A few thoughts:
1) Make sure you have IPs/Ports listed in the article set as *destination*. RFC1918->52.112.0.0/14, for instance. The overwhelming majority of ports flow in a direction of client *to* server. Be careful of IPv6 ranges, too, if it is enabled on your networks!
2) Make sure you also include all the "Microsoft 365 Common" IPs/URLS, as well. Since Teams is an amalgamation of services from M365, there are some core services (such as authentication and Intune) that are not mentioned within the Teams specific section. You *must* make the Common services available to all endpoints, phones included.
3) If you've got a proxy server, enforced by WPAD for instance, you need to make sure that the URLs listed by Microsoft are not subject to a) SSL break/inspection, and b) proxy server authentication. You can use the Get-PacFile script to easily gather all the URLs necessary:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/managing-office-365-endpoints?view=o365-wo...4) Be careful of Data VLANs vs Voice VLANs. Many customers I've worked with have more stringent configurations in place for Voice VLANs and Teams phones don't work correctly as a result. This could be due to proxy requirements, or firewall restrictions, or even routing restrictions, but in the end do not assume your voice VLANs have the same setup and capabilities as data VLANs.
