I was working on an information barrier setup for Microsoft Teams, and was getting a little tired of going back and forth with my notes to remember command and filter structure. So as I do, I wrote a GUI tool to handle a lot of it for me. This is the very first iteration of it, and I tried to get enough bug checking in there to get you some decent pop-ups, but the code is open source (it’s PowerShell) and it’s on GitHub so edit it as much as you want to suit your needs and if you add something cool, send it my way or submit a pull request on GitHub if you’re into that kind of thing.
If you don’t know what I’m talking about when say “information barrier”, they’re also known as ethical walls. There will be situations where one department shouldn’t be able to talk to another department for legal reasons. A more common scenario is that a high-up executive wants access to instant messaging, but only wants a specific group of users to be able to disrupt him. In the Skype world, this required MSPL scripting and was tricky and could be dangerous if you messed it up. In the Teams world, it’s built in if you have E5 or other appropriate licensing.
The hardest part about information barriers in Teams is making sure you meet the prerequisites. This includes getting the information you want to filter on, such as department name, accurate for each user. This also means that your policies will need to be symmetrical (ex: if non-execs can’t IM the CEO, then we need a matching policy that blocks the CEO from IMing those non-execs as well). I considered building a prerequisite checker in, but haven’t gone that far just yet. Some of this would require pulling different PowerShell modules to check licensing, contact info, and Teams settings which can cause additional authentication prompts. For now I have a simple help button that gives common reason why the application of your policy may not be working the way you expect.
Now, on to the tool. It’s available at https://github.com/ccaragol/TeamsInfoBarrierGUI is pure PowerShell, so all you need to run it is a Windows box, nothing to install.
You’ll need the right role to assigned to modify this stuff (Global Admin, Compliance Admin, or the new IB Compliance Admin role). It’s also helpful to read Microsoft’s overview of the solution before you start: https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers?view=o365-worldwide
Finally, the screenshot 🙂
Feel free to hack at it and let me know if you find bugs.