BOOK MEETING
CONTACT US
Categories
blog Ethical Wall File Sharing/Blocking Microsoft Teams

Mastering Information Barriers: Advanced Sharing Limitations in SharePoint 

Mastering Information Barriers

Ensuring secure collaboration while safeguarding sensitive information is paramount. Microsoft offers Information Barriers to control document access, prevent unauthorized sharing, and maintain data integrity. While straightforward scenarios are well supported, some cases allow users to communicate via SharePoint documents even when set to be blocked. 
In this blog, we will explain one scenario that is not covered by Information Barriers  

Let’s delve into a scenario where Bob and Alice lack permission for a document, but Jim has access and shares it, highlighting the effectiveness of Information Barriers. 

Understanding Information Barriers 

Information Barriers in SharePoint allow organizations to control communication and collaboration between different groups of users. By defining policies, admins can restrict access to specific content based on user attributes such as department, role, or team membership. This ensures compliance and prevents conflicts of interest by enforcing segregation of duties. 

While Microsoft Information Barriers offer some controls for access management in SharePoint, it’s essential to acknowledge their limitations. One notable gap is the potential for accidental access granted between restricted users and sensitive documents. This is due to MS Teams Information barriers policy setting being too broad, only having limited sharing control such as sharing with anyone, sharing with the company, shared with a group but it does not provide granular control. 

The Scenario:

A user can share a file with members of separate groups that are blocked from communicating with each other 

The Players: 

Jim: A senior manager with access to sensitive financial reports. 

Bob and Alice: one is an investor, and the other is a researcher, and they are set not to be able to communicate with each other. 

The Incident: 

Jim needs input from both Bob and Alice on a project that involves data from the financial reports. He decides to collaborate with them by sharing the relevant document on SharePoint. Giving them access to a document that they otherwise should not have. 

He shares the file with Bob and then shares the same file with Alice. As a result, Bob and Alice have a file shared that enables them to communicate and share info on it. 

The Solution 

AGAT’s Ethical Wall /Information Barrier Enforcement validates all the users that have access to file on any permission changes event. This is done in real-time blocking the communication between Bob and Alice as explained above  Despite the attempt to share, the restricted user will be unable to access the document due to their restricted permissions. 

AGAT Information Barriers ensure that sensitive or restricted information remains protected, mitigating the risk of unauthorized access or data breaches. 

Conclusion 

AGAT’s Ethical Wall/ Information Barriers in SharePoint provide advanced sharing options that enable organizations to maintain data integrity and confidentiality. By effectively segregating users and controlling access to sensitive content, businesses can foster secure collaboration while mitigating the risk of unauthorized disclosure. Implement Information Barriers in your SharePoint environment to bolster your data protection strategies and safeguard critical information. 

Learn More

Categories
blog Education Microsoft Teams

Is Microsoft’s Information Barriers solution suitable for Education Tenants?

Recently, Microsoft has made its information barriers solution available to education tenants. In this article, we will cover some scenarios where educational organizations could implement information barriers, and also those aspects where Microsoft did not take steps to improve its features.

Table of contents:

  1. Using collaboration platforms in Education
  2. Information Barriers in Microsoft
  3. Policy-setting limitations and case scenarios for Education Tenants
  4. AGAT’s Solution

1- Using collaboration platforms in Education

As remote work continues to grow, tools that promote communication and collaboration from a distance have expanded too. The education sector has undergone a drastic technological transformation, especially after the pandemic, which pushed many institutions to incorporate online collaboration platforms into their daily activities. Even now, they still prove to be useful not only for distance learning but to complement traditional learning too: better connecting students, faculty, and staff. 

However, introducing technology into the classroom was not as straightforward. For the entire education sector, special needs arose that were not (and in many cases are still not) covered by the available software since it was developed for other purposes. All kinds of educational institutions, from K-12 to college, have faced challenges when it comes to shaping a plan to make collaboration safe for everyone, especially under-age kids.

One of the solutions many institutions started to implement were Information Barriers, a tool to set pertaining restrictions and manage communications between user groups. Information barriers were first ideated for the financial industry but now that the use of collaboration platforms has expanded, they proved to be useful in many scenarios.

information barriers for education tenants

2- Information Barriers in Microsoft

Previously, Microsoft’s Information Barriers were only available on E5 and E3 licenses, now all the Office 365 and Microsoft 365 education plans (A1, A3, and A5) will have access to them. Unfortunately, we can say that Microsoft hasn’t made improvements to its features before extending it to other licenses.

Microsoft’s Information Barriers can be used to set the next restrictions for users:

  • Adding a user to a team or channel
  • Prevent access to meetings
  • Prevent access to 1:1 chats and group chats
  • Prevent access to team or channel content

3- Policy-setting limitations and case scenarios for Education Tenants

As we see, Microsoft provides a solution that can prevent individuals or groups from communicating with each other or unauthorizing certain kinds of collaboration between them, but that’s about it. The problem with the options offered by Microsoft is that they lack flexibility, and many organizations do not want to impose a complete block between internal groups

For example, in a school environment, you might want to allow chat and meetings between teachers and students but, to prevent misconduct, block students from file sharing and screen sharing at the same time. 

