If you’ve ever had to separate two departments in the same Microsoft 365 tenant (think investment banking from retail banking, or students from different programs) you’ve probably run into the question of how far that separation actually needs to go. Microsoft Purview’s Information Barriers are the nuclear option, and like any powerful tool, they’re frequently over-applied. This post breaks down when Information Barriers are the right call, when they’re overkill, and what you should reach for instead.
What is an Information Barrier?
Information Barriers are is a compliance solution by Microsoft Purview. Commonly referred to as IB, it is a compliance policy designed to restrict communication and file sharing between two groups of users. Depending on your business case scenario, these use cases can vary. Keep in mind that information barriers impose a great divide (hence the title) so it is important to understand the consequences before applying them.
The following actions are prohibited with Information Barriers:
- Searching for a user
- Adding a member to a team
- Starting a chat session with someone
- Starting a group chat
- Inviting someone to join a meeting
- Sharing a screen
- Placing a call
- Sharing a file with another user
- Accessing a file through a sharing link
So, who should actually use Information Barriers?
You’re a good candidate for IB if your organization operates under regulatory requirements that mandate communication restrictions and not just recommend them. The clearest examples are:
- Financial services firms subject to SEC or FINRA regulations where ethical walls between advisory and trading desks are legally required
- Defense contractors pursuing CMMC Level 2 or 3 certification, where controlled unclassified information (CUI) must be strictly segmented. Information barriers can support access control requirements across internal groups handling different contract scopes
- Legal firms with matters that require ethical walls between practice groups to avoid conflicts of interest
- Higher education institutions that need to prevent communication between student cohorts, or between students and faculty outside of designated channels
Who shouldn’t use Information Barriers?
If your reason for considering IB is more about preference than compliance, you likely don’t need them. Common scenarios where IB is overkill:
- You just want to keep two departments tidy and organized — Groups and channels can handle that
- You want to prevent accidental file sharing — tighten your SharePoint permissions and sharing link settings
- You’re worried about sensitive documents leaking — Sensitivity Labels were built for exactly this
- You’re a small org and the overhead of managing IB policies isn’t worth the lift
What are some alternatives to Information Barriers?
If Information Barriers feel like more than your situation actually calls for, here are some lighter-touch options based on your use case:
- Lock Down Your SharePoint Permission Structure — Instead of relying on information barriers to keep departments separated, restructure your SharePoint permissions from the ground up. Break permission inheritance at the site or library level, assign access only to the groups who need it, and audit regularly. It’s more manual to set up but gives you precise, granular control without the tenant-wide complexity of information barriers.
- Disable Sharing Links — One of the simplest wins in your tenant. By disabling or restricting sharing links in SharePoint and OneDrive, you prevent users from casually forwarding access to sensitive content. You can scope this at the tenant level or per site collection, and you can choose between disabling links entirely or limiting them to internal users only.
- Use Sensitivity Labels to Restrict Access to Specific Content — Rather than blocking entire departments from communicating, sensitivity labels let you protect the content itself. Apply labels to documents, emails, and meetings to enforce encryption, restrict editing, and control who can open a file regardless of where it lives. Great for scenarios where the data is sensitive but the people don’t necessarily need to be siloed.
- Implement Conditional Access Policies — If your concern is controlling who can access resources and under what conditions, conditional access is the way to go. You can restrict access based on device compliance, location, sign-in risk, or user role. It’s a strong middle ground between doing nothing and deploying full information barriers.
- Use Microsoft 365 Groups with Strict Membership Controls — Tighten up who belongs to which group and make membership approval-based rather than open. Combined with group-based licensing and access reviews in Entra ID, this keeps collaboration contained to the right people without preventing communication entirely.
- Enable Private Channels in Teams for Sensitive Conversations — If the issue is keeping certain conversations within a subset of a team rather than blocking departments wholesale, private channels are a lightweight and effective option. Only explicitly added members can see or participate, and the channel has its own SharePoint site collection for file storage. Much less overhead than information barriers for many common scenarios.
Information Barriers are a powerful compliance tool, but they come with real administrative overhead and user experience tradeoffs. Before deploying them, ask yourself: is this a legal or regulatory requirement, or just a preference? If it’s the latter, one of the lighter-touch alternatives above will get you where you need to go without the complexity.