Phase | What’s involved |
Prerequisites | Verify that you have the required licenses and permissions |
Verify that your directory includes data for segmenting users | |
Enable scoped directory search for Microsoft Teams | |
Make sure audit logging is turned on | |
Remove Address book policies | |
Provide admin consent for Microsoft Teams using PowerShell. | |
Part 1: Segment UAT users | Define UAT users and groups for IB segments |
Identify which attributes to use for UAT segments | |
Define UAT segments for IB policies | |
Part 2: Define UAT IB policies | Define UAT IB Policies |
Part 3: Apply UAT IB policies | Set UAT IB policies to active status |
Monitor and Test UAT IB policy | |
Troubleshoot UAT IB policy if needed | |
Part 4: Segment PROD users | Define PROD users and groups for IB segments |
Identify which attributes to use for PROD segments | |
Define PROD segments for IB policies | |
Part 5: Define PROD IB policies | Define PROD IB Policies |
Part 6: Apply PROD IB policies | Set PROD IB policies to active status |
Monitor and Test PROD IB policy | |
Troubleshoot PROD IB policy if needed |
Microsoft 365 E5/A5 |
Office 365 E5/A5 |
Office 365 Advanced Compliance |
Microsoft 365 Compliance E5/A5 |
Microsoft 365 Insider Risk Management |
Targeted users for IB must have an EXO license |
Remove an address book policy in Exchange Online | Microsoft Docs
Turn audit log seaTurn audit log search on or off – Microsoft 365 Compliance | Microsoft Docs
rch on or off – Microsoft 365 Compliance | Microsoft Docs
Admin consent for information barriers in Microsoft Teams – When your IB policies are in place, they can remove non-IB compliance users from Groups (i.e. Teams channels, which are based on groups). This configuration helps ensure your organization remains compliant with policies and regulations. Use the following procedure to enable information barrier policies to work as expected in Microsoft Teams. |
Run the following PowerShell cmdlets: |
Connect-AzAccount -Tenant “<yourtenantdomain.com>” //for example: Connect-AzAccount -Tenant “Contoso.onmicrosoft.com” |
$appId=”bcf62038-e005-436d-b970-2a472f8c1982″ |
$sp=Get-AzADServicePrincipal -ServicePrincipalName $appId |
if ($sp -eq $null) { New-AzADServicePrincipal -ApplicationId $appId } |
Start-Process “https://login.microsoftonline.com/common/adminconsent?client_id=$appId” |
UAT Block policies will be deployed |
<insert policy names here> |
<insert policy names here> |
<insert policy names here> |
<insert policy names here> |
<insert policy names here> |
<insert policy names here> |
UAT Segments |
Company Names will be used to define segments |
<insert segment names here> |
<insert segment names here> |
<insert segment names here> |
<insert segment names here> |
<insert segment names here> |
<insert segment names here> |
Define information barrier policies – Microsoft 365 Compliance | Microsoft Docs |
UAT Security Groups will be used for scoping of users so the UAT IB policy will use MemberOf attribute |
<insert security group names here> |
<insert security group names here> |
PROD Block policies will be deployed |
<insert policy names here> |
<insert policy names here> |
<insert policy names here> |
<insert policy names here> |
<insert policy names here> |
<insert policy names here> |
PROD Segments |
Company Names will be used to define segments |
<insert segment names here> |
<insert segment names here> |
<insert segment names here> |
<insert segment names here> |
<insert segment names here> |
<insert segment names here> |
Define information barrier policies – Microsoft 365 Compliance | Microsoft Docs |
PROD Security Groups will be used for scoping of users so the PROD IB policy will use MemberOf attribute |
|
<insert security group names here> |
<insert security group names here> |
Loading...