Basic concepts of information barriers

  • 8 minutes

Microsoft Purview is a comprehensive set of solutions that can help your organization govern, protect, and manage data, wherever it lives. If you aren’t familiar with the basic concepts, learn about Microsoft Purview in this article.

Microsoft 365 enables communication and collaboration across groups and organizations and supports ways to restrict communication and collaboration among specific groups of users when necessary. This requirement might include situations or scenarios where you want to restrict communication and collaboration between groups to avoid a conflict of interest or to safeguard information between users and educational areas.

Microsoft Purview Information Barriers (IB) is a compliance solution that allows you to restrict two-way communication and collaboration between groups and users in Microsoft Teams, SharePoint, and OneDrive. A compliance administrator or IB administrator can define policies to allow or prevent communication between groups of users in Microsoft Teams.

When IB policies are in place, users who shouldn't communicate or share files with other specific users won't be able to find, select, chat, or call those users. IB policies automatically put checks in place to detect and prevent unauthorized communication and collaboration among defined groups and users.

In this video, we cover a walkthrough of how IB works:

Segments and policies

Segments and policy comprise the basis of IB:

  • Segment: A segment is a group of users defined by a set of properties. Each segment has a filter that tells Entra what accounts come within its scope.
  • Policy: IB policies work by either allowing or blocking segments from communicating with each other.

The following examples are suggested topologies for education tenants that illustrate how IB can be implemented.

Topology 1: Schools isolated and collaboration enabled for teachers

In this first topology for a mega tenant, teachers are in one segment so they can collaborate and communicate with each other. Each teacher is also part of their school segment, so they can work with the students in that school.

A student in one school can’t see the teachers or the students in other schools within the same tenant.

A diagram of a school environment showing teacher access to all but segmented access based on the school.

Topology 2: Stages isolated per age and the staff enabled for collaboration

For smaller schools, we can separate students by age or by level to avoid interaction between older and younger students. Teachers work with only the students in their segment in addition to the rest of the staff and management.

A diagram of segmentation based on age designation.

Topology 3: Completely isolated schools

You can isolate schools, students, and teachers to avoid visibility and communication between them, as if they were completely different environments, allowing only the management layer to share resources.

A diagram of segmentation based on completely isolated schools.