SOLVED
Home

Optimal WIndows 10 firewall setting for Teams desktop app?

%3CLINGO-SUB%20id%3D%22lingo-sub-298244%22%20slang%3D%22en-US%22%3EOptimal%20WIndows%2010%20firewall%20setting%20for%20Teams%20desktop%20app%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298244%22%20slang%3D%22en-US%22%3E%3CP%3EI've%2095%25%20sure%20that%2C%20at%20least%20in%20our%20environment%2C%20the%20Teams%20desktop%20app%20isn't%20setting%20Windows%2010%20firewall%20rules%20optimally%2C%20probably%20due%20to%20locking%20down%20the%20build.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20staff%20start%20video%20in%20Teams%20desktop%2C%20they%20see%20a%20one-off%20message%20that%20WIndows%2010%20firewall%20has%20blocked%20certain%20features%20of%20the%20application.%20I'm%20assuming%20this%20is%20Teams%20trying%20to%20use%20UDP%20on%20high%20ports%20for%20it's%20preferred%20protocol(s).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20are%20the%20Windows%2010%20firewall%20rules%20needed%20to%20optimist%20performance%20of%20the%20Teams%20desktop%20app%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENB%20I've%20already%20followed%20MSFT%20guidance%20on%20optimizing%20the%20network%20on%20boundary%20firewalls%20etc.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-298244%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdministrator%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298293%22%20slang%3D%22en-US%22%3ERe%3A%20Optimal%20WIndows%2010%20firewall%20setting%20for%20Teams%20desktop%20app%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298293%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat%20is%20described%20in%20this%20article.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fget-client%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fget-client%3C%2FA%3Es%3CBR%20%2F%3E%3CSPAN%3EWhen%20users%20initiate%20a%20call%20using%20the%20Microsoft%20Teams%20client%20for%20the%20first%20time%2C%20they%20might%20notice%20a%20warning%20with%20the%20Windows%20firewall%20settings%20that%20asks%20for%20users%20to%20allow%20communication.%20Users%20might%20be%20instructed%20to%20ignore%20this%20message%20because%20the%20call%20will%20work%2C%20even%20when%20the%20warning%20is%20dismissed.%26nbsp%3B%20Windows%20Firewall%20configuration%20will%20be%20altered%20even%20when%20the%20prompt%20is%20dismissed%20by%20selecting%20%E2%80%9CCancel%E2%80%9D.%20Two%20inbound%20rules%20for%20teams.exe%20will%20be%20created%20with%20Block%20action%20for%20both%20TCP%20and%20UDP%20protocols.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20should%20be%20able%20add%20these%20block%20rules%20with%20an%20Group%20Policy%20that%20you%20deploy%20to%20your%20client%20computers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20is%20also%20a%20Uservoice%20request%20to%20remove%20this%20warning%2C%20go%20in%20and%20vote%20for%20it%20to%20get%20some%20attention%20from%20Microsoft.%3C%2FP%3E%3CP%3E%3CA%20title%3D%22https%3A%2F%2Fmicrosoftteams.uservoice.com%2Fforums%2F555103-public%2Fsuggestions%2F33697582-microsoft-teams-windows-firewall-pop-up%22%20href%3D%22https%3A%2F%2Fmicrosoftteams.uservoice.com%2Fforums%2F555103-public%2Fsuggestions%2F33697582-microsoft-teams-windows-firewall-pop-up%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmicrosoftteams.uservoice.com%2Fforums%2F555103-public%2Fsuggestions%2F33697582-microsoft-teams-windows-firewall-pop-up%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298255%22%20slang%3D%22en-US%22%3ERe%3A%20Optimal%20WIndows%2010%20firewall%20setting%20for%20Teams%20desktop%20app%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298255%22%20slang%3D%22en-US%22%3EHi%20Calum%2C%3CBR%20%2F%3E%3CBR%20%2F%3EHere%20is%20the%20URL's%20and%20IP%20address%20ranges%20for%20Teams%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Foffice365%2Fenterprise%2Furls-and-ip-address-ranges%23skype-for-business-online-and-microsoft-teams%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Foffice365%2Fenterprise%2Furls-and-ip-address-ranges%23skype-for-business-online-and-microsoft-teams%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20that%20helps.%20Let%20me%20know%20how%20you%20get%20on.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-656048%22%20slang%3D%22en-US%22%3ERe%3A%20Optimal%20WIndows%2010%20firewall%20setting%20for%20Teams%20desktop%20app%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-656048%22%20slang%3D%22en-US%22%3EThanks%20for%20this.%20I've%20just%20posted%20on%20uservoice%20that%20it%20would%20be%20really%20neat%20if%20Teams%20didn't%20do%20whatever%20it's%20doing%20to%20trigger%20the%20firewall%20prompt%20(%3CA%20href%3D%22https%3A%2F%2Fi.imgur.com%2FBt0qpip.png%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fi.imgur.com%2FBt0qpip.png%3C%2FA%3E)%20is%20the%20user%20doesn't%20have%20admin%20rights.%20I%20assume%20one%20can%20test%20if%20a%20UAC%20prompt%20would%20be%20triggered%20without%20actually%20triggering%20it%3F%3C%2FLINGO-BODY%3E
Calum Steen
Occasional Contributor

I've 95% sure that, at least in our environment, the Teams desktop app isn't setting Windows 10 firewall rules optimally, probably due to locking down the build.

 

When staff start video in Teams desktop, they see a one-off message that WIndows 10 firewall has blocked certain features of the application. I'm assuming this is Teams trying to use UDP on high ports for it's preferred protocol(s).

 

What are the Windows 10 firewall rules needed to optimist performance of the Teams desktop app?

 

NB I've already followed MSFT guidance on optimizing the network on boundary firewalls etc.

3 Replies
Hi Calum,

Here is the URL's and IP address ranges for Teams

https://docs.microsoft.com/en-gb/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-...

Hope that helps. Let me know how you get on.

Best, Chris
Highlighted
Solution

Hi,

 

That is described in this article.

https://docs.microsoft.com/en-us/microsoftteams/get-clients
When users initiate a call using the Microsoft Teams client for the first time, they might notice a warning with the Windows firewall settings that asks for users to allow communication. Users might be instructed to ignore this message because the call will work, even when the warning is dismissed.  Windows Firewall configuration will be altered even when the prompt is dismissed by selecting “Cancel”. Two inbound rules for teams.exe will be created with Block action for both TCP and UDP protocols.

 

You should be able add these block rules with an Group Policy that you deploy to your client computers.

 

There is also a Uservoice request to remove this warning, go in and vote for it to get some attention from Microsoft.

https://microsoftteams.uservoice.com/forums/555103-public/suggestions/33697582-microsoft-teams-windo...

 

Thanks for this. I've just posted on uservoice that it would be really neat if Teams didn't do whatever it's doing to trigger the firewall prompt (https://i.imgur.com/Bt0qpip.png) is the user doesn't have admin rights. I assume one can test if a UAC prompt would be triggered without actually triggering it?
Related Conversations
flashing a white screen while open new tab
cntvertex in Discussions on
13 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
22 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
PacketMon Components are not loading in WAC 1909
HotCakeX in Windows Admin Center on
2 Replies