Improve Install options - Install for all users and install location
Raising this again as Microsoft closed the previous request, saying it was complete even though it was not. (link below)
Teams should install to the program files directory, not the users AppData.
And NO, the answer is not to put a copy of the MSI in Pogram Files and deploy to the users AppData when they login.
I guess a big part of the Canadian Government will just have to keep using Cisco Jabber. :)
We're switching from Skype for Business to Teams, and first impressions during it's install have been awful. It runs in AppData, which makes it incredibly difficult to deploy in our VDI environment. On top of that, our end users are not administrators. When you go to make a call, it requires administrator permission to allow this. There is a powershell command you can run after the user logs in, but that shouldn't be the answer to this. Lastly, there's a REASON programs don't run from AppData, and it's all about security. I'm trying to have this ready to go by the time Microsoft pulls the plug on Skype for Business, but the fact we needed to have this thread at all to address common sense on program installation is discouraging.
Joar Guttormsen commented
How can this not be of the highest priority? It makes it impossible to use in an Enterprise Environment.
Looking to deploy teams across an education trust of UK secondary schools, full super mandatory profiling for students meaning Teams would re-install at every log on is not acceptable when you are trying to get classes sat down and logged on, every second genuinely counts as we do this hundreds of time on the hour every hour.
A agree closing comments on the previous thread marked as complete was inappropriate as the solution does not fit the original request, and is completely unmanageable.
Proper MSI installer into program files, support for single sign on to O365 just like Office 365. Teams devs, if you're not sure how to do it, go ask the Office devs, but for goodness sake do it right first time rather than marking the task complete when it clearly is not.
I haven't read all the comments but my two cents on why this needs to become a single install... profiles take up space. Currently a computer lab where the students all sign into random machines. This creates a new install for each user and they all seem to have inflated to around 1GB of space. Doesn't seem like much, but when you have 60-70 or more students logging in, that's a lot of HD space. We don't have the money to be putting 500 GB or 1 TB drives in every computer (especially mobile labs)!
I agree entirely with the above comments on bad design/process etc. but it is quite easy to secure with AppLocker:
Publisher: O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
Product Name: MICROSOFT TEAMS
This should allow it to run and update securely for non-admin users.
Stop the non sense and make the app install in Program Files....
Software needs to go to Program Files!!! Best practice in every single IT and Security standard in the world.
Copying an installer to Program Files and having that unpack the actual software to AppData is NOT a solution. Please get rid of the product manager who approved that method and fix this so Enterprises who give a **** about security can start adopting Teams.
First of all, closing the comments on the other (linked) user voice is just ignorant. Microsoft, you cannot deploy a feature half-assed and then shut your ears from any rightful critisim. When will you learn, that this ****** us of?
Back to topic. The current machine-wide MSI installer is garbage. Here is what I expect from a proper MSI installer:
1. It installs to Program Files.
2. It installs the software to any user with new or existing user profiles.
3. I don't have to do any cleanup (script or not) if I want to re-install the software.
Cris Kolkman commented
I also need to deploy this in an RDS environment and indeed the link with the MSI "solution" Anonimous provided is NOT working:
This is really something that NEEDS to be fixed by Microsoft.
How is it that 6 months after this, there isn't even an acknowledgement statement from Microsoft? Why develop a user voice platform if you don't want to hear your users' voice?!
@Microsoft I'm in the process of evaluating Teams and from an admin standpoint it is not reasonable to have an application like this residing in appdata.
Please give us a good reason why you did it the way it is that beats at least the arguments of security issues (executing from appdata) and disk space issues (multiple copies of the same thing).
@Microsoft; what is the last status of this? We also see problems with the lack of this feature but really want to make use of Microsoft Teams desktop client throughout the company. When can we expect a solution?
Until we have this, we will not deploy teams and hang on to "legacy" Skype for as long as possible (should apply to OS X too). We have 8,500 devices. 4500 of these are shared by 17,000 users who get a fresh profile every time they login! There needs to be a device based installation!
Gary Law commented
Note the NCSC guidance *was discussed and agreed with Microsoft Security*.
Applications MUST install in locations an unprivileged user cannot write to. Preventing applications from running from user writable locations is an effective and simple security control which Teams completely undermines.
Pete Westlake commented
All UK public sector bodies are instructed to follow NCSC End User Device Guidance (which is essentially just good practice) https://www.ncsc.gov.uk/guidance/eud-security-guidance-windows-10-1709#applicationwhitelistingsection which instructs enterprises not to install applications to locations where users can write files - which includes AppData. Opening up AppData to allow users to run any application is a massive security hole, but whitelisting by application ID is no way to permit it to run as this can change. Please stop ignoring the feedback on user voice and change the way the installer works so that the application is installed to Program Files. AppData should be for just that - data relating to applications.
Just testing this in a school environment and it's a shambles.
We NEED an enterprise solution with a regulated update stream. Just like every other Office product.
Dan Kellett commented
Another pain the current solution causes is disk space usage. Teams uses a non trivial amount of disk space.
Jude De Souza commented
Please could somebody send me the link to the EUD NCSC Guidance article that references why using AppData rather than Program Files means the Teams application is not Enterprise ready or why there is cause for concern? Thank you.
What's the point? commented
This initiative is never going to get up... first Warren closed the original as completed even though it was not even close to the mark, then everywhere else it gets mentioned MS either point to newly created requests or ask people to create a new request.
Why are all of these requests for the same functionality not consolidated? Is it a deliberate approach to make it appear a less desirable option, to help drive your own agenda?