Information barriers helps to restrict or allow users from certain segments from interacting with each other. It is a useful feature to maintain compliance across the organization.
In this article, we will define information barrier for SharePoint Online and OneDrive.
Enable Information Barriers in SharePoint and OneDrive
SharePoint Administrators or Global Administrators can enable information barriers in SharePoint Online.
Download and install the latest version of SharePoint Online Management Shell. Run below command to enable information barriers in SharePoint and OneDrive:
Set-Spotenant -InformationBarriersSuspension $false
Wait for approximately 1 hour for the changes to take effect.
On the Active Sites tab in SharePoint admin center, the Segments column displays the first segment associated with the site.
The segments can be managed from Policies section at an individual site.
Select the Edit to add / remove segments to SharePoint site.
PowerShell to manage segments on SharePoint site
On the PowerShell, run below command
Import-Module Az Import-Module ExchangeOnlineManagement Connect-AzAccount -Tenant "TENANT.onmicrosoft.com" Connect-IPPSSession Get-OrganizationSegment | ft Name, EXOSegmentID
Apply the segment to SharePoint site by running below command:
Connect-SPOService Set-SPOSite -Identity <site URL> -AddInformationSegment <segment GUID>
Note: Specify OneDrive site URL to apply segment to OneDrive sites.
To get the segment associated with the site, use below command:
Set-SPOSite -Identity <site URL> | Select InformationSegment
Below audit events are available in Office 365 audit log:
- Segments are added to a site
- Segments are changed on a site
- Segments are removed from a site
Site creation and management
Below points will be applicable on the site creation and management:
- When a segmented user creates a SharePoint site, the site is associated with the user’s segment.
- Site owners can add more segments to the site.
- Site owners cannot remove added segments from sites.
- Up to 100 compatible segments can be associated with a site.
- Segments associated with the Microsoft Team team’s members are automatically associated with the site within 24 hours.
- SharePoint admins can’t change the segments associated with a site when the site is connected to a team.
Sharing a site will have below effects when a segment is associated with site:
- Share with “Anyone with the link” option is disabled.
- The site and its content can be shared only with users whose segment matches that of the site.
- New users can be added to the site as site members only if their segment matches that of the site.
Information barriers helps to restrict or allow users from certain segments from interacting with each other. Segments can be applied to SharePoint and OneDrive sites to allow or restrict communication between two groups.