Getting Started with Microsoft Purview Information Barriers
In this course, you'll gain a basic understanding of what Information Barriers are and how to create them with Information Barrier Policies.
- Microsoft Purview Information Barriers
- Configuring Information Barrier Policies
- This course is intended for those who wish to learn about Information Barriers and Information Barrier Policies.
You should have a general familiarity with Microsoft 365.
Creating information barrier policies will require you to work with user account attributes, you’ll have to create segments, you’ll have to specify 'block' and 'allow' policies, and you’ll have to configure policy application.
The user account attributes that you need to work with are defined in Azure Active Directory, or in Exchange Online. These attributes will include things like the department a user works in, maybe their job title, their location, other job profile details.
The segments that I referred to are simply different sets of users that you define in the Microsoft Purview compliance portal. These segments are created by using a selected user account attribute. The URL on your screen provides a list of all supported attributes.
The information barrier policies that you create will determine the communication limits or restrictions that are put into place. You can create Block policies, and you can create Allow policies. The Block policies, as you might have guessed, are used to prevent one segment of users from communicating with another segment; while the Allow policies, on the other hand, allow one segment to communicate with only certain other segments.
Once you’ve defined all of your necessary information barrier policies, you apply them.
The overall workflow starts with Step 1: Prerequisites.
Before you can begin leveraging information barrier policies, you need to meet several prerequisites. These are listed onscreen. Notice that you need to verify that you have the required licenses and permissions, and that your directory includes the data you need for segmentation of users. You also need to enable search by name for Microsoft Teams, and you need to ensure audit logging is turned on.
Other prerequisites that need to be met include ensuring that there are no Exchange address book policies in place, and you need to provide admin consent for Microsoft Teams.
- Verify that you have the required licenses and permissions
- Verify that your directory includes data for segmenting users
- Enable search by name for Microsoft Teams
- Make sure audit logging is turned on
- Make sure no Exchange address book policies are in place
- Use PowerShell (examples are provided)
- Provide admin consent for Microsoft Teams (steps are included)
After addressing all the prerequisites in Step 1, you can move onto Step 2: Segmenting Users
To segment your users, you need to determine what policies are needed, and you need to create a list of the segments you wish to define. To do this, you’ll need to identify the attributes you’ll need to use, and you’ll want to define your segments in terms of policy filters.
- Determine what policies are needed
- Make a list of segments to define
- Identify which attributes to use
- Define segments in terms of policy filters
After you’ve segmented your users, you move onto Step 3: Defining Information Barrier Policies.
At this point, you can define your policies. You can define Allow policies and/or Block policies, but you don’t want to apply them until they’ve all been defined.
- Define your policies (do not apply yet)
- Choose from two kinds (block or allow)
Once your policies have been defined, you can move onto Step 4, where you apply the policies.
At this stage, you can go ahead and set your polices to active status, you can run the policy application, and you can view the policy status for your policies.
- Set policies to active status
- Run the policy application
- View policy status
The last two steps, Steps 5 and 6, are optional. In Step 5, you can configure information barriers on SharePoint and OneDrive, and in Step 6, you can update information barrier modes if necessary.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.