Tutorial / Cram Notes
Information barriers are policies that an organization can configure to prevent certain segments of users from communicating with each other, or to allow specific group communications while blocking others. They are designed to avoid conflicts of interest within an organization by limiting information flow, and they can also help organizations comply with industry standards and regulations concerning information security and confidentiality.
Understanding Information Barriers
Information barriers are particularly relevant to industries that handle sensitive information, such as finance, legal, and healthcare. These sectors often require strict control over who can access and share information. For example, in the financial industry, regulations like the Sarbanes-Oxley Act or standards set by the Financial Industry Regulatory Authority (FINRA) may require companies to implement controls, thereby preventing insider trading or the mishandling of material non-public information between different parts of the organization.
In the context of Microsoft 365, information barrier policies can be applied to control communications between users in applications like Microsoft Teams, SharePoint Online, and OneDrive for Business. Notably, they do not apply to Exchange email communications.
How Information Barriers Work
To set up information barriers in Microsoft 365, administrators need to:
- Identify segments within the organization. Segments are groups of users who share a common attribute, such as the department they work in or the project they are working on.
- Define information barrier policies that govern interactions between the identified segments.
- Apply the policies to control communication and collaboration between these segments.
Once the information barrier policies are in place, they are enforced across Microsoft 365 services. For example, if users from Segment A are prohibited from sharing files with Segment B, then users from Segment A won’t be able to share documents with Segment B users in SharePoint or OneDrive.
Example Scenarios
-
Legal and Investment Teams:
A financial firm has separate teams for legal advisement and investment banking. To maintain compliance and avoid conflicts of interest, the firm sets up information barriers that prevent the legal team from accessing investment projects and vice versa. -
Healthcare and Research Departments:
In a healthcare institution, the research department is working on proprietary medical treatments that should not be disclosed to other departments due to competition and privacy concerns. Information barriers ensure that the researchers’ findings remain confidential within their department. -
Public and Private Projects:
A technology company is developing a product in partnership with a government agency. Engineers working on the public sector project should not communicate or share data with those working on the company’s private projects. Thus, information barriers segregate the two groups.
Impact on Collaboration
While beneficial for security and compliance, information barriers can also impact collaboration. For instance:
- Users cannot look up contact information for users in blocked segments.
- Document access and sharing capabilities are restricted between blocked segments.
- Teams’ membership can be limited to ensure that users from opposing segments cannot join a common team.
Managing Information Barriers
Application of information barriers requires careful planning and regular maintenance to ensure they remain effective and do not unduly hinder collaboration. They should be regularly reviewed and updated in response to organizational changes.
Best Practices
- Maintain a clear understanding of regulatory requirements and internal policies.
- Keep the definition of segments and policies up-to-date, reflecting any organizational changes.
- Communicate the existence and implications of information barriers to all affected employees.
In conclusion, information barriers are a critical component of an organization’s security and compliance strategy within Microsoft 365. They help in mitigating risks by ensuring that sensitive information remains confined to specific segments, protecting the integrity of data, and preserving the privacy required by regulations. However, they must be managed properly to strike a balance between security and the need for collaboration within an organization.
Practice Test with Explanation
True or False: Information barriers in Microsoft 365 are designed to prevent unrestricted access to information within an organization.
- Answer: True
Explanation: Information barriers are policies that restrict communication and collaboration between certain groups within an organization to avoid conflicts of interest or to comply with regulations.
What is the primary purpose of information barriers?
- A) To enhance collaboration between departments
- B) To enforce regulatory compliance related to information security
- C) To provide unlimited access to data
- D) To facilitate easier data sharing
Answer: B) To enforce regulatory compliance related to information security
Explanation: Information barriers are primarily used to control and restrict communication and collaboration to enforce compliance and prevent conflicts of interest.
True or False: Once information barrier policies are set up, they cannot be modified.
- Answer: False
Explanation: Information barrier policies can be modified by administrators if changes are needed to accommodate new regulatory requirements or organizational changes.
Which Microsoft 365 service utilizes information barriers?
- A) Microsoft Exchange Online
- B) Microsoft Teams
- C) SharePoint Online
- D) All of the above
Answer: D) All of the above
Explanation: Information barriers are integrated across various Microsoft 365 services, including Exchange Online, Teams, and SharePoint Online.
