How can we make Microsoft Teams better?

← Public

Microsoft Teams Windows Firewall pop up

Issue : Microsoft Teams client is showing prompt “Windows Firewall has blocked some features of this app” even after adding Windows Firewall Rules. Issue is explained in the article https://docs.microsoft.com/en-us/microsoftteams/get-clients but no resolution.

580 votes
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

64 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Mark commented  ·   ·  Flag as inappropriate

    I must add here, that it's two year old feedback like this that has still not been addressed and the perception of Teams to a corporate user that experiences the pop up, will write Teams off as poor user experience and then ask their IT department to roll out Zoom instead.

  • -- commented  ·   ·  Flag as inappropriate

    I feel like this only started happening after windows 10 release 1903. i dont remember having this issue on 1803. I wonder if its microsoft changed something to not honour the firewall and simply block any connections from applications running in the users profile.

    Anyone see this happening on older versions of windows 10 pre 2019?

    I have had pass in ALL outbound and inbound for years and that has suppressed all of these kinds of prompts. But i noticed when i rolled out 1903 it does not seem to honour the pass in/out all anymore....

  • Anonymous commented  ·   ·  Flag as inappropriate

    Found solution to create fw rule per user via GPO user preferences.
    This will suppress prompt for users, but worked only after restart, or MpsSvc restart.
    I added two reg keys to HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

    Value name: Teams TCP %logonuser%
    Reg_sz value data: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\users\%logonuser%\appdata\local\microsoft\teams\current\teams.exe|Name=teams.exe|Desc=teams.exe|Defer=User|

    Value name: Teams UDP %logonuser%
    Reg_sz value data: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\users\%logonuser%\appdata\local\microsoft\teams\current\teams.exe|Name=teams.exe|Desc=teams.exe|Defer=User|

  • Dawid commented  ·   ·  Flag as inappropriate

    Please just add two rules in GPO (one for udp and one for tcp) with path:

    %USERPROFILE%\AppData\Local\Microsoft\Teams\current\teams.exe

    To be sure, please mark all network profiles (private, domain, public) in the rules.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Guys,
    MS actually does provide a script, but takes no responsibility for it; please find it below:

    $users = Get-ChildItem (Join-Path -Path $env:SystemDrive -ChildPath 'Users') -Exclude 'Public', 'ADMINI~*'
    if ($null -ne $users) {
    foreach ($user in $users) {
    $progPath = Join-Path -Path $user.FullName -ChildPath "AppData\Local\Microsoft\Teams\Current\Teams.exe"
    if (Test-Path $progPath) {
    if (-not (Get-NetFirewallApplicationFilter -Program $progPath -ErrorAction SilentlyContinue)) {
    $ruleName = "Teams.exe for user $($user.Name)"
    "UDP", "TCP" | ForEach-Object { New-NetFirewallRule -DisplayName $ruleName -Direction Inbound -Profile Domain -Program $progPath -Action Allow -Protocol $_ }
    Clear-Variable ruleName
    }
    }
    Clear-Variable progPath
    }
    }

    this will create an inboud rule on every user account on the machine (and it can be executed as a scheduled task or via gpo from an account with elevated privileges).

    more info and better format in the hyperlink (bottom of the page)
    https://docs.microsoft.com/en-us/microsoftteams/get-clients#sample-powershell-script

  • Wesley commented  ·   ·  Flag as inappropriate

    Working in a large educational institution; this prompt to users who have no elevated privileges to 'Allow Access' for the application in Windows Defender, is a concern as it raises more user calls for 'What is this' and 'I need admin access' or 'I need IT to allow access'.

    Additionally, the page on the error gives no helpful information other than (way down the end of the page) a script to be deployed via GPO.

    I can't imagine GPOs being deployed for Word or Powerpoint, etc. so why would it be needed for Teams?

    So voting for this.

  • Wolf [GERMANY] commented  ·   ·  Flag as inappropriate

    tried to get a workaround for it and did not find one to deploy it with GPO. Using powershell is a good option, but does not work in our environment, because local rules are not allowed.

  • Mohamed AIT SALAH commented  ·   ·  Flag as inappropriate

    In real world (Broad deployment) it's critical to remove this popup for end user!!! Thank you very much for your work !!!

  • Ian Wright commented  ·   ·  Flag as inappropriate

    Putting apps in the user context is a nightmare as it also allows users to install non-managed applications without admin access.

    To even have this as a user voice is just plain ridiculous.

  • Anonymous commented  ·   ·  Flag as inappropriate

    It's ridiculous we should have to even vote for this feature.... should be fixed ASAP

  • Annelie commented  ·   ·  Flag as inappropriate

    Still waiting for an solution (which is not to turn off all firewall settings)

  • Hades commented  ·   ·  Flag as inappropriate

    It is possible to just add %PROGRAMDATA%\%username%\microsoft\teams\current\teams.exe in the GPO and it works fine. /Charleswood

  • Anonymous commented  ·   ·  Flag as inappropriate

    Please fix Windows Firewall. This doesn't just apply to Teams, but for any applications that within the local appdata folder.

  • John W commented  ·   ·  Flag as inappropriate

    This is a huge pain with no clear solution.

    I've advised my users to cancel the prompt because I'm not just turning off their firewalls and I'm not VNCing to each user's machine every time the prompt comes up.

    The location of the executable changes for each user.

    The list of ports and protocols for Teams is virtually endless.

    If they cancel the firewall prompt things "usually" work okay but there are stutters on screen sharing and other issues.

    The only choice I can find is: turn off the software firewall because our software is not thoughtfully designed, or have software that feels extremely unreliable and will make your users think you're incompetent.

  • David Covert commented  ·   ·  Flag as inappropriate

    This is still an issue for my company. We roll out laptop's to new remote users and the IT team has to RDP into the system and supply to local admin credentials when they initiate or receive their first call via Teams.
    This is obviously a drain on my teams time for a large environment.
    Is there no fix/workaround for this yet?

← Previous 1 3 4

Forum Home

Reference Information for Teams

Public: Desktop

Categories

Feedback and Knowledge Base

(thinking…)

More Teams Information