Jun 25 2020 08:34 AM
Is there any documentation on the URLs used with a Teams desk phone?
Specifically related to device management.
(Similar to Office 365 URLs and IP address ranges)
Capturing the traffic from a phone, from the point of it booting, to it pulling down new firmware it appears to reach out to the following largely in the order shown below
pool.ntp.org |
<manufacturer URL. Eg g.cn> |
www.google.com |
2.android.pool.ntp.org |
login.windows.net |
*.teams.microsoft.com |
outlook.office.com |
in.appcenter.ms |
teamsdevicemgmtsvcprod.blob.core.windows.net |
So overall everything up to the last two URLs are documented either by the manufacturer or from Office 365 URLs and IP address ranges.
I did stumble upon
https://www.msxfaq.de/teams/telefon/teams_phone_management.htm
Reason for asking is from my home network, phone updates work without a hitch
However from the corporate network with Palo Alto Firewalls the phones aren't updating
I need to understand the process and work with the network team to fix this etc.
Any advice welcome
Jun 28 2020 12:16 PM
SolutionYou should only have to open for the URLs and addresses mentioned in the Office 365 URLs and IP documentation. https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-...
Other addresses it tries to connect to is since it is running Android and Android will try to connect to those addresses. NTP settings you can change in the phone settings so you use something else than ntp.org if you want to.
Updates should be downloaded from Microsoft servers after you have approved them in Teams Admin Center or when you trigger a phone to update firmware or software from TAC.
Jun 30 2020 02:28 PM
thanks for the reply
however the url
https://teamsdevicemgmtsvcprod.blob.core.windows.net
appears to be where the phone firmware is actually downloaded from
i noted this in my network capture (looking at dns queries) and the article I linked to also noted this in the phone logs Plus actually pulled firmware from the url.
i can’t find mention of this in any ms documentation. However you are welcome for you to prove me a liar!
so you can see why I am a bit worried. If this is true, what else might there be.
Mar 11 2021 10:27 PM
@Alistair Keay sorry to dig up such an old topic, but did you find a definitive answer on this? I've had a phone working intermittently (keeps getting stuck at the Company Portal app) on a network with just the currently published web service IPs and have noticed denies for addresses which point at things like mobile.azure.com and/or in.appcenter.ms. I don't know if they're critical, but it would be nice to figure this out.
Jun 28 2020 12:16 PM
SolutionYou should only have to open for the URLs and addresses mentioned in the Office 365 URLs and IP documentation. https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-...
Other addresses it tries to connect to is since it is running Android and Android will try to connect to those addresses. NTP settings you can change in the phone settings so you use something else than ntp.org if you want to.
Updates should be downloaded from Microsoft servers after you have approved them in Teams Admin Center or when you trigger a phone to update firmware or software from TAC.