Microsoft Teams Windows Firewall pop up
Issue : Microsoft Teams client is showing prompt “Windows Firewall has blocked some features of this app” even after adding Windows Firewall Rules. Issue is explained in the article https://docs.microsoft.com/en-us/microsoftteams/get-clients but no resolution.
Anonymous
shared this idea
99 comments
-
RSá
commented
Please, just configure all that is needed on install. People got scared everytime a message pops out. And on managed environments, they don't have permissions to add firewall rules everytime they join a new wifi.
-
Anonymous
commented
Are these firewall rules needed? These are turned off in our environment and everything seems to be working fine.
-
Karol
commented
It would be nice to have Teams Machine installer to handle Firewall rules internally.
Here is a very simple script code similar to other ones already posted here. It will prevent firewall popup from happening, you need to create a scheduled task that will be ran using SYSTEM account and configure trigger to user logon. Below is a command to create scheduled task (replace !TEAMSDIR! with location of the script (I would recommend C:\ProgramData\... to avoid issues).
schtasks /create /tn "Teams Firewall Rules" /sc ONLOGON /delay 0000:05 /tr "cmd /c \"!TEAMSDIR!\Firewall.cmd\"" /ru SYSTEM /rl HIGHEST /f
And below is actual script code, save it to "Firewall.cmd" you may need to adjust firewall rules to be more restrictive if you need:
@echo off
set TITLE=Microsoft Teams
TITLE %TITLE%netsh advfirewall firewall delete rule name="%TITLE%"
for /f "tokens=*" %%A in ('dir /b /a:d "%SystemDrive%\Users" 2^>NUL') do (
echo.User: %%~Anetsh advfirewall firewall add rule name="%TITLE%" program="%SystemDrive%\Users\%%~A\AppData\Local\Microsoft\Teams\current\Teams.exe" protocol=any action=allow dir=in edge=yes
netsh advfirewall firewall add rule name="%TITLE%" program="%SystemDrive%\Users\%%~A\AppData\Local\Microsoft\Teams\current\Teams.exe" protocol=any action=allow dir=outnetsh advfirewall firewall add rule name="%TITLE%" program="%SystemDrive%\Users\%%~A\AppData\Local\Microsoft\Teams\Update.exe" protocol=any action=allow dir=in edge=yes
netsh advfirewall firewall add rule name="%TITLE%" program="%SystemDrive%\Users\%%~A\AppData\Local\Microsoft\Teams\Update.exe" protocol=any action=allow dir=out
) -
Anonymous
commented
Remove the firewall prompt for Teams. This is ridiculous to have to put exceptions for a program that Microsoft designed.
-
Anonymous
commented
Microsoft doesn't care the slightest about customers with enterprise solutions anymore. They want to be "cool" like Apple and don't give a **** anymore. The world can adapt to their new style or leave.
Sadly. -
Sal
commented
How long does it take MS to address this simple problem?
-
Win32_BIOS
commented
I agree with @Daley. We need an enterprise edition of Teams.
Using APPDATA as installfolder is a major pain. Please move Teams to PROGRAMFILES -
Landon Luesing
commented
To the Anonymous user a couple of comments back, you're so furious about what you had to come up with - but what you came up with isn't supported. No wonder it doesn't work. You don't use user-based environment variables in Windows Firewall rules. %LocalAppData% is one of those. The solution is to run Powershell that parses each user profile, looking for the Teams executable. Then, if firewall rules don't exist for that user's account already, it creates them. Microsoft offers the sample script here:
-
Phil
commented
Setting "Disable inbound notifications" to Yes for Public/Private/Domain firewall profile via EndPoint Manager or GPO will stop these pop ups (and as far as I know does not create a block rule).
-
Zdenek Valenta
commented
Mac OS X (Catalina 10.15.7) firewall blocked MS Teams today (Microsoft Teams Version 1.3.00.362, last updated on 14/10/2020) from sharing the screen, even though the Teams were allowed Screen sharing under the OS X system permissions. I had to turn off the firewall to fix the problem, but this looks like a serious security glitch on the part of MS Teams. Having turned the firewall off, in a matter of minutes I experienced an attack on my computer which was only denied with the help of Norton 360 so that an intruding computer was blocked (i.e., hopefully).
-
JOn C
commented
A GPO or workaround for the firewall exception would be nice. This is a pain for the sys admins
-
Anonymous
commented
Hi MS ... can you please fix this? Thanks
-
Daley
commented
Another reason why Teams is not enterprise ready
Zoom has a real machine based installer that doesn't install during logon per user, can manage the updates and has one firewall rule that can be managed in GP with out dodgy scripts
-
Anonymous
commented
Please fix it, we are being flooded with tickets
-
Per
commented
@Jesse Walter: Who do you think you're helping with that comment?
-
Jesse Walter
commented
Launch the Task Manager, click the “Startup” tab, locate “Microsoft Teams” in the list, and click “Disable.” To open the Task Manager, right-click the Windows taskbar and select “Task Manager.” You can also press Ctrl+Shift+Esc. You can also uninstall the Teams software if you don't want to use it.
Hope this information is helpful to you
-
Anonymous
commented
Seriously this needs to get fixed. The entire installation process is a mess. This will result in many needless helpdesk tickets from our user base.
-
Jonathan Mpofu
commented
Please remove this popup for teams to even need to open firewall ports
-
mengelha
commented
Looks like Dawid's suggestion from 25 March might be the solution. I wish he had been a little more detailed on the instructions as to the GPO path to add the rules but I think I have figured it out. If it does not work I'll be back.
-
Per
commented
@Patrik DAve That's what people do today today which is cumbersome as it has to be run per-user while the installer is run per-machine which means you will have to use an additional deployment method.
It shouldn't be necessary to deploy an extra script for each user that logs in when the MSI could have taken care of it in the first place. The MSI is flawed.