Team Windows Firewall Group Policy

%3CLINGO-SUB%20id%3D%22lingo-sub-184231%22%20slang%3D%22en-US%22%3ETeam%20Windows%20Firewall%20Group%20Policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184231%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20trying%20to%20add%20Teams.exe%20to%26nbsp%3Bgroup%20policy%20the%20inbound%20firewall%20rules%20so%20users%20don't%20get%20the%20pop-up%20to%20add%20the%20rules%20using%20UAC%2C%20can%20anyone%20advise%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBy%20default%20its%20using%2080%20%26amp%3B%20443%20but%20when%20you%20try%20and%20call%20or%20video%20someone%20the%20UAC%20pops%20up%20asking%20to%20allow%20through%20windows%20firewall%20(domain%2C%20private).%20If%20you%20accept%20or%20cancel%20it%20still%20adds%20it%20but%20as%20%22Any%20Ports%22%20but%20we%20want%20to%20lock%20it%20down.%20I've%20tried%26nbsp%3BUDP%203478%2C%203479%2C%203480%2C%203481%20and%20TCp%2080%2C%20443%20but%20it%20still%20asks%2C%20tried%20it%20as%20Any%20just%20to%20see%20and%20it%20still%20asks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20advice%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-184231%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EFirewall%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EGroup%20Policy%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPorts%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-269191%22%20slang%3D%22en-US%22%3ERe%3A%20Team%20Windows%20Firewall%20Group%20Policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-269191%22%20slang%3D%22en-US%22%3Eyou%20had%20success%20with%20this%3F%20Would%20be%20great%20if%20you%20can%20something%20about%20your%20configuration%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184362%22%20slang%3D%22en-US%22%3ERe%3A%20Team%20Windows%20Firewall%20Group%20Policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184362%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20required%20URLs%2C%20IPs%26nbsp%3Band%20Ports%20are%20listed%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Foffice-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2%3Fui%3Den-US%26amp%3Brs%3Den-US%26amp%3Bad%3DUS%23bkmk_teams%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Foffice-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2%3Fui%3Den-US%26amp%3Brs%3Den-US%26amp%3Bad%3DUS%23bkmk_teams%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20ones%20that%20aren't%20mentioned%20in%20the%20above%20article%20are%20UDP%201024-65535.%20There's%20additional%20troubleshooting%20information%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F4O4d_7uZTQY%3Ft%3D24m53s%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fyoutu.be%2F4O4d_7uZTQY%3Ft%3D24m53s%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1307918%22%20slang%3D%22en-US%22%3ERe%3A%20Team%20Windows%20Firewall%20Group%20Policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1307918%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F139085%22%20target%3D%22_blank%22%3E%40Rob%20Calcutt%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMS%20has%20posted%20this%20script%20to%20add%20the%20necessary%20Windows%20Firewall%20rules.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fget-clients%23sample-powershell-script%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fget-clients%23sample-powershell-script%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20its%20a%20%22sample%20script%22%20and%20not%20fully%20supported.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20very%20confusing%20given%20what%20is%20stated%20in%20the%20link%20below.%26nbsp%3B%20Why%20would%20we%20ever%20want%20a%20UDP%20block%20rule%20for%20teams.exe%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fget-clients%23windows%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fget-clients%23windows%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Visitor

I'm trying to add Teams.exe to group policy the inbound firewall rules so users don't get the pop-up to add the rules using UAC, can anyone advise?

 

By default its using 80 & 443 but when you try and call or video someone the UAC pops up asking to allow through windows firewall (domain, private). If you accept or cancel it still adds it but as "Any Ports" but we want to lock it down. I've tried UDP 3478, 3479, 3480, 3481 and TCp 80, 443 but it still asks, tried it as Any just to see and it still asks.

 

Any advice?

 

 

3 Replies

The required URLs, IPs and Ports are listed here: https://support.office.com/en-us/article/office-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-ab...

 

The ones that aren't mentioned in the above article are UDP 1024-65535. There's additional troubleshooting information here: https://youtu.be/4O4d_7uZTQY?t=24m53s

you had success with this? Would be great if you can something about your configuration

@Rob Calcutt 

 

MS has posted this script to add the necessary Windows Firewall rules. https://docs.microsoft.com/en-us/microsoftteams/get-clients#sample-powershell-script

 

However, its a "sample script" and not fully supported. 

 

This is very confusing given what is stated in the link below.  Why would we ever want a UDP block rule for teams.exe?

https://docs.microsoft.com/en-us/microsoftteams/get-clients#windows

www.000webhost.com