Forum Discussion

yodatech's avatar
yodatech
Copper Contributor
Sep 13, 2022

Office 365 deployment teams issue

I have Microsoft 365 deployment in Intune setup (under windows/apps) and it is deploying everything fine but teams. Teams only gets installed and accessible by admin users (azure AD admins with local admin rights). Normal windows users the app does not show as installed or useable. Anyone else had this issue? All other apps outlook/excel/word work fine for all users.

 

It is set to deploy to all users in the configuration setting.

  • One... if you are a regular user, you normally don't have write access to those folders (program files and windows) above... all other folders except those mentioned above are restricted from executable execution
    So when a exe is placed inside the %appdata% you cant execute it...
  • Moe_Kinani's avatar
    Moe_Kinani
    Bronze Contributor

    Are you installing O365 using Intune as M365 App from Intune (screenshot attached). This way should make it available for all users (Admin or standard users).

    If you install O365 apps remotely as System/Admin, Teams installs in the current user’s profile (app data) folders. You have to install per user. There is a machine wide installer version of Team Teams installs in the current user’s profile (app data) folders. So you have to install per user. There is a machine wide installer version of Teams also which makes it to use available in all users, most commonly used in VDI’s etc..

    https://docs.microsoft.com/en-us/microsoftteams/msi-deployment

    Moe

    • yodatech's avatar
      yodatech
      Copper Contributor
      Yes this is exactly how I am installing it (your screenshot)deployed per machine not user. I think the second poster may be onto app locker blocking it for standard users but I don't block .exe in the programs folders if that is where the installer resides
  • As moe already mentioned... the teams setup itself will be executed under each user when they first login by launching the teams installer from the program files... that setup would trigger the user based installation

    So for example when using applocker..... that setup would be blocked...
    So my first question would be... do you notice the first setup file being located in the program files folder C:\Program Files (x86)\Teams Installer ?
    https://call4cloud.nl/2021/04/exodus-teams-and-applocker/
    • yodatech's avatar
      yodatech
      Copper Contributor

      Rudy_Ooms_MVP would this setting in app locker not allow the standard users install? Or is the installer a MSI? Thank you for you feedback!

       

       

       

      <RuleCollection Type="Exe" EnforcementMode="Enabled">
          <FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow">
            <Conditions>
              <FilePathCondition Path="*" />
            </Conditions>
          </FilePathRule>
          <FilePathRule Id="16473f44-7331-43fc-b337-8933ceb90370" Name="All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
            <Conditions>
              <FilePathCondition Path="%PROGRAMFILES%\*" />
            </Conditions>
          </FilePathRule>
          <FilePathRule Id="671367db-4cfb-4ee0-aa14-4397ca9b36d2" Name="All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
            <Conditions>
              <FilePathCondition Path="%WINDIR%\*" />
            </Conditions>

       

       

      • One... if you are a regular user, you normally don't have write access to those folders (program files and windows) above... all other folders except those mentioned above are restricted from executable execution
        So when a exe is placed inside the %appdata% you cant execute it...

Resources