Information barriers (IBs) are policies that an admin can configure to prevent individuals or groups from communicating with each other. IBs are useful if, for example, one department is handling information that shouldn't be shared with other departments. IBs are also useful when a group needs to be isolated or prevented from communicating with anyone outside of that group.
For Microsoft Teams, information barriers can determine and prevent the following kinds of unauthorized collaborations:
- Adding a user to a team or channel
- User access to team or channel content
- User access to 1:1 and group chats
- User access to meetings
- Prevents lookups and discovery, users will not be visible in the people picker.
Managing information barrier policies
IB policies are managed in the Microsoft 365 Compliance Center (SCC) using PowerShell cmdlets. For more information. You can define policies that are designed to prevent certain segments of users from communicating with each other or allow specific segments to communicate only with certain other segments. Information barrier policies can help your organization maintain compliance with relevant industry standards and regulations, and avoid potential conflicts of interest.
Admin consent for information barriers in Microsoft Teams
When your IB policies are in place, they can remove non-IB compliance users from Groups (i.e. Teams channels, which are based on groups). This configuration helps ensure your organization remains compliant with policies and regulations. Use the following procedure to enable information barrier policies to work as expected in Microsoft Teams.
-
Prerequisite: Install Azure Active Directory PowerShell for Graph.
-
Run the following PowerShell cmdlets:
Connect-AzureAD -Tenant "<yourtenantdomain.com>" //for example: Connect-AzureAD -Tenant "Contoso.onmicrosoft.com"
$appId="bcf62038-e005-436d-b970-2a472f8c1982"
$sp=Get-AzureADServicePrincipal -Filter "appid eq '$($appid)'"
if ($sp -eq $null) { New-AzureADServicePrincipal -AppId $appId }
Start-Process "https://login.microsoftonline.com/common/adminconsent?client_id=$appId"
3. When prompted, sign in using your work or school account for Office 365.
4. In the Permissions requested dialog box, review the information, and then choose Accept. The permissions requested by the App is given below.
When all the prerequisites are met, proceed to the next steps as mentioned in another KB 'Get Started with Information Barriers'
Comments
0 comments
Please sign in to leave a comment.