Information Barriers: Resolve Communication Issues in Information Barriers

By Ashwin Venugopal -

 






Introduction

Microsoft Purview Information Barriers can aid your organization in adhering to legal obligations and industry standards. For instance, you can implement information barriers to limit interactions between certain user groups to prevent any potential conflicts of interest. 

Issue: Users are unexpectedly blocked from communicating with others in Teams

Users report unexpected issues when they try to communicate with others via Microsoft Teams like-
  1. A user searches for, but can't find, another user in Teams.
  2. A user can find, but can't select, another user in Teams.
  3. A user can see another user but can't send messages to that user in Teams.

What To Do?

Assess whether the users are influenced by an Information Barriers policy. Based on how these policies are set up, information barriers may be functioning correctly. Alternatively, you may need to adjust your organization's policies. 
  • Use the Get-InformationBarrierRecipientStatus cmdlet together with the Identity parameter. If the users are not included in Information Barriers policies, contact Microsoft Support. Otherwise, go to the next step. 

  • Identify the segments that are part of an Information Barriers policy. To achieve this, utilize the Get-InformationBarrierPolicy cmdlet along with the Identity parameter. Once you execute the cmdlet, review the output for the values of AssignedSegment, SegmentsAllowed, and SegmentsBlocked. 

  • Ensure your segments are accurately defined. To accomplish this, utilize the Get-OrganizationSegment cmdlet and examine the resulting list. Check the segment details thoroughly. If needed, modify a segment, and then apply the Start-InformationBarrierPoliciesApplication cmdlet again. 

If problems still persist while using your Information Barriers policy, reach out to Microsoft Support for assistance.

Issue: Communication is allowed between users who should be blocked in Teams

Even though Information Barriers are established, active, and enforced, individuals who are not supposed to interact with one another can still message and call each other on Teams.

What to do?

Verify that the users in question are included in an Information Barriers policy.
  • Use the Get-InformationBarrierRecipientStatus cmdlet together with the Identity and Identity2 parameters. 

  • Examine the results. The Get-InformationBarrierRecipientStatus cmdlet provides details about users, including their attribute values and any Information Barriers policies that are in effect. 

Issue: I want to remove a single user from an Information Barriers policy

Information Barriers policies are currently active, and one or several users are unexpectedly restricted from communicating with others in Microsoft Teams. Rather than eliminating Information Barriers policies entirely, you have the option to exclude one or more specific users from these policies. 

What to do?

Information Barriers policies are applied to groups of users. These groups are determined by specific attributes within user account profiles. If you need to withdraw a policy from an individual user, think about modifying that user's profile in Microsoft Entra to ensure they are excluded from a segment impacted by information barriers. 
  • Utilize the Get-InformationBarrierRecipientStatus cmdlet along with the Identity and Identity2 parameters. This cmdlet provides details about users, including attribute values and any Information Barrier policies that are in effect.

  • Examine the outcomes to determine if Information Barriers policies have been allocated, and identify the segments to which the users belong. 

  • To exclude a user from a segment influenced by Information Barriers, modify the user's profile details in Microsoft Entra ID.

  • Allow approximately 30 minutes for the FwdSync task to be completed. Alternatively, execute the Start-InformationBarrierPoliciesApplication cmdlet to enforce all currently active Information Barriers policies.

Issue: The Information Barriers application process takes too long

Following the execution of the Start-InformationBarrierPoliciesApplication cmdlet, the process requires a considerable amount of time to complete.

What to do?

Be aware that when executing the policy application cmdlet, Information Barriers policies are either being enforced or revoked for every user in your organization, one at a time. If your organization has a large number of users, this process will take some time to complete. As a rough estimate, processing 5000 user accounts typically requires about one hour. 
  • Use the Get-InformationBarrierPoliciesApplicationStatus cmdlet to check the status of the latest policy application. This command provides details on whether a policy application has completed, encountered an error, or is currently ongoing.

  • According to the results of the previous step, do the following-
    • If over 45 minutes have gone by since the Start-InformationBarrierPoliciesApplication cmdlet was executed, check your audit log for any errors in the policy definitions, or to determine if the application failed to start for another reason.
    • If the application did not succeed, check your audit log. Additionally, examine your segments and policies. Are any users associated with multiple segments? Are any segments linked to more than one policy? If needed, modify the segments or adjust the policies, and then execute the Start-InformationBarrierPoliciesApplication cmdlet once more.
    • If the application is still ongoing, give it additional time to complete. If it has been several days since the application commenced, collect your audit logs and then reach out to Microsoft Support. 

Issue: Information Barriers polices aren't applied at all

You have created segments, established Information Barriers policies, and attempted to enforce those polices. Nonetheless, when you execute the Get-InformationBarrierPoliciesApplicationStatus cmdlet, it shows that the application of the policy was unsuccessful. 

What to do?

Ensure that your organization is not using Exchange address book policies. These polices hinder the implementation of Information Barriers policies. 
  1. Connect to Exchange Online PowerShell.
  2. Run the Get-AddressBookPolicy cmdlet, and review results.
  3. View the status of user accounts, segments, polices, or policy application.

Issue: Information Barriers policy isn't applied to all designated users

Once you establish segments and Information Barriers policies, you may discover that these polices are enforced for certain recipients but not for others when you attempt to implement them. 

What to do?

  1. Search in the audit log for <application guid>.
  2. Check the detailed output from the audit log for the values of the UserId and ErrorDetails fields. Doing this provides the reason for the failure. 
  3. Usually, you learn that a user was included in more than one segment. You can fix this issue by updating segment membership. To do this, use the Set-OrganizationSegment cmdlet together with the UserGroupFilter parameter. 
  4. Reapply Information Barriers polices.

Conclusion

Issues related to Information Barriers polices are resolved. 












Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different...
Read more

Deployment (Part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Azure Resources Microsoft Sentinel needs following resources to be created: Subscription (if a dedicated subscription(s) will be used) Resource group(s) Log Analytics workspace(s) Automation rules/playbook Alert rules Workbooks Microsoft Sentinel offers hundreds of alert rules, workbooks, and automation playbook templates along with hunting scripts. The templates can be used to activate/deploy schedule alerts, create customized dashboards, create automation playbooks and perform threat-hunting activities. Generally, once deployed, the resources created have to be adjusted to match the existing environment, configure local credentials, etc. Methods of deployment: Manual- Administrator can manually configures the Microsoft Sentinel resources with the help of Azure portal. Any manual process has the inherent risks of human operator error, lack of compliance with potential change control procedures, and u...
Read more

Deployment (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 3, please click  here Microsoft Sentinel Content Hub Content in Microsoft Sentinel includes any of the following types: Data connectors offer log ingestion from different sources into Microsoft Sentinel. Parsers give log formatting/transformation into ASIM formats, supporting usage across various Microsoft Sentinel content types and scenarios. Workbooks provide monitoring, visualization, and interactively with data in Microsoft Sentinel, highlighting meaningful insights for users.  Analytics rules give alerts that point to relevant SOC actions via incidents.  Hunting Queries are used by SOC teams to proactively hunt for threats in Microsoft Sentinel. Notebooks help SOC teams in using advanced hunting features in Jupyter and Azure Notebooks. Watchlists support the ingestion of specific data for enhanced threat detection and reduced alert fatigue.  Playbooks and Azure Logic Apps Custom Connectors provide featu...
Read more