Create segments and policies

  • 4 minutes

After you verified the installed version of Information Barriers (IB), you are ready to create segments and policies.

Create segments

A segment is a group of users defined by a set of properties. Each segment has a filter that tells Entra what accounts come within its scope.

To create a segment:

  1. In a browser, navigate to https://compliance.microsoft.com/ibsegments, select New segment, and then Next.

  2. Establish the condition for the segment to be created.

    • Use any of the attributes of a user in Entra, even extended ones.
    • You can also use the condition "Member Of" that will use the membership of a Security Group as a condition to be part of the segment.

A screenshot of how to add a user group filter by choosing Member of and then pasting the tenant ID.

Important

This must be a security group, only. The membership of the original security group must be only users. Nested groups, as members, won't work.

Create policies

IB policies work by either allowing or blocking segments from communicating with each other.

To create a policy:

  1. In a browser, navigate to https://compliance.microsoft.com/ibpolicies, select Create policy, add a name, and select Next.

  2. Next, select the segment where the policy is to be applied. Select Next. A screenshot showing how to add assigned segment details.

  3. Select the option for allowing or blocking communication and collaboration.

  4. Choose Allow.

  5. Choose a segment. Select the same segment so that the users in this segment can only communicate and collaborate with the users in the same segment.

  6. Set the policy status to Active. A screenshot showing the Create policy page with summary information.

Apply the policies

Navigate to Policy application – Microsoft Purview and apply the policies.

Note

It takes time for the policies to propagate, depending on the number of segments and policies created. Once the status changes to “Completed,” it’s recommended to wait 24 hours before testing.