- Home
- /
- Article
In this articleWith the extended security pack, you can create a policy in Control Hub to prevent users in specific Active Directory (AD) groups from communicating with each other using messaging in Webex App.
You must use Active Directory and sync your users and groups to Webex with Directory Connector.
 | User membership in BIC policy groups must be unique. Users can't be members of multiple groups when you configure these policies. |
Manage your organization's internal communication
As an administrator, you can create an internal communication policy in Control Hub. You can create a policy to block internal communication between two user groups in your organization. This restricts users in blocked groups from accessing shared spaces and helps prevent data loss for your organization.
This section covers the different internal communication policies and how they work.
Allow internal communication
Your users can communicate with anyone in your organization.
Two-way restriction communication policy
Create a policy to restrict communication between the primary and policy groups. This means that users in the primary group won’t be allowed to communicate with users in the policy groups. Similarly, users in the policy groups won't be allowed to communicate with users in the primary group.
Block list and allow list communication policy
Create a block list and an allow list for your organization. You create a block list to restrict groups from communicating with other groups in your organization. This means that users in blocked groups can only communicate within their groups.
Next, you create an allow list to make exceptions for groups to communicate with other groups. This means that users in allowed groups can communicate with other groups in your organization, including users in blocked groups.
Add policies to block internal communication
You can choose a communication policy that best fits your organization's requirements.
Users can communicate with all groups in your organization. There are no restrictions for internal communication.
| 1 |
Sign in to Control Hub, go to Organization Settings and scroll to Internal Communication. |
| 2 |
Select Allow Internal Communication. By default, it's selected. |
What to do next
You can always modify your current internal communication policy and make it more restrictive to suit your organization’s needs.
Restrict internal commutation between the primary group and the policy groups. Users in the primary groups can't communicate with users in the policy groups.
| 1 |
Sign in to Control Hub, go to Organization Settings and scroll to Internal Communication. |
| 2 |
Select Two-way restriction communication policy. |
| 3 |
Click Create policy. |
| 4 |
Enter a policy name. |
| 5 |
Select a primary group and the policy groups. You can select up to 5 policy groups.
|
| 6 |
Click Verify groups. |
| 7 |
Once verified, click Create policy. |
What to do next
You can always make changes to an existing policy. Go to and click Manage policy.
Create a block list and allow list and manage internal communication between these groups.
You can create and manage blocked groups. Users in blocked groups can't communicate with other groups in your organization. Similarly other groups can't communicate with users in blocked groups. Blocked group users can only communicate within their groups.
You can also create allowed groups. Allowed groups are an exception to the blocked groups. This means that users in the allowed groups can communicate with everyone in your organization, including users in the blocked groups.
| 1 |
Sign in to Control Hub, go to Organization Settings and scroll to Internal Communication. |
| 2 |
Select Block list and allow list communication policy. |
| 3 |
Click Create policy. |
| 4 |
Select the blocked groups and click Next. You can add up to 100 blocked groups.
|
| 5 |
Select the allowed groups. You can add up to 20 allowed groups.
|
| 6 |
Click Verify groups. |
| 7 |
Once verified click Create policy. |
What to do next
You can always make changes to an existing policy. Go to and click Manage policy.
Policy enforcement
Policy enforcement typically involves removing violating users in group spaces and putting 1:1 spaces into read-only mode.
Once the new BIC policy is set up, enforcement occurs in the following scenarios:
-
Proactive policy enforcement occurs when users are added to existing or new spaces.
-
Retroactive policy enforcement will occur in existing 1:1 and group spaces when users change AD groups (typically due to a job change).
Customers who have already enabled BIC policies will need to delete the existing policies and re-add them within Control Hub to trigger retroactive policy enforcement on existing space violations.
Blocking internal communications doesn't work with public spaces
Public spaces are enabled by default but that feature defeats the purpose of blocking internal communications. You are prompted to block public spaces when you start blocking internal communications. See Public spaces in Webex for more about that feature.
