These are guidelines that need to be set up by a Microsoft Teams Administrator in order to regulate communications and collaborations between different groups within an organization. In the context of the MS-700 exam – Managing Microsoft Teams – a thorough understanding of how to plan and enforce Information Barrier policies is vital.
Information Barrier Policies: The Basics
An Information Barrier (IB) policy is used to prevent or allow communications among designated user segments. User segments can be defined based on attributes such as department, job title, or location. For instance, a company may want to restrict conversations between departments handling sensitive client material, or between higher management and lower-level employees.
Information Barriers are applicable in scenarios such as:
- One-on-One chats
- Group chats
- Team channels
- Sharing files in chats
- Sharing files in channels
Information Barrier policies can be used to:
- Allow communications and collaborations (Permissive policies)
- Block communications and collaborations (Restrictive policies)
Take note that Teams honors the most restrictive policy. If there’s a conflict between two policies, Teams will enact the policy that restricts communication.
Planning Information Barrier Policies
When planning the implementation of Information Barrier policies, here are a few key steps to consider:
- Identify user segments: Define groups or segments based on attributes such as location, department, or job title.
- Define policies: Identify the types of communications that should be regulated amongst these segments and create clear guidelines on what is permitted or restricted.
- Plan for policy conflicts: Teams honors the most restrictive policy. Therefore, it’s important to plan for potential policy overlaps to avoid unintended communication blocks.
- Communicate policies to your team: Make sure all team members are aware of the policies and understand what they can and cannot do.
Applying Information Barrier Policies
Only global admins and Teams service administrators who are familiar with PowerShell can create IB policies. Here’s the step-by-step process:
- Activate Information Barrier policies: Using PowerShell, select ‘Turn on Information Barriers’.
- Define segments: Define user attributes to segment users. For instance, to segment users based on departments:
$Segment1 = New-InformationSegment -SegmentName "HR Department" -UserAttribute @{Department ="HR"}
- Apply Information Barrier policies: Apply the appropriate IB policy, either to allow or restrict communication. To allow communication between segments:
New-InformationBarrierPolicy -Name "Allow HR-IT communication" -AssignedSegment "HR Department" -SegmentsAllowedToCommunicateWith "IT Department"
To block communication:
New-InformationBarrierPolicy -Name "Block HR-Finance communication" -AssignedSegment "HR Department" -SegmentsBlockedFromCommunicatingWith "Finance Department"
- Verify and resolve policy conflicts: Use the ‘Check InformationBarrierPolicy’ cmdlet to find and resolve conflicts:
Check-InformationBarrierPolicy -Identity "Block HR-Finance communication"
Information Barrier policies help maintain compliance and security in Microsoft Teams. As a prospective Teams Administrator preparing for the MS-700 exam, honing your ability to plan and implement these policies is crucial. Make sure to refer to Microsoft documentation and practice in a real or simulated environment to master these skills.
Practice Test
True or False: The control of information barriers in Microsoft Teams is dependent on licensing and configuration of Microsoft 365 or Office
Answer: True
Explanation: Licensing and configuration of Microsoft 365 or Office 365 are prerequisites for managing information barrier policies in Microsoft Teams.
What functionality does an information barrier policy provide in Microsoft Teams?
- A) Limitations on document collaboration
- B) Restrictions on communication and collaboration with certain members or groups
- C) Restrictions on file sharing
- D) Forced log out of idle users
Answer: B) Restrictions on communication and collaboration with certain members or groups
Explanation: Information barriers are policies that an admin can configure to prevent certain members or groups from initiating communication with each other in Microsoft Teams.
True or False: In Microsoft Teams, an admin cannot manually define information barrier policies.
Answer: False
Explanation: An admin can define information barriers to prevent certain segments of users from communicating with others. This is a crucial feature for maintaining compliance in many organizations.
Which of the following is not a step for setting up information barrier policies in Microsoft Teams?
- A) Define policies in the Teams admin center
- B) Identify segments of users
- C) Download the Teams mobile app
- D) Turn on information barriers
Answer: C) Download the Teams mobile app
Explanation: While downloading the Teams mobile app might be a step in the overall process of utilizing Microsoft Teams, it is not directly related to setting up information barrier policies.
