Skip to Content
SecurityInformation Barriers

Information Barriers

Configure policies that restrict communication and collaboration between specific groups of users. Information barriers help prevent conflicts of interest, protect confidential information, and maintain regulatory compliance in financial services, legal, and other regulated industries.

Note: Information Barriers requires Microsoft 365 E5, Microsoft 365 E5 Compliance, or Office 365 E5 licensing for affected users.

How Information Barriers Work

Information barriers enforce communication restrictions across Microsoft 365:

Microsoft Teams

  • Block 1:1 and group chats
  • Prevent adding to teams/channels
  • Block calls and meetings

SharePoint and OneDrive

  • Block file sharing between segments
  • Prevent site membership
  • Restrict access to sites

Exchange Online

  • Block email communication
  • Hide from global address list
  • Prevent calendar sharing

People Discovery

  • Remove from people search
  • Hide from org chart
  • Block profile viewing

Segments

What are Segments?

Segments are groups of users defined by attributes like department, location, or custom attributes. Users can belong to only one segment. Segments are used as the building blocks for information barrier policies.

Segment Attributes

Define segments using these Azure AD/Entra ID attributes:

  • Department — HR, Sales, Legal, etc.
  • Job Title — Based on title attribute
  • Member Of — Security group membership
  • Office — Physical office location
  • Company — Company name attribute
  • Custom Attribute — ExtensionAttribute 1-15

Policies

Block Policy

Prevents communication between two segments. Users in Segment A cannot communicate with users in Segment B, and vice versa.

Example: Investment Banking cannot communicate with Research Analysts

Allow Policy

Explicitly allows communication between two segments. Use when you have a block policy but need exceptions.

Example: Compliance can communicate with all segments

Policy Combinations

Policies work in combination. Common patterns:

  • Chinese Wall — Block between competing departments (e.g., M&A and Sales)
  • Ethical Wall — Block between research and investment teams
  • Hub and Spoke — Central team (Compliance) can talk to all, others are blocked

Creating Policies

  1. Define Segments — Create segments based on user attributes. Ensure users are properly categorized in Azure AD.
  2. Create Policies — Define block or allow rules between segments. Each policy has a source segment and target segments.
  3. Validate Configuration — Review the policy matrix to ensure no unintended blocking. Check for users not covered by any segment.
  4. Apply Policies — Start policy application. Takes up to 24 hours to fully apply across all Microsoft 365 services.
  5. Monitor and Adjust — Review audit logs for policy impacts. Address user complaints about blocked communications.

Policy Matrix

The policy matrix shows communication allowance between all segments:

SalesResearchBankingCompliance
SalesAllowedBlockedAllowedAllowed
ResearchBlockedAllowedBlockedAllowed
BankingAllowedBlockedAllowedAllowed
ComplianceAllowedAllowedAllowedAllowed

Use Cases

Financial Services (Chinese Wall)

Separate investment banking, trading, and research teams to prevent insider trading and conflicts of interest. Required by SEC and FINRA.

Separate legal teams working on opposing sides of a matter. Prevent inadvertent disclosure of privileged information.

Education (FERPA)

Separate student records access. Prevent staff from accessing records they don’t need for their role.

Government (Classification)

Separate users with different security clearances. Prevent communication of classified information.

Best Practices

  • Plan segments carefully — Ensure Azure AD attributes are accurate before creating segments.
  • Start with a pilot — Test policies with a small group before organization-wide deployment.
  • Cover all users — Ensure every user belongs to exactly one segment to avoid gaps.
  • Document business justification — Keep records of why each policy exists for audit purposes.

API Reference

  • GET /api/security/info-barriers/segments — List all segments
  • GET /api/security/info-barriers/policies — List all information barrier policies
  • POST /api/security/info-barriers/segments — Create a new segment
  • POST /api/security/info-barriers/policies — Create a new policy
  • POST /api/security/info-barriers/apply — Apply policy changes
Last updated on
Improvement ActionsAccess Reviews