OneDrive. Often used in highly regulated industries, IB can help to avoid conflicts of interest and safeguard internal information between users and organizational areas.
When IB policies are in place, users who shouldn't communicate or share files with other specific users won't be able to find, select, chat, or call those users. IB policies automatically put checks in place to detect and prevent unauthorized communication and collaboration among defined groups and users. IB policies are independent from compliance boundaries for eDiscovery investigations that control user content locations that eDiscovery managers can search.
IB policies can allow or prevent communication and collaboration between groups and users for the following example scenarios:
- Users in the Day Trader group shouldn't communicate or share files with the Marketing Team
- Instructors in one school shouldn't be able to communicate or share files with students in another school in the same school district.
- Finance personnel working on confidential company information shouldn't communicate or share files with certain groups within their organization
- An internal team with trade secret material shouldn't call or chat online with users in certain groups within their organization
- A research team should only call or chat online with a product development team
- A SharePoint site for Day Trader group shouldn't be shared or accessed by anyone outside of the Day Trader group
Important
Information barriers only supports two-way communication and collaboration restrictions. For example, a scenario where Marketing can communicate and collaborate with Day Traders, but Day Traders cannot communicate and collaborate with Marketing isn't supported.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.
In Microsoft Teams, IB policies determine and prevent the following kinds of unauthorized communication and collaboration:
- Searching for a user
- Adding a member to a team
- Starting a chat session with someone
- Starting a group chat
- Inviting someone to join a meeting
- Sharing a screen
- Placing a call
- Sharing a file with another user
- Access to a file through sharing a link
If the users conducting these activities in Microsoft Teams are included in an IB policy to prevent the activity, they won't be able to proceed. In addition, everyone included in an IB policy can be potentially blocked from communicating with other users in Microsoft Teams. When users affected by IB policies are part of the same team or group chat, they may be removed from those chat sessions and further communication with the group may not be allowed.
For more information, see information barriers in Microsoft Teams.
In SharePoint and OneDrive, IB policies detect and prevent the following kinds of unauthorized collaboration:
- Adding a member to a site
- Accessing site or content by a user
- Sharing site or content with another user
- Searching a site
For more information, see Information barriers in SharePoint and Information barriers in OneDrive.
IB policies aren't available to restrict communication and collaboration between groups and users in email messages. Only Exchange Online deployments are currently supported for IB policies. If your organization needs to define and control email communications, consider using Exchange mail flow rules.
If your organization is in single or multi-segment mode, information barriers is no longer based on Exchange Online Address Book Policies (ABPs). Organizations using ABPs will not have any impact to the existing ABPs when enabling information barriers. If there's no ABP defined for users with associated IB segments and policies, an ABP is automatically created with empty address lists for these users. You can change these ABPs as needed. We recommend that your ABPs are consistent with the segments you configure in information barriers. You should try to avoid user visibility differences between your existing ABPs and your new information barriers configuration.
If your organization is in legacy mode, IB policies are based on Exchange Online Address Book Policies (ABPs). ABPs allow organizations to virtually assign users into specific groups in order to provide customized views of the organization's global address book (GAL). When IB policies are created, ABPs for the policies are automatically created. As IB policies are added in your organization, the structure and behavior of your GAL will change to comply with IB policies.
Before you define and apply IB policies, you must remove all existing Exchange address book policies in your organization. IB policies are based on address book policies and existing ABPs policies aren't compatible with the ABPs created by IB. To remove your existing address book policies, see Remove an address book policy in Exchange Online. Once IB policies are enabled and if you have hierarchical address book enabled, all users not included in an IB segment will see the hierarchical address book in Exchange online.