You must use Active Directory and sync your users and groups to Webex with Directory Connector.


User membership in BIC policy groups must be unique. Users can't be members of multiple groups when you configure these policies.

Add policies to block internal communication


Sign in to Control Hub at, go to Organization Settings and scroll to Internal Communication.


Toggle the Allow Internal Communication setting to on. By default, it is enabled.


Click Modify and create up to five policies.


Enter an Active Directory group in the Primary Group field and enter up to 5 groups in the Policy Group field, to block communication between those groups.


Click Save Policy.

People in these groups can't invite each other to spaces or start conversations with each other. However, they can still communicate with other people in the organization.

Policy enforcement

Policy enforcement typically involves removing violating users in group spaces and putting 1:1 spaces into read-only mode.

Once the new BIC policy is set up, enforcement occurs in the following scenarios:

  • Proactive policy enforcement occurs when users are added to existing or new spaces.

  • Retroactive policy enforcement will occur in existing 1:1 and group spaces when users change AD groups (typically due to a job change).


    Customers who have already enabled BIC policies will need to delete the existing policies and re-add them within Control Hub to trigger retroactive policy enforcement on existing space violations.

Blocking internal communications doesn't work with public spaces

Public spaces are enabled by default but that feature defeats the purpose of blocking internal communications. You are prompted to block public spaces when you start blocking internal communications. See Public spaces in Webex for more about that feature.