Ask Downloads
Domain 1 β€” Module 5 of 13 38%
5 of 27 overall
Domain 1: Configure and manage a Teams environment Free ⏱ ~12 min read

Information Barriers & Insider Risk

Some people in your organisation must NOT communicate with each other. Learn how information barriers enforce ethical walls and how insider risk management detects suspicious behaviour in Teams.

Walls within Teams

Simple explanation

Imagine a law firm where the merger team and the litigation team for the SAME client must never talk to each other.

Information barriers (IBs) are invisible walls inside Teams. Traders can’t chat with research analysts. M&A advisors can’t message the team advising the other side of the deal. These walls are legally required in financial services β€” and IB policies enforce them automatically.

Insider risk management is different β€” it watches for suspicious patterns. Did an employee about to resign suddenly download 500 files from Teams? Did someone start sending confidential files to a personal email? Insider risk detects these patterns and alerts the compliance team.

Information barriers

How IB works in Teams

IB policies use segments β€” groups of users defined by attributes (like department, job title, or custom attributes in Entra ID). You then create policies that define which segments are blocked from communicating.

What IBs block in Teams:

  • 1:1 and group chats
  • Calls (voice and video)
  • Adding members to a team or channel
  • Meeting invitations (blocked users can’t be invited together)
  • User search (blocked users don’t appear in search results)
  • File sharing in Teams chats

Setting up information barriers

  1. Define segments in Microsoft Purview β†’ Information barriers β†’ Segments

    • Example: β€œTrading Desk” = users where Department = Trading
    • Example: β€œResearch Analysts” = users where Department = Research

  2. Create IB policies β†’ Policies β†’ Define block/allow rules

    • β€œTrading Desk” Block communication with β€œResearch Analysts”
    • This is bidirectional β€” both sides are blocked

  3. Apply the policies β†’ Run the policy application process

    • This triggers compliance checks across existing Teams memberships
    • Users who violate the policy are automatically removed from teams/chats they shouldn’t be in
Scenario: Nadia's ethical walls at Sterling Financial

Sterling Financial has three trading desks and a research department. Regulators require β€œethical walls” (Chinese walls) between them:

Segments:

  • Equity Trading (50 users)
  • Fixed Income Trading (30 users)
  • Research Analysts (20 users)
  • Compliance (10 users β€” must communicate with everyone)

IB Policies:

  • Equity Trading BLOCK Research Analysts
  • Fixed Income Trading BLOCK Research Analysts
  • Compliance ALLOW all segments (compliance is exempt)

What happens:

  • A trader tries to add a research analyst to a Teams group chat β†’ blocked
  • A research analyst searches for a trader in Teams β†’ trader doesn’t appear in results
  • Compliance officer Elena invites both a trader and analyst to separate 1:1 chats β†’ allowed (Elena can talk to both, but they can’t talk to each other)
  • An existing team that accidentally has both traders and analysts β†’ IB policy application removes the violating members automatically

IB prerequisites and licensing

  • Licence: Microsoft 365 E5, E5 Compliance, or Information Barriers add-on
  • Entra ID attributes must be populated (department, job title, etc.) β€” segments use these
  • Scoped directory search must be enabled in Teams
  • IB policies take up to 24 hours to fully propagate after application
  • IBs work across Teams, SharePoint, and OneDrive β€” not just Teams in isolation

Insider risk management

What it detects

Insider risk management monitors for patterns like:

Risk CategoryExample SignalsTeams Relevance
Data theft by departing employeeMass file downloads, external sharing spike before resignationTeams files shared to external parties
Data leaksSensitive files shared to personal accounts, printing spikesTeams messages containing sensitive info sent to external chats
Security policy violationsAccessing restricted sites, using unmanaged devicesAccessing Teams from non-compliant devices (combined with CA signals)
Patient data misuse (healthcare)Accessing records outside of care assignmentTeams discussions about patients outside authorised channels

Exam tip: Insider risk management does NOT read message content by default. It analyses metadata and patterns β€” who’s sharing, how much, when. Content-level monitoring requires communication compliance to be enabled separately.

Communication compliance

Communication compliance specifically monitors message content in Teams:

  • Offensive language detection β€” profanity, harassment, threats
  • Regulatory compliance β€” financial advice, insider trading language, HIPAA references
  • Sensitive information β€” similar to DLP but focused on pattern detection over time
  • Custom keyword policies β€” specific terms your organisation defines
  • Copilot-generated summaries β€” flag messages for reviewer without reading full conversations
Teams compliance features comparison
FeatureWhat It MonitorsHow It WorksKey Difference
Information barriersCommunication between specific groupsBlocks communication between defined segmentsPreventive β€” stops communication before it happens
Insider risk managementUser behaviour patterns (metadata)Machine learning detects anomalous activity patternsDetective β€” identifies risky patterns after they start
Communication complianceMessage content (text)Scans messages against policies, flags for reviewerDetective β€” monitors content for policy violations
DLPSensitive information typesReal-time scan and block/warnPreventive β€” blocks sensitive data in real-time

🎬 Video walkthrough

Flashcards

Question

What do information barriers block in Teams?

Click or press Enter to reveal answer

Answer

Chats, calls, meeting invitations, team/channel membership, user search, and file sharing between defined segments. Blocked users can't even find each other in Teams search.

Click to flip back
Question

What's the difference between information barriers and DLP?

Click or press Enter to reveal answer

Answer

IBs are preventive walls between groups β€” they block ALL communication between segments regardless of content. DLP scans message content for specific sensitive information types and blocks/warns based on what's shared, not who's sharing.

Click to flip back
Question

Does insider risk management read Teams message content?

Click or press Enter to reveal answer

Answer

No β€” by default it analyses metadata and behaviour patterns (who, how much, when). Content-level message monitoring requires communication compliance to be enabled separately.

Click to flip back

Knowledge Check

Knowledge Check

Sterling Financial's regulators require that equity traders and research analysts cannot communicate in any Microsoft 365 service. What should Nadia configure?
Knowledge Check

A compliance officer at Sterling Financial notices that a trader who submitted their resignation last week has been downloading unusually large volumes of files from Teams channels. Which feature would BEST detect this pattern?

Next up: Update Policies & Policy Packages β€” how to control Teams client updates and bundle policies into ready-made packages for different user groups.