| Teams people search, chat, call and screen sharing | Incompatible users should not find/select one another for restricted actions, start new one-to-one/group chats, place calls, invite to meetings, share screens or exchange files through restricted collaboration paths. | Scoped directory search, segment/policy application, organization mode, Teams client cache/propagation, existing conversations, federation/guest context, meeting design. | Allowed/blocked pair searches, new/existing chat, group chat, call, screen share, file, meeting invitation and multiple clients; relationship cmdlet and policy-application evidence. | Assuming a blocked Teams relationship also blocks email, external cross-tenant behavior, or every existing artifact. |
| Teams and Microsoft 365 Group membership | Membership must be compatible with the Team/group IB mode. The background compliance process can remove noncompliant members after user policy/segment or group-mode changes. | Existing Open teams, Implicit/Owner Moderated modes, owners, multi-segment users, guests, group source, provisioning automation, private/shared channels. | Add/remove allowed and blocked users; mode change; attribute transfer; owner change; existing roster reconciliation; group/team/site consistency and audit evidence. | Activating policies while legacy Teams remain Open, losing an owner, or treating a group creation success as proof of ongoing compliance. |
| Private and shared channels | New private-channel sites inherit appropriate parent-team mode after SharePoint enablement; shared-channel membership is checked within the tenant. External organization participants are not bounded by both tenants’ IB policies in the same way. | Parent Team mode, existing private-channel sites, shared-channel policy, cross-tenant access, external teams, site mode, owner/member changes. | Create/add/share channel, add user to team with shared channels, internal/external team sharing, site membership/content access, policy/segment change and noncompliance response. | Believing IB alone prevents collaboration with incompatible people in another organization’s tenant. |
| SharePoint connected sites | Implicit sites use compliant Microsoft 365 Group membership; new Teams sites become Implicit after enablement/propagation. Incompatible direct access/sharing should be blocked according to mode. | Tenant SharePoint/OneDrive IB enablement, site mode, connected group/team, existing direct permissions/sharing links, private/shared channel sites, search/Copilot. | Member/nonmember, direct permission, existing-access link, Anyone/company link availability, search and Copilot visibility/open, app access, segment/policy change and compliance report. | Ignoring existing Open sites or believing search-result suppression and access denial are always identical. |
| SharePoint Explicit/Owner Moderated/Open | Explicit requires a matching associated segment plus permission; Owner Moderated permits owner-supervised incompatible access; Open relies on permission while sharing is constrained by the sharer’s IB policy. | Approved use case, compatible site segments, owner continuity, permissions, links, apps, sensitivity/sharing settings, multi-segment creator behavior. | Matching/nonmatching/unsegmented users, owner/non-owner sharing, owner removal, permission without segment, segment without permission, link reuse, search and policy change. | Using Owner Moderated as a broad exception without an accountable moderator and expiry. |
| OneDrive sharing and access | A segmented owner’s OneDrive is protected according to Explicit, Owner Moderated or Mixed mode; Open applies to non-segmented owners. Access still requires content permission and compatible mode/policy conditions. | Provisioning timing, owner segment(s), mode, associated segments, existing links/direct access, unsegmented collaboration, sync/search/Copilot and offboarding. | Owner and compatible/incompatible/unsegmented users, new/existing share, direct link, folder/file, owner transfer/segment change, sync and application access. | Assuming a policy change automatically cleans every historical sharing/permission state without validation. |
| Planner basic plans | People-picker restrictions affect new plan sharing and task assignment in supported basic-plan clients. Existing plans and already assigned tasks can remain accessible. | Plan type/client support, current sharing/assignments, Teams/group context, unsegmented users, project/process owner and alternate workflow. | Search, new share, new assignment, existing plan/task access, allowed/blocked pair and client variants; inventory exceptions and business continuity. | Assuming all Planner/Premium experiences or historical assignments are remediated automatically. |
| Email, eDiscovery and adjacent Purview controls | IB does not block email content and does not define eDiscovery compliance boundaries. Other controls must implement those objectives. | Exchange transport rules, address-book visibility, DLP, sensitivity, retention, communication compliance, eDiscovery roles/boundaries, insider-risk process. | Email allowed/blocked cases through the separate rule; eDiscovery scope test; label/DLP behavior; audit and case ownership. | Claiming IB is a complete ethical wall across every Microsoft 365 data and communication path. |