Furthermore, to work, Microsoft’s Information barriers policies must be defined two-ways between groups, so they cannot communicate with each other at all. Given this, if you need to restrict students from reaching out privately to teachers but still allow teachers to start communications with students,  it wouldn’t be possible.

4- AGAT’s Solution

AGAT’s Ethical Wall information barriers solution for Microsoft Teams lets you have granular control over which kind of communications you block, for example chat, conferencing, file sharing, or screen sharing. Also, AGAT’s Ethical Wall allows you to set asymmetric policies, where you can choose to block users from reaching out only in one direction.

Finally, AGAT offers an easy-to-use interface to manage all your policies in one place, while Microsoft’s IBs require the use of PowerShell, a tool that can be too complex for non-technical administrators.

 To learn more about SphereShield’s Ethical Wall, contact us today.

Categories
Microsoft Teams

Information Barriers for Microsoft Teams: capabilities and limitations

In this article we are going to explain what is Information Barriers for Microsoft Teams as well as comment about its advantages and disadvantages for different businesses types.

Update: for more info on Information Barriers for SharePoint and OneDrive, go to our new blog post here

Table of contents

1- What is Information Barriers for Microsoft Teams

2- Requirements for Information Barriers

3- Permission Requirements and Prerequisites for Microsoft Teams

4- Capabilities and Limitations

1- What is Information Barriers for Microsoft Teams

Information Barriers for Microsoft was first introduced to the community in May 2019, as a solution to restrict communication and collaboration between groups to avoid any type of conflict of interests or to safeguard information. This kind of solution is not new to the business world (specially, to finance companies) and is known as “Ethical Wall” or “Chinese Walls”.

Corporations, brokerage firms, investment banks, and retail banks have been using Chinese walls to describe situations where there is a need to maintain confidentiality in order to prevent conflicts of interest.

A classic example, addressed by FINRA regulation, is when a financial company (banks, credit rating, etc) that handles non-public information needs to block its investment departments communications with researchers or any other department. Other examples are contact centers that need policies to have agents isolated with each other.

As a more general example, many companies do not let employees communicate with higher ranked positions (although they could choose to allow the opposite) as well as setting different permissions, as file sharing, for specific categories of employees.

2- Requirements for Information Barriers

As this service is not included on Microsoft’s basic packages, companies need to have one of the following subscriptions:

  • •Microsoft 365 E5
  • •Office 365 E5
  • •Office 365 Advanced Compliance
  • •Microsoft 365 E5 Information Protection and Compliance

3- Permission Requirements and Prerequisites for Microsoft Teams


As Information Barriers is a product intended for compliance officers (or any other compliance related position) use, in order to define, or edit rules one must be assigned with one of the following roles:

  • •Microsoft 365 global administrator
  • •Office 365 global administrator
  • •Compliance administrator
  • •IB Compliance management

There are a few checklist items to have completed in order to get Information Barriers configured

  • •Required permission and licenses have been assigned
  • •Verify your directory includes data for segmenting users
  • •Enable scoped directory search for Microsoft Teams (need to wait 24 hours after enabling)
  • •Make sure audit logging is turned on
  • •Make sure no Exchange address book are policies are in place
  • •Provide admin consent for Microsoft Teams

As this article is not going to deal with the complex process of how to configure Information Barriers, we recommend these by Microsoft expert Tony Redmond:


Part 1 | Part 2

4- Capabilities and Limitations

Microsoft Information Barriers works blocking files, messages and adding team members using customizable filters such as department, alias, email address. Many custom filters can be set in order to manage the policies. More information here

As for Information Barriers limitations, these are regarding general aspects.

  • •Policies can only be set using Powershell. No UI. Can be very difficult for a compliance officer to use.
  • •No control of  communication with external domain during meetings
  • •No control of external Users and guests
  • •No auditing of blocked operation that can assist in training 
  • •No notification for compliance admin
  • •No granular control of specific operation – such as screen sharing
  • •Policies can be set only to either block files and messages – no control over functionalities such as audio, video and screen sharing
  • •If previous address book policies are present they must be deleted before configuring
  • •Policies can take several hours to apply after configuration

As for users that want to know how to overcome these limitations and gain extra functionality to the Information Barriers, we recommend checking SphereShield Ethical Wall for Microsoft Teams.
SphereShield by AGAT provides a powerful yet intuitive solution to control communications in Microsoft Teams offering advanced options such as audio, video/screen sharing and granular control. 

Here is a short Demo

For a more comprehensive understanding, check this comparison table

Ethical Wall



Office 365
AGAT
License →  Essential/E3E5 –  Information BarriersSPT2 (E.W. License)
Internal control by Groups/Users (Allow/Block)
External Control By External User (Allow/Block)
External Control by Internal group/users/domain
Granular Control capabilities (IM’s/files/audio/video/sharing)
Can be fully controlled by compliance role only 
Web User Interface (GUI) – Easy to operateN/A
Notifications to end user/admin
Incident auditing for compliance awareness and training
Reports by user/policy/domain
External system integration/SIEM 
Restrict Guests communication only to Team members
Restrict access for guest only to specific channels in a team

SphereShieldForMSTeams gfv7p1
SphereShield Ethical Wall diagram. Information Barriers for Microsoft Teams

Contact Us for more information