About me

I've noticed both in the field and at the community that there are some concerns about the Firewall rules for Microsoft Teams. Some of you may not noticed that there are some firewall rules for Teams and some of you maybe got this prompt when you start a call in Teams.

Microsoft Teams are being installed at the AppData folder of the user's profile, this is because the user don't need to be an local administrator for the device. Then we got the question if we really need to make our users non-admin for their device... But we got this issue with the firewall rules and UAC, because the user don't have the rights to add firewall rules in Windows Firewall. 

But maybe we want and need to fix this. Microsoft says that the call we tried to make before the firewall prompt showed itself, will work and are ignoring the Block rule in the Windows Firewall that's being created. I had customers saying otherwise...

Here's my  example for the solution, and of course, it's PowerShell.

$TeamsDir = $env:LOCALAPPDATA + '\Microsoft\Teams\current\teams.exe'
$firewallName = 'teams.exe'

$ruleExist = Get-NetFirewallRule -DisplayName $firewallName -ErrorAction SilentlyContinue

if($ruleExist)
{
    Set-NetFirewallRule -DisplayName $firewallName -Profile Any -Action Allow
}
else
{
    New-NetfirewallRule -DisplayName $firewallName -Direction Inbound -Protocol TCP -Profile Any -Program $TeamsDir -Action Allow
    New-NetfirewallRule -DisplayName $firewallName -Direction Inbound -Protocol UDP -Profile Any -Program $TeamsDir -Action Allow
}

You can deploy this as an startup script or even as a PowerShell script in Intune if you manged your device with that product (and if you trust that one... I had some mix results when deploying PowerShell scripts earlier within Intune).

Please comment if you experience the same or if the script work/don't work!