Share via

Information barriers and moderated meetings

  • Applies to: Microsoft Teams

Moderated meetings in Information Barriers (IB) enables controlled interactions between users who would otherwise be restricted from communicating due to IB policies. This feature ensures that meetings occur with the presence of a designated moderator (such as a compliance admin) that oversees the interaction and ensures compliance with IB policies.

Moderated meetings in IB enable:

  • Granular control: Allows selective meetings to take place with IB-incompatible users, such as town halls or new hire orientations.
  • Moderator role: Designated moderators facilitate the meeting, ensuring that all interactions comply with IB policies.
  • Flexible user discovery: Enables users to look up and invite participants on either side of the information barrier during scheduling.
  • Compliance and security: Adheres to regulatory requirements and provides a secure environment for sensitive discussions.

Important

Your organization must be using the IBv2 architecture to use Moderated Meetings in IB. The IBv2 architecture supports flexible people discovery and the creation of a separate moderator segment. This support is required for necessary compliance and security measures in moderated interactions.

Set up moderators, segments, and policies

Setting up moderators and associated segments and policies is crucial for conducting moderated meetings where attendees from segments blocked from communicating with each other are expected to attend a common meeting.

To configure these areas, you must be assigned one of the following roles in your organization:

  • Microsoft 365 global administrator
  • Office 365 global administrator
  • Compliance administrator
  • IB Compliance Management

Additionally, all users included in Moderated Meeting must meet the following prerequisites:

  • All users and the admin must have a Microsoft 365 E5 license
  • All users scheduling a Moderated Meeting in Teams must have a Microsoft Teams Premium license.

Step 1: Define a moderators group in Microsoft Entra

Complete the following steps to define a moderators group in Microsoft Entra:

  1. Go to the Microsoft Entra admin center and navigate to Expand groups > Select all groups > Add new group

  2. For Group type, select Microsoft 365.

  3. In the Group name field, enter a name for the group

  4. In the Group email address, enter moderator. If you delete the moderators’ group or this group name isn't available use one of the following address names:

    • moderators1@<domain>.com
    • moderators2@<domain>.com

    Important

    The name of the group email ID has to contain the keyword moderator and be in stated format.

  5. In the Group description field, enter a description for the group.

  6. For Microsoft Entra roles can be assigned to this group, select No

  7. In the Membership type, select Assigned.

  8. Add owners and moderators to this group.

  9. Select Create.

The Object ID of the moderator group is used in the next step for the creation of a moderators segment in Microsoft Purview portal.

Step 2: Define the moderators segment

After a Microsoft Entra group is configured with all the needed moderators, this group is ready to configure as a new moderator segment.

Complete the following steps to define a moderators group in the Microsoft Purview portal:

  1. Go to the Microsoft Purview portal and navigate to Information barriers > Segments.
  2. Select New segment.
  3. On the Provide a segment name page, give the segment a name and then select Next.
  4. On the Add user group filter page, select Add.
  5. Select the MemberOf filter.
  6. Copy the Object ID of the group you created in Step 1 in Microsoft Entra and paste it in the Member of condition field with the Equal operator. Select Next.
  7. Review the segment details and select Submit to create the segment.

Once the segment is created, add or remove owners and moderators by updating the Microsoft Entra group. This segment updates automatically if there are any membership changes in the Microsoft Entra group.

Step 3: Create a policy for the moderator segment

The next step is to create an Allow policy for the moderator segment. This allows moderators to facilitate meetings for participants from all segments, even if they're blocked by existing IB policies.

Complete the following steps to create a policy for the moderator segment in the Microsoft Purview portal:

  1. Go to the Microsoft Purview portal and navigate to Information barriers > Policies > Policies.
  2. Select Create policy.
  3. On the Provide a policy name page, give the policy a name and then select Next.
  4. On the Add assigned segment details page, select Choose segment.
  5. Select the segment you created in Step 2, then select Add and select Next.
  6. On the Configure communication and collaboration details page, select the Allowed option.
  7. Select the Allow moderation checkbox.
  8. Add all the Segments in your organization that should participate in a moderated meeting. We recommend adding all segments in your organization, including the moderators segment creates in Step 2.
  9. Select Add and then select Next.
  10. On the Policy status page, enable Set your policy to active status and then select Next.
  11. Review the policy details and select Submit to create the policy.

To verify that the policy is applied in your organization, navigate to Information barriers > Policies > Policy applications and select Apply all policies.

Note

When you apply all policies, all existing and new policies are evaluated and you might see some validation errors. Update policies to correct any errors as needed and rerun as applicable. Applying all policies might take several hours, depending on the size of your organization.

Step 4: Setting policy configuration

Compete the following steps to change your IB mode to multi-segment and to disable the IB InformationBarrierPeopleSearchRestriction property.

  1. Start PowerShell in admin mode and use the following command to change your IB mode to multi-segment:

    Connect-IPPSSession -UserPrincipalName <compliance admin email id> 
Import-Module ExchangeOnlineManagement 
Get-PolicyConfig | fl "Information*" 
Set-PolicyConfig -InformationBarrierMode 'MultiSegment'

    Note

    If you have any Block policies configured in your organization, then multi-segment doesn't work. For multi-segment IBv2 to work, your organization must be configured with Allow policies only. All segments that aren't set to allow are blocked.

  2. To disable the InformationBarrierPeopleSearchRestriction property, use the following cmdlet:

     Set-PolicyConfig -InformationBarrierPeopleSearchRestriction 'Disabled'

To verify that multi-segment support is configured and the InformationBarrierPeopleSearchRestriction property is disabled, use the following cmdlet:

Get-PolicyConfig | fl "Information*"

Step 5: Apply policies

To apply the changes in Step 4, you must apply the policies changes again in your organization. To apply these changes in your organization, navigate to Information barriers > Policies > Policy applications and select Apply all policies.

Note

When you apply all policies, all existing and new policies are evaluated and you might see some validation errors. Update policies to correct any errors as needed and rerun as applicable. Applying all policies might take several hours, depending on the size of your organization.