An organization needs to prevent group A from communicating with group B. Can they accomplish this with information barrier policies?
Answer: Yes
Explanation: Information barrier policies in Microsoft Teams are designed to limit or block communication between specific groups of users.
True or False: Information barrier policies can be layered, meaning one user can follow multiple policies at the same time.
Answer: True
Explanation: Multiple information barrier policies can indeed apply to a single user, allowing for nuanced controls of user interactions.
Information barrier policies can control which of the following types of communications in Teams?
- A) Chat
- B) Voice
- C) Screen Sharing
- D) All of the above
Answer: D) All of the above
Explanation: Information barrier policies can control all these types of communication between users in Microsoft Teams.
True or False: Once an information barrier policy is established, an admin can no longer change it.
Answer: False
Explanation: Admins can update or eliminate information barrier policies at any time.
True or False: For information barriers to function, the Exchange Online mailbox must be hosted in the cloud.
Answer: True
Explanation: For information barriers to work, the Exchange Online mailbox of the user must be hosted in the cloud. This is due to how the different Microsoft services interact with each other.
System administrators can use information barrier policies to prevent members of a specific department from collaborating with which of the following in Microsoft Teams?
- A) Members of another department
- B) External users
- C) Both A and B
- D) None of the above
Answer: A) Members of another department
Explanation: Information barriers are intended to prevent internal groups from collaborating with each other based on compliance requirements. They do not govern interactions with external users.
Interview Questions
What are information barrier policies in Microsoft Teams?
Information barrier policies are policies that an administrator can configure to prevent certain segments of users from communicating with each other on Microsoft Teams.
Why would an organization want to create information barrier policies?
Information barrier policies are created by organizations to restrict communication and collaboration between certain groups to avoid conflicts of interest, insider trading, or other regulatory risks.
What is the first step to implement information barrier policies in Microsoft Teams?
The first step to implement information barrier policies in Microsoft Teams is to define segments in the Security & Compliance center.
How can an administrator create information barrier policies?
An administrator can create information barrier policies from the Microsoft 365 compliance center by visiting the Information barriers page and following the suggested steps to define policies.
What user permissions are required to create information barrier policies?
To create Information barrier policies, you need to have Microsoft 365 Global Administrator or Compliance Administrator permissions.
What happens if someone tries to violate an information barrier policy?
If someone tries to violate an information barrier policy, the action will be blocked and a policy violation report will be recorded.
Can information barrier policies in Teams be used to block file sharing?
No. Information barrier policies only control chat, calling, and meetings. Other features like file sharing are not controlled by information barrier policies.
How many segments can be created when setting up information barrier policies?
According to Microsoft’s documentation, up to 100 segments can be created for information barrier policies.
How can you validate that an information barrier policy is working as expected?
You can validate an information barrier policy by running a test user communication in which one user from each segment tries to start a chat or establish communication.
How can you edit an existing information barrier policy?
You can edit an existing information barrier policy in the Microsoft 365 compliance center. Go to the ‘Information barriers’ page, and select the policy you want to adjust.
Can you delete an information barrier policy?
Yes, you can delete an information barrier policy. However, the deletion might take up to 24 hours and during that time the policy effects will remain in place.
Can external users be added to segments in information barrier policies?
No, you cannot add external users or guests to the segments. It only includes internal users of an organization.
Can you assign a user to multiple segments in an information barrier policy?
No, a user can belong only to one segment. You must ensure that the user is removed from any existing segment before adding them to a new one.
Can you create an information barrier policy that only applies to certain types of communication like calling or meetings?
No. Information barrier policies created in Teams apply to all types of communication including chat, calling, and meetings. You cannot decide to apply them to only one type.
Is there any prerequisite for setting up information barrier policy?
Yes. Before you set up information barriers, you must have Office 365 or Microsoft 365 E5, Office 365 E3 with the E5 Compliance add-on, or Microsoft 365 E5 Information Protection and Compliance.