True or False: Information barriers only work within the same tenant in Microsoft
- Answer: True
Explanation: Information barriers are designed to work within a single tenant in Microsoft 365, not between different tenants.
Information barriers can be implemented for which groups of users?
- A) All users in a tenant
- B) Selected users based on department or project team
- C) External users only
- D) Users in a specific domain only
Answer: B) Selected users based on department or project team
Explanation: Information barriers can be tailored to specific groups of users, such as those defined by departments, project teams, or any other relevant segmentation.
True or False: Information barriers can help prevent insider trading by restricting information flow.
- Answer: True
Explanation: Information barriers can be used to prevent communication between groups that should not share information, as in the case of preventing insider trading.
To enforce information barriers, which of the following is required?
- A) Microsoft 365 E3 license
- B) Microsoft 365 E5 license
- C) Microsoft Teams Exploratory license
- D) Any Microsoft 365 license
Answer: B) Microsoft 365 E5 license
Explanation: Information barriers require a Microsoft 365 E5 license as they are part of the advanced compliance solutions available in that plan.
True or False: Information barriers can be configured to both allow and block communications.
- Answer: True
Explanation: Information barriers can be tailored to specific use cases and can be set up to allow communication between certain groups while blocking others.
Who can configure information barrier policies in Microsoft 365?
- A) Any user in the organization
- B) Compliance officer
- C) IT administrator
- D) B and C only
Answer: D) B and C only
Explanation: Information barrier policies are typically configured by compliance officers and IT administrators who have the necessary permissions in the Microsoft 365 compliance center.
True or False: Information barriers apply to all types of content in Microsoft
- Answer: False
Explanation: Information barriers are focused on limiting communication and collaboration, so while they may impact the sharing of content, they do not directly apply to all types of content (e.g., documents residing on a user’s local machine).
When setting up information barriers, what must be done prior to defining policies?
- A) Train users on the new policies
- B) Define segments to represent groups of users
- C) Purchase additional licenses
- D) Remove all external users from the tenant
Answer: B) Define segments to represent groups of users
Explanation: Before defining information barrier policies, segments must be created to represent the groups of users the policies will apply to.
Interview Questions
What are information barriers in Microsoft 365?
Information barriers allow organizations to block communication between specific individuals or groups to comply with ethical or legal requirements.
What is the purpose of information barriers?
The purpose of information barriers is to prevent conflicts of interest, insider trading, or other types of inappropriate communication.
How are information barriers enforced?
Information barriers are enforced through the use of policies that are defined in the Microsoft 365 compliance center.
What types of communication can be blocked by information barriers?
Information barriers can block email, Microsoft Teams chat and channel messages, as well as Skype for Business chat and calling.
What are the three components of an information barrier policy?
The three components of an information barrier policy are the blocking, the alerting, and the logging components.
Can information barrier policies be customized?
Yes, information barrier policies can be customized to suit the specific needs of an organization.
How do information barrier policies work?
Information barrier policies work by defining a set of rules that govern communication between specific individuals or groups.
What types of rules can be defined in an information barrier policy?
Rules that can be defined in an information barrier policy include user and group membership, network locations, and time of day restrictions.
What is the role of the compliance officer in information barrier policies?
The compliance officer is responsible for defining and enforcing information barrier policies.
What are the benefits of using information barriers in Microsoft 365?
The benefits of using information barriers in Microsoft 365 include preventing conflicts of interest, reducing the risk of insider trading, and maintaining compliance with ethical and legal requirements.
Information barriers prevent communication between certain groups within an organization to avoid conflicts of interest or sensitive information leaks.
Does anyone know if SC-900 covers practical implementation details for setting up information barriers?
The course material also discusses compliance policies that can be enforced along with information barriers.
Do information barriers only apply to email communication or other forms of communication as well?
What’s the difference between an information barrier policy and a compliance policy?
Appreciate the breakdown on information barriers. It’s very helpful for SC-900 preparation.
I found the section on ethical walls particularly interesting.
The Microsoft documentation on information barriers is quite extensive. Highly recommend reading it.