Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Use this PowerShell script to update the Information Barriers (IB) mode for all Teams-connected groups in your tenant. You need to update the mode for these groups after you deploy Information Barriers. Groups created before you enable IB are assigned the Open mode. In Open mode, there aren't any applicable IB policies. After you enable IB, Implicit becomes the default mode for any new groups you create. However, existing groups still keep Open mode configuration. Run this script to change these existing groups to Implicit mode.
In this script, you use the Get-UnifiedGroup cmdlet, which is in the Exchange Online PowerShell module to update the mode. To learn more about managing Teams using PowerShell, see Teams PowerShell overview.
Prerequisites
Before you run this script, make sure you have the following prerequisites:
- The Exchange Online PowerShell module installed.
- A work or school account that has the global administrator role for your tenant.
Important
Microsoft recommends that you use roles with the fewest permissions. Minimizing the number of users with the Global Administrator role helps improve security for your organization. Learn more about Microsoft Purview roles and permissions.
Run the script
Complete the following steps to update the IB mode for all existing Teams-connected groups:
Connect to Exchange Online PowerShell:
Connect-ExchangeOnlineCopy and run the following script. The script identifies all Teams-connected groups in Open mode and updates them to Implicit mode.
After the script finishes, review the output for the number of groups successfully updated. If any groups fail to update, check the
BackfillFailedTeams.csvfile generated in your current directory for details and retry the failed groups.
Sample script
<#
.SYNOPSIS
This script updates the IB mode for all Teams-connected groups in your tenant at the same time.
.DESCRIPTION
Use this script to update the info barrier mode from open to implicit across the groups in your tenant.
#>
$teams = Get-UnifiedGroup -Filter {ResourceProvisioningOptions -eq "Team"} -ResultSize Unlimited
Write-Output ([string]::Format("Number of Teams = {0}", @($teams).Length))
$teamsToUpdate = New-Object System.Collections.ArrayList
foreach($team in $teams)
{
if ($team.InformationBarrierMode -eq "Open")
{
$teamsToUpdate.Add($team.ExternalDirectoryObjectId) | out-null
}
}
Write-Output ([string]::Format("Number of Teams to be backfilled = {0}", @($teamsToUpdate).Length))
$outfile = "BackfillFailedTeams.csv"
if (!(Test-Path "$outfile"))
{
$newcsv = {} | Select "ExternalDirectoryObjectId", "ExceptionDetails" | Export-Csv $outfile -NoTypeInformation
}
else
{
$dateTime = Get-Date
$newEntry = "{0},{1}" -f "New session started", $dateTime
$newEntry | add-content $outfile
}
$SuccessfullyBackfilledGroup = 0
for($i = 0; $i -lt @($teamsToUpdate).Length; $i++)
{
Invoke-Command { Set-UnifiedGroup $teamsToUpdate[$i] -InformationBarrierMode "Implicit" } -ErrorVariable ErrorOutput
if ($ErrorOutput)
{
# saving the errors in a csv file
$errorBody = $ErrorOutput[0].ToString() -replace "`n"," " -replace "`r"," " -replace ",", " "
$newEntry = "{0},{1}" -f $teamsToUpdate[$i].ToString(), '"' + $errorBody + '"'
$newEntry | add-content $outfile
}
else
{
$SuccessfullyBackfilledGroup++
}
if (($i+1) % 100 -eq 0)
{
# print the number of teams backfilled after the batch of 100 updates
Write-Output ([string]::Format("Number of Teams processed= {0}", $i+1))
}
}
Write-Output ([string]::Format("Backfill completed. Groups backfilled: {0}, Groups failed to backfill: {1}", $SuccessfullyBackfilledGroup, @($teamsToUpdate).Length - $SuccessfullyBackfilledGroup))
if (!($SuccessfullyBackfilledGroup -eq @($teamsToUpdate).Length))
{
Write-Output ([string]::Format("Check the failed teams in BackfillFailedTeams.csv, retry to backfill the failed teams."))
}