Deploying this to the user's profile make administration of the application for AppLocker problematic. Especially if it is self-updating. Any file hash or certificate rules would be subject to change without notice.
@rashantha, you can use this:
I wish someone would post away to install teams via SCCM. seems like applocker is blocking installation once user logs in.
If they use the same code signing certificate that's not really a problem, there are plenty of dlls signed with the Microsoft Code Signing PCA that are outside their validity period. The biggest problem here is that the node libraries are not signed so when using AppLocker dll enforcement Teams just will not launch unless you use a path rule and as it is user writable as you have mention it is a well known hole.
There are other ways around applocker so you always need more layers of defence than just AWL.
I see 2 ways for Microsoft to fix this allow administrative installs to locked down locations (patches will need to be included in WSUS and SCCM), or they need to sign the node libraries.
I posted the question here https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_teams-mso_o365b/microsoft-teams-desktop-application-and-applocker/8d10f27d-2bb9-45fe-ad50-f041a788ee68?auth=1 and got referred back to user voice, so I will up vote your request.