Step-by-Step Guide: How to Create and Use Microsoft 365 Info Barriers

Microsoft 365 Information Barriers (IB) are a powerful compliance feature used to restrict communication and collaboration between specific groups of users. Here’s a detailed step-by-step guide on how to set up and use Info Barriers.

---

Prerequisites

Before setting up Info Barriers, ensure the following:

• Microsoft 365 Compliance Licenses: You need an appropriate license, such as Microsoft 365 E5, Microsoft 365 E5 Compliance, or Microsoft 365 Insider Risk Management.
• Permissions: You need to be a global administrator or compliance administrator to set up Info Barriers.
• Azure Active Directory (Azure AD): User attributes in Azure AD are required to define the groups or segments for info barrier policies.

Step 1: Plan Your Info Barriers

Before configuring info barriers, outline the following:

1. Identify Groups to Segment: Identify the groups or departments that must be restricted from communicating with each other. These segments will be created based on Azure AD attributes like department, location, or roles.
   • Example: You might want to block communication between “Trading” and “Research” departments in a financial firm.
2. Define Communication Rules: Decide whether communication should be allowed or blocked between specific groups. You can create both Allow Policies (defining who can communicate) and Block Policies (defining who cannot communicate).

---

Step 2: Set Up Segments in Microsoft 365

Segments are collections of users grouped by common characteristics in Azure AD. You’ll create segments to define which users can or cannot interact.

1. Access the Microsoft 365 Compliance Center

• Go to the Microsoft 365 Compliance Center.
• Sign in with your admin credentials.

2. Navigate to Information Barriers

• In the Compliance Center, select Information Barriers under the Solutions section.

3. Create Segments

Segments are created based on Azure AD attributes (such as Department, Geography, or Role).

• Click on Segments.
• Click + Add Segment to create a new segment.Steps to Create a Segment:
  1. Segment Name: Enter a name that describes the segment (e.g., “Research”).Define Segment: Define the segment by filtering users based on Azure AD attributes. For example:
     • Department equals “Research”Location equals “London”
• Step 3: Create Info Barrier Policies
  Once the segments are defined, you can create Info Barrier policies that dictate how users in these segments can communicate.
  1. Navigate to Policies in Information Barriers
  Go back to Information Barriers.
  Click on Policies.
  2. Create a New Policy
  Click + Add Policy to create a new info barrier policy.
  Steps to Create a Policy:
  Policy Name: Enter a name for the policy (e.g., “Block Trading-Research Communication”).
  Policy Type: Choose whether it’s an Allow Policy or Block Policy.
  Define the Segments: Define which segments the policy applies to:Block Policy Example:”Trading” is restricted from communicating with “Research.”
  Allow Policy Example:”HR” is allowed to communicate with “Finance.”
  3. Define Policy Rules
  For a Block Policy: Select the source segment (e.g., “Trading”) and the target segment (e.g., “Research”). This policy will block communication between these two segments.
  For an Allow Policy: Define the segments that are allowed to communicate with each other.
  4. Save and Apply the Policy
  After defining the segments and rules, click Save to create the policy.
  The policy will then be applied to the segments and enforced across Microsoft 365 services.
  
  Step 4: Monitor and Enforce Info Barrier Policies
• 
  Once your Info Barrier policies are in place, Microsoft 365 will automatically enforce them across multiple services, including Microsoft Teams, SharePoint, OneDrive, and Exchange.
  Monitoring:
  Go to the Information Barriers section in the Microsoft 365 Compliance Center to review existing policies and segments.
  You can monitor and adjust policies as necessary based on changes in organizational structure or regulatory requirements.
  Policy Enforcement:
  Users will see error messages if they try to communicate with individuals or groups restricted by the Info Barriers.
  Blocked communications apply to:Teams: Users in blocked segments cannot chat, call, or collaborate in Teams channels.
  SharePoint/OneDrive: Restricted users cannot share files or access shared content.
  Exchange: Emails sent between users in blocked segments will be blocked.
  
  Step 5: Testing Info Barriers
  To ensure that Info Barriers are working as expected, you can test the policies by attempting to communicate between restricted segments.
  1. Test in Microsoft Teams:
  Try to start a chat between a user in the “Trading” department and a user in the “Research” department. If the Info Barrier policy is applied correctly, the chat will be blocked, and the user will receive an error message such as:”Your organization has set a policy preventing you from communicating with this user.”
  2. Test in SharePoint or OneDrive:
  Attempt to share a file with a restricted user. The sharing option should be unavailable or blocked.
  3. Test in Exchange Online:
  Send an email between users in blocked segments. The email should be blocked, and the sender will receive a non-delivery report (NDR) explaining that communication is restricted due to policy.
  
  Step 6: Managing and Adjusting Policies
  If you need to update or remove policies:
  Adjust Policies:Go back to the Policies section in Information Barriers.
  Select the policy you want to modify, and make the necessary changes to the segments or rules.
  Remove Policies:If a policy is no longer needed, you can delete it by selecting the policy and clicking Delete.
  
  Step 7: Compliance and Reporting
  Admins can use compliance tools in Microsoft 365 to audit and review Info Barrier enforcement:
  Review Policy Enforcement Logs:
  Use the Audit Logs and Reports sections in the Compliance Center to track how Info Barriers are being applied across your organization.
  You can generate reports to see which communications were blocked and ensure that policies are functioning as expected.
  Maintain Compliance:
  Continuously review and update your Info Barrier policies to ensure they remain compliant with evolving regulatory requirements and internal policies.
  
  Microsoft 365 Info Barriers provide an essential layer of security and compliance by controlling communication and collaboration between segmented groups within an organization. By following these steps, you can set up and manage Info Barriers effectively, ensuring that your organization adheres to industry regulations, protects sensitive information, and mitigates risks of conflicts of interest.