Microsoft Teams Windows Firewall pop up
Issue : Microsoft Teams client is showing prompt “Windows Firewall has blocked some features of this app” even after adding Windows Firewall Rules. Issue is explained in the article https://docs.microsoft.com/en-us/microsoftteams/get-clients but no resolution.
Please, just configure all that is needed on install. People got scared everytime a message pops out. And on managed environments, they don't have permissions to add firewall rules everytime they join a new wifi.
Are these firewall rules needed? These are turned off in our environment and everything seems to be working fine.
It would be nice to have Teams Machine installer to handle Firewall rules internally.
Here is a very simple script code similar to other ones already posted here. It will prevent firewall popup from happening, you need to create a scheduled task that will be ran using SYSTEM account and configure trigger to user logon. Below is a command to create scheduled task (replace !TEAMSDIR! with location of the script (I would recommend C:\ProgramData\... to avoid issues).
schtasks /create /tn "Teams Firewall Rules" /sc ONLOGON /delay 0000:05 /tr "cmd /c \"!TEAMSDIR!\Firewall.cmd\"" /ru SYSTEM /rl HIGHEST /f
And below is actual script code, save it to "Firewall.cmd" you may need to adjust firewall rules to be more restrictive if you need:
set TITLE=Microsoft Teams
netsh advfirewall firewall delete rule name="%TITLE%"
for /f "tokens=*" %%A in ('dir /b /a:d "%SystemDrive%\Users" 2^>NUL') do (
netsh advfirewall firewall add rule name="%TITLE%" program="%SystemDrive%\Users\%%~A\AppData\Local\Microsoft\Teams\current\Teams.exe" protocol=any action=allow dir=in edge=yes
netsh advfirewall firewall add rule name="%TITLE%" program="%SystemDrive%\Users\%%~A\AppData\Local\Microsoft\Teams\current\Teams.exe" protocol=any action=allow dir=out
netsh advfirewall firewall add rule name="%TITLE%" program="%SystemDrive%\Users\%%~A\AppData\Local\Microsoft\Teams\Update.exe" protocol=any action=allow dir=in edge=yes
netsh advfirewall firewall add rule name="%TITLE%" program="%SystemDrive%\Users\%%~A\AppData\Local\Microsoft\Teams\Update.exe" protocol=any action=allow dir=out
Remove the firewall prompt for Teams. This is ridiculous to have to put exceptions for a program that Microsoft designed.
Microsoft doesn't care the slightest about customers with enterprise solutions anymore. They want to be "cool" like Apple and don't give a **** anymore. The world can adapt to their new style or leave.
How long does it take MS to address this simple problem?
I agree with @Daley. We need an enterprise edition of Teams.
Using APPDATA as installfolder is a major pain. Please move Teams to PROGRAMFILES
Landon Luesing commented
To the Anonymous user a couple of comments back, you're so furious about what you had to come up with - but what you came up with isn't supported. No wonder it doesn't work. You don't use user-based environment variables in Windows Firewall rules. %LocalAppData% is one of those. The solution is to run Powershell that parses each user profile, looking for the Teams executable. Then, if firewall rules don't exist for that user's account already, it creates them. Microsoft offers the sample script here:
Setting "Disable inbound notifications" to Yes for Public/Private/Domain firewall profile via EndPoint Manager or GPO will stop these pop ups (and as far as I know does not create a block rule).
Zdenek Valenta commented
Mac OS X (Catalina 10.15.7) firewall blocked MS Teams today (Microsoft Teams Version 1.3.00.362, last updated on 14/10/2020) from sharing the screen, even though the Teams were allowed Screen sharing under the OS X system permissions. I had to turn off the firewall to fix the problem, but this looks like a serious security glitch on the part of MS Teams. Having turned the firewall off, in a matter of minutes I experienced an attack on my computer which was only denied with the help of Norton 360 so that an intruding computer was blocked (i.e., hopefully).
JOn C commented
A GPO or workaround for the firewall exception would be nice. This is a pain for the sys admins
Hi MS ... can you please fix this? Thanks
Another reason why Teams is not enterprise ready
Zoom has a real machine based installer that doesn't install during logon per user, can manage the updates and has one firewall rule that can be managed in GP with out dodgy scripts
Please fix it, we are being flooded with tickets
@Jesse Walter: Who do you think you're helping with that comment?
Jesse Walter commented
Launch the Task Manager, click the “Startup” tab, locate “Microsoft Teams” in the list, and click “Disable.” To open the Task Manager, right-click the Windows taskbar and select “Task Manager.” You can also press Ctrl+Shift+Esc. You can also uninstall the Teams software if you don't want to use it.
Hope this information is helpful to you
Seriously this needs to get fixed. The entire installation process is a mess. This will result in many needless helpdesk tickets from our user base.
Jonathan Mpofu commented
Please remove this popup for teams to even need to open firewall ports
Looks like Dawid's suggestion from 25 March might be the solution. I wish he had been a little more detailed on the instructions as to the GPO path to add the rules but I think I have figured it out. If it does not work I'll be back.
@Patrik DAve That's what people do today today which is cumbersome as it has to be run per-user while the installer is run per-machine which means you will have to use an additional deployment method.
It shouldn't be necessary to deploy an extra script for each user that logs in when the MSI could have taken care of it in the first place. The MSI is flawed.