Microsoft Teams Windows Firewall pop up
Issue : Microsoft Teams client is showing prompt “Windows Firewall has blocked some features of this app” even after adding Windows Firewall Rules. Issue is explained in the article https://docs.microsoft.com/en-us/microsoftteams/get-clients but no resolution.
Anonymous
shared this idea
77 comments
-
Benjamin Ogier
commented
st
-
Chris Garris
commented
Why does Teams embed executables in the User Profile path? That makes it a PITA to create GPO FW exclusions....
-
Paul Jackson
commented
With the amount of advertising MS are doing and the number of companies taking this up us included surly they would have resolved this by now!
-
Aaron Marks commented
Can we please just remove the need for Teams to even need to open firewall ports?
-
bt102
commented
Disable Windows Firewall Notification for all Profiles via GPO as my solution. No need to deploy any powershell.
-
Rick Chahal
commented
We've been using teams for a couple of years and supprised that there's no Group policy feature that allows this through teams. We had to go through powershell to do this constaint deployment. I feel bad for any admins out there that don't have sccm with high number of pc's/laptops to allow this feature via powershell.
I can see a lot of admins requiring this through group policies since it's just a one time setup instead of managing this on a script basis.
-
noneofyourbeeswax
commented
Does your Macbook block access when you plug in your iPhone????? Holy **** MS ... get your s**t together!!!
-
bob
commented
oh come off it let's make this happen MS!!!!
-
Ben Matthews
commented
We wrote up a batch script that essentially does the same thing as Microsoft's PS script, but it can be run as a logon script as it recreates the rule whenever a user logs in so you don't have to re-run the script every time there is a new user.
@echo off
cd C:\Users\
FOR /D %%G in ("*") DO netsh advfirewall firewall delete rule name="Teams %%~nxG"
FOR /D %%G in ("*") DO netsh advfirewall firewall add rule name="Teams %%~nxG" dir=in action=allow program="C:\Users\%%~nxG\AppData\Local\Microsoft\Teams\Current\Teams.exe" enable=yes -
Michael Mardahl
commented
For those using Intune, I have not had good results with use of %userlogon% or similar variables in firewall rules.
Instead I created a Powershell solution, that you can read about here:
https://www.scconfigmgr.com/2020/03/29/managing-microsoft-teams-firewall-requirements-with-intune/It's not the only solution, but it works.
-
Sameer Sheikh
commented
I have developed a Powershell script to work around this issue after finding other suggestions lacking in our mixed environment for one reason or another. It works in RDS+UPDs and both on and off network laptops once the GPO applies.
I'd like a few testers to see if it works more broadly before putting it out there publicly. If there are any takers, shoot me an email at emailme@ssheikh.com
-
bt102
commented
Really disappointed on how Microsoft is handling this issue, smh.
-
Anonymous
commented
STILL happening.
-
Mark
commented
I must add here, that it's two year old feedback like this that has still not been addressed and the perception of Teams to a corporate user that experiences the pop up, will write Teams off as poor user experience and then ask their IT department to roll out Zoom instead.
-
--
commented
I feel like this only started happening after windows 10 release 1903. i dont remember having this issue on 1803. I wonder if its microsoft changed something to not honour the firewall and simply block any connections from applications running in the users profile.
Anyone see this happening on older versions of windows 10 pre 2019?
I have had pass in ALL outbound and inbound for years and that has suppressed all of these kinds of prompts. But i noticed when i rolled out 1903 it does not seem to honour the pass in/out all anymore....
-
Anonymous
commented
Found solution to create fw rule per user via GPO user preferences.
This will suppress prompt for users, but worked only after restart, or MpsSvc restart.
I added two reg keys to HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRulesValue name: Teams TCP %logonuser%
Reg_sz value data: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\users\%logonuser%\appdata\local\microsoft\teams\current\teams.exe|Name=teams.exe|Desc=teams.exe|Defer=User|Value name: Teams UDP %logonuser%
Reg_sz value data: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\users\%logonuser%\appdata\local\microsoft\teams\current\teams.exe|Name=teams.exe|Desc=teams.exe|Defer=User| -
Dawid
commented
Please just add two rules in GPO (one for udp and one for tcp) with path:
%USERPROFILE%\AppData\Local\Microsoft\Teams\current\teams.exe
To be sure, please mark all network profiles (private, domain, public) in the rules.
-
Anonymous
commented
Guys,
MS actually does provide a script, but takes no responsibility for it; please find it below:$users = Get-ChildItem (Join-Path -Path $env:SystemDrive -ChildPath 'Users') -Exclude 'Public', 'ADMINI~*'
if ($null -ne $users) {
foreach ($user in $users) {
$progPath = Join-Path -Path $user.FullName -ChildPath "AppData\Local\Microsoft\Teams\Current\Teams.exe"
if (Test-Path $progPath) {
if (-not (Get-NetFirewallApplicationFilter -Program $progPath -ErrorAction SilentlyContinue)) {
$ruleName = "Teams.exe for user $($user.Name)"
"UDP", "TCP" | ForEach-Object { New-NetFirewallRule -DisplayName $ruleName -Direction Inbound -Profile Domain -Program $progPath -Action Allow -Protocol $_ }
Clear-Variable ruleName
}
}
Clear-Variable progPath
}
}this will create an inboud rule on every user account on the machine (and it can be executed as a scheduled task or via gpo from an account with elevated privileges).
more info and better format in the hyperlink (bottom of the page)
https://docs.microsoft.com/en-us/microsoftteams/get-clients#sample-powershell-script -
Mickael Locufier
commented
This uservoice has been created for 2 years.
I've found a workaround which work fine.
Sorry, it's in French :
https://www.linkedin.com/pulse/popup-firwall-au-premier-appel-teams-micka%C3%ABl-locufier/ -
Wesley
commented
Working in a large educational institution; this prompt to users who have no elevated privileges to 'Allow Access' for the application in Windows Defender, is a concern as it raises more user calls for 'What is this' and 'I need admin access' or 'I need IT to allow access'.
Additionally, the page on the error gives no helpful information other than (way down the end of the page) a script to be deployed via GPO.
I can't imagine GPOs being deployed for Word or Powerpoint, etc. so why would it be needed for Teams?
So voting for this.