Creating information barrier policies will require you to work with user account attributes, you’ll have to create segments, you’ll have to specify 'block' and 'allow' policies, and you’ll have to configure policy application.

The user account attributes that you need to work with are defined in Azure Active Directory, or in Exchange Online. These attributes will include things like the department a user works in, maybe their job title, their location, other job profile details.

The segments that I referred to are simply different sets of users that you define in the Microsoft Purview compliance portal. These segments are created by using a selected user account attribute. The URL on your screen provides a list of all supported attributes.

The information barrier policies that you create will determine the communication limits or restrictions that are put into place. You can create Block policies, and you can create Allow policies. The Block policies, as you might have guessed, are used to prevent one segment of users from communicating with another segment; while the Allow policies, on the other hand, allow one segment to communicate with only certain other segments.

Once you’ve defined all of your necessary information barrier policies, you apply them.

The overall workflow starts with Step 1: Prerequisites.

Before you can begin leveraging information barrier policies, you need to meet several prerequisites. These are listed onscreen. Notice that you need to verify that you have the required licenses and permissions, and that your directory includes the data you need for segmentation of users. You also need to enable search by name for Microsoft Teams, and you need to ensure audit logging is turned on.

Other prerequisites that need to be met include ensuring that there are no Exchange address book policies in place, and you need to provide admin consent for Microsoft Teams.

• Verify that you have the required licenses and permissions
• Verify that your directory includes data for segmenting users
• Enable search by name for Microsoft Teams
• Make sure audit logging is turned on
• Make sure no Exchange address book policies are in place
• Use PowerShell (examples are provided)
• Provide admin consent for Microsoft Teams (steps are included)

After addressing all the prerequisites in Step 1, you can move onto Step 2: Segmenting Users

To segment your users, you need to determine what policies are needed, and you need to create a list of the segments you wish to define. To do this, you’ll need to identify the attributes you’ll need to use, and you’ll want to define your segments in terms of policy filters.

• Determine what policies are needed
• Make a list of segments to define
• Identify which attributes to use
• Define segments in terms of policy filters

After you’ve segmented your users, you move onto Step 3: Defining Information Barrier Policies.

At this point, you can define your policies. You can define Allow policies and/or Block policies, but you don’t want to apply them until they’ve all been defined.

• Define your policies (do not apply yet)
• Choose from two kinds (block or allow)

Once your policies have been defined, you can move onto Step 4, where you apply the policies.

At this stage, you can go ahead and set your polices to active status, you can run the policy application, and you can view the policy status for your policies.

• Set policies to active status
• Run the policy application
• View policy status

The last two steps, Steps 5 and 6, are optional. In Step 5, you can configure information barriers on SharePoint and OneDrive, and in Step 6, you can update information barrier modes if necessary.