Dec 19 2023 07:49 AM
I was curious if anyone else was seeing the behavior that Teams is defaulting to New Teams after updating to the release for Windows 11, December 2023? Our global Teams policy is set to "Not enabled" for using new Teams. So, upon updating/starting up Teams they get a screen saying "Your admin has restricted access to the new Teams", and they can switch back to classic Teams via a button on that screen.
There's not any option in the Office Configuration portal policies that controls this behavior so, what the heck Microsoft? So, how do we ensure that our users do not have this happen when our tenant Teams policy has the Use new Teams Client set to Not Enabled?
Dec 19 2023 01:18 PM
Dec 21 2023 11:38 AM
Dec 21 2023 01:30 PM
Jan 05 2024 05:32 AM
Hi Timothy, please check this article as well Deploy Microsoft Teams with Microsoft 365 Apps - Deploy Office | Microsoft Learn. We also have unwanted installations of Teams New Client. Since December MS started enrolment for Teams New Client inside of M365 Apps Package - as well for GIVEN installations. The weird thing in your case ist the Autostart - we openend a ticket to MS and got the confirmation that the combination with Global Teams Update Rule stating NO new Teams will not impcact user with Classic Teams. In that documentations there is only one case with autostart, if there is any kind of (even default) deployment with Office Deployment Tools. I would check this as well. Greetings from Germany , dmTech Corp
Jan 05 2024 07:31 AM
We had some reports that our Mac OS devices/users saw this behavior as well over my time out of the office. Once they switch back to Teams classic everything is OK. We're in a monitoring mode until the next time Teams updates.
Jan 17 2024 03:46 PM
@TimLB What we noticed was that a new 8KB shortcut was created in user's device and URL file associations were modified first. Then, when a user clicked on a link to a Teams meeting (from an email for example), it would prompt them to use "Microsoft Teams (work or school)" or "Microsoft Teams". Clicking on the Microsoft Teams (work or school) would launch the 8KB shortcut that will then install the full application. Very sneakily done by MS! Then, once the installation is complete and user tries to launch a meeting, they will experience the behaviour you described. We also have policies created to block new Teams, but MS always finds a way!
If you want to see this behaviour in action, I recommend you review device logs in Defender. The easiest way is - in Defender itself, search for "ms-teams.exe" in the top Seach bar. When the results start showing up, make sure to click on one from the "Files" section. That will open the Files profile page for ms-teams.exe. Once there, click on any of the devices in the Device name column. The Device page will load and you should review the Timeline. You are looking for an entry like similar to "svchost.exe has initiated a TLS connection to https://statics.teams.cdn.office.net" or "OfficeClickToRun.exe has initiated a TLS connection to https://statics.teams.cdn.office.net". Once you locate that entry, the "mechanism" of how this works will be in the many lines above. For security reasons, I can't share what our log looks like, but you'll see .js, .gz, .svg, as well as ms-teams.exe, and many other ms- files being created. If you click on any of them you'll be able to confirm the path.
Jan 19 2024 12:50 PM