How can we make Microsoft Teams better?

Improve Install options - Install for all users and install location

Raising this again as Microsoft closed the previous request, saying it was complete even though it was not. (link below)

Teams should install to the program files directory, not the users AppData.

And NO, the answer is not to put a copy of the MSI in Pogram Files and deploy to the users AppData when they login.

https://microsoftteams.uservoice.com/forums/555103-public/suggestions/17380159-improve-install-options-install-for-all-users-an

131 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    26 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Gary Law commented  ·   ·  Flag as inappropriate

        Note the NCSC guidance *was discussed and agreed with Microsoft Security*.

        https://www.ncsc.gov.uk/guidance/eud-security-guidance-windows-10-1709#applicationwhitelistingsection

        Applications MUST install in locations an unprivileged user cannot write to. Preventing applications from running from user writable locations is an effective and simple security control which Teams completely undermines.

      • Pete Westlake commented  ·   ·  Flag as inappropriate

        All UK public sector bodies are instructed to follow NCSC End User Device Guidance (which is essentially just good practice) https://www.ncsc.gov.uk/guidance/eud-security-guidance-windows-10-1709#applicationwhitelistingsection which instructs enterprises not to install applications to locations where users can write files - which includes AppData. Opening up AppData to allow users to run any application is a massive security hole, but whitelisting by application ID is no way to permit it to run as this can change. Please stop ignoring the feedback on user voice and change the way the installer works so that the application is installed to Program Files. AppData should be for just that - data relating to applications.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Just testing this in a school environment and it's a shambles.
        We NEED an enterprise solution with a regulated update stream. Just like every other Office product.

      • Dan Kellett commented  ·   ·  Flag as inappropriate

        Another pain the current solution causes is disk space usage. Teams uses a non trivial amount of disk space.

      • Jude De Souza commented  ·   ·  Flag as inappropriate

        Please could somebody send me the link to the EUD NCSC Guidance article that references why using AppData rather than Program Files means the Teams application is not Enterprise ready or why there is cause for concern? Thank you.

      • What's the point? commented  ·   ·  Flag as inappropriate

        This initiative is never going to get up... first Warren closed the original as completed even though it was not even close to the mark, then everywhere else it gets mentioned MS either point to newly created requests or ask people to create a new request.

        Why are all of these requests for the same functionality not consolidated? Is it a deliberate approach to make it appear a less desirable option, to help drive your own agenda?

        https://github.com/MicrosoftDocs/OfficeDocs-SkypeForBusiness/issues/101
        https://github.com/MicrosoftDocs/msteams-docs/issues/238
        https://microsoftteams.uservoice.com/forums/555103-public/suggestions/33853318-install-in-program-files-directory
        https://microsoftteams.uservoice.com/forums/555103-public/suggestions/17380159-improve-install-options-install-for-all-users-an
        https://github.com/MicrosoftDocs/OfficeDocs-SkypeForBusiness/issues/512

        Faith lost!

      • James commented  ·   ·  Flag as inappropriate

        I was really frustrated to see that the previous feedback was closed. Even more frustrated to find there is no way to query the closure/resolution.

        Reading the feedback, it was clear what was being asked for. Admins do not want installations into user profiles. I would love to hear Microsoft's reasoning behind this!!

        Not only does it consume unnecessary space in a users' profile, consume additional bandwidth for every download/update, it's just not manageable from an admin perspective.

        If someone uninstalls the app after it has been deployed via MSI, and then they want to start using it, we have to **** about with cleanup scripts on a per user basis? Why?

        What's wrong with a traditional program files installation?
        We are only just testing Teams, and before I'd even looked at deployment options, you know how I found out about it's install process? I was shadowing a user on a server that did not have it installed, and I saw they were running Teams! I had a look at the file location and it turned out it was in their profile. I was disgusted to see that this had been installed and used without our knowledge. Google saw the error of their ways with this and gave enterprises a proper MSI installer, why can Microsoft not do the same?

      • Patrick commented  ·   ·  Flag as inappropriate

        Agree. The original request was not completed. This is so egregious it is borderline willful misconduct. A per-machine installation of the application, with no executables in program files, to support VDI environments, Configuration Manager inventory, with an MSI installation, as per industry standards. Microsoft Office does not have a Per-User installation. Neither should Microsoft Teams.

      • Martin Godfrey commented  ·   ·  Flag as inappropriate

        I agree with all of the statements I've read. Teams will be a valuable communications to our Business, however I cannot stress the pathetic way it is installed. We use Citrix with Appsense (Ivanti) Application Control. All users are users, not admins, yet the Teams install wants to punch its way through all the security procedures we have in place. And we all wonder why how Malware is installed. Left Microsoft ruin your security strategy and allow these holes from the malware to be installed. Come on Microsoft - you need to rethink how Teams is installed. This is a great tool but you are so spoiling the experience for admins. Address the installation as soon as possible.

      • Ggrrr commented  ·   ·  Flag as inappropriate

        How could they close the original request and call it done? Either stupidity or arrogance... I'm going with arrogance given their recent track record.

      • Julian Knight commented  ·   ·  Flag as inappropriate

        Agree with the other comments that the approach taken by the MSI "installer" is appalling.

        Teams is NOT a consumer too but an enterprise one - Microsoft, you need to behave like you understand what an enterprise tool is.

        Installing to appdata creates massive bloat in roaming profiles and may be unworkable for people in locked down enterprise environments. Or indeed in locked down environments in general.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I can vouch for the huge amount of disruption the teams installation is causing for teachers in lessons. We were at a point where staff were using the online version and had adopted the useful features it has to offer. Sadly, once I installed teams across the site, (following some testing on a VM), we have had a very disappointed group of staff who have complained about severe performance impacts after logging in. So, I thought it would be easy to remove, or at least stop from runnning at startup - sadly this was not the case at all. There are NO options to prevent it running from startup AFTER installing. Provision of some ADMX templates, (like onedrive) would have been really useful so we could at least have some control on a per user basis.
        Anyway, I looked into removing it due to the disruption we had experienced across our site but as seems to be the way with this new array of apps, we are forced to either devise and run a script at login and remove it from appdata, thus slowing down user login times, or trawling various forums and articles who all seem to be venting the same concerns.

        For the sake of this almighty headache I've probably acquired due to stress this has caused, PLEASE SORT THIS OUT!

      • S. Fischer commented  ·   ·  Flag as inappropriate

        We were about to switch to Teams for most of our communication, but not being able to install ONE copy per PC to ProgramFiles has put a screeching halt on these intentions. We will not be using Teams until this is possible, with the reasons being iterated by many others.
        Again: It's NOT ok to have one copy per user per pc in the name of "seamless updates" circumventing MS own policies and guidelines as to where stuff should go.

      • Jason Gould commented  ·   ·  Flag as inappropriate

        Have left comments here, github, microsoft teams youtube videos, IT community forums, and so on. I'm legitimately tired of asking. My only hope now is that they release a windows store app that I can whitelist.

      • Daniel Milisic commented  ·   ·  Flag as inappropriate

        Hard to believe I can't instal Teams globally for all users on a machine. How do i publish Teams as a RemoteApp? This is insane, please fix this!
        Thanks,
        D.

      • JB commented  ·   ·  Flag as inappropriate

        until this behaviour is changed we will not be using Teams in out education environment.

      • misterQ commented  ·   ·  Flag as inappropriate

        They have marked this as fixed but are not addressing the fact that it has to be installed via appdata for every user. I think this is there way of pushing updates.

      ← Previous 1

      Feedback and Knowledge Base