Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This section contains an overview of the steps required to prepare your network environment so that you can use all of the features of Microsoft Teams Rooms. This section also includes information on configuring local administrative access to your Teams Rooms devices.
Confirm network configuration
In order to function properly, Microsoft Teams Rooms devices must have access to a network that meets these requirements:
Review access to: Microsoft Teams, SharePoint/OneDrive, Pro Management Portal, Microsoft Store, Windows Update, Intune, Microsoft Entra ID, & Microsoft Common destinations. Open required ports to the required destinations documented in Teams Rooms Network Security
Review network bandwidth and quality of service (QoS) requirements: QoS on Teams Devices
Review if your organization utilizes a proxy, you need the proxy address or proxy autoconfiguration (PAC) file url
Review if your organization utilizes certificates for network access, you need the certificates for a successful setup
Important
Be sure to use a network connection with enough bandwidth (we recommend 10 mbps up/down per Teams Room) to ensure your meetings perform well.
Certificates
Your Microsoft Teams Rooms device trusts public certificate authorities (CA) and uses Microsoft issued certificates for Microsoft Teams and authentication. If, intermediary equipment on a customer network requires a certified signed by a private CA then the device needs to trust that CA. This means having the CA + CA chain certificates installed on the device. Certificates can be installed via Intune for your Teams Rooms devices or via OEM tooling.
Proxy
Important
Microsoft Teams Rooms does not support proxy authentication as it may interfere with regular operations of the room. Ensure that Microsoft Teams Rooms have been exempted from proxy authentication before going into production. If your proxy server utilizes internally signed certificates, you must install the internal certificate chain, including the root CA, on the Microsoft Teams Rooms device.
Proxy for Teams Rooms on Windows
A Teams Rooms on Windows device has several components that make outbound connections, each must be able to reach the internet through your proxy:
- Teams Rooms app: which runs as the local Skype user or Resource Account.
- Pro Management agent (
ServicePortalAgent): which runs as LocalSystem and keeps the device connected to the Pro Management portal and delivers updates. - Windows & Store Updates: Connects to Microsoft update delivery services.
We recommend configuring a machine-wide (per-machine) proxy. A single machine-wide setting applies to every account on the device, regardless of whether the Teams Room signs in with the Skype user or a Resource Account. Unlike the previously recommended LocalSystem method, a machine-wide proxy isn't removed by Windows feature updates (as documented in the known issue where a feature update deletes the LocalSystem proxy settings by design).
Option 1: Across multiple devices with Intune
Use the NetworkProxy CSP to push the proxy to your Teams Rooms devices: NetworkProxy CSP.
Set the following:
ProxySettingsPerUser= 0 (apply the proxy per-machine to all users)ProxyServer/ProxyAddress=proxyserver:port— orSetupScriptUrl= your PAC file URL for autoconfiguration- (Optional)
ExceptionsandUseProxyForLocalAddressesas needed
Once configured, reboot the device so the Teams Rooms app and the Pro Management agent re-read the proxy. After the reboot, both the Teams Rooms app and the Pro Management agent route their traffic through the configured proxy.
Option 2: Per device using PowerShell
Run an elevated PowerShell prompt on the device in admin mode, then set the machine-wide proxy in the registry:
# Run as administrator. Replace the proxy address (or set a PAC URL instead).
$proxy = 'contosoproxy.corp.net:8080'
$policy = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings'
$inet = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings'
# 1) Switch the device to machine-wide (per-machine) proxy mode
New-Item -Path $policy -Force | Out-Null
Set-ItemProperty -Path $policy -Name 'ProxySettingsPerUser' -Type DWord -Value 0
# 2) Set the machine-wide proxy
Set-ItemProperty -Path $inet -Name 'MigrateProxy' -Type DWord -Value 1
Set-ItemProperty -Path $inet -Name 'ProxyEnable' -Type DWord -Value 1
Set-ItemProperty -Path $inet -Name 'ProxyServer' -Type String -Value $proxy
# --- PAC file instead of a fixed proxy? Use this instead of ProxyEnable/ProxyServer above:
# Set-ItemProperty -Path $inet -Name 'AutoConfigURL' -Type String -Value 'http://contosoproxy.corp.net/proxy.pac'
# Reboot for Windows, the Teams Rooms app, and the Pro Management agent to pick up the proxy.
Restart-Computer
Note
You can also apply the same machine-wide settings with the community Set-WinInetProxy cmdlet (WinInetProxy module) using -ProxySettingsPerUser 0.
Once configured, reboot the device so the Teams Rooms app and the Pro Management agent re-read the proxy. After the reboot, both the Teams Rooms app and the Pro Management agent route their traffic through the configured proxy.
Proxy on Teams Rooms on Android
Proxy settings on Teams Rooms on Android vary by device manufacturer. Consult OEM documentation for how to best configure Teams Rooms on Android devices for a network with a proxy.
Wireless network considerations
We strongly recommend that you connect your Teams Rooms devices to a wired network for greater stability and performance, ensuring a seamless meeting experience. If using a wired connection isn't available, you may opt to use a wireless connection.
Important
Wireless networks can be prone to network interference leading to quality degradation. We strongly recommend that you follow your wireless equipment provider's best practices when configuring a wireless connection to improve video and audio quality.
Here are some examples of wireless network configuration best practices recommended by various manufacturers:
- Deploy wireless equipment, such as access points and routers, that can handle and distribute the bandwidth load across all connected devices in the network.
- As much as possible, use access points and routers from a single manufacturer to avoid further congesting the radio-spectrum.
- Ensure wireless equipment is installed in a way that reduces or eliminates interference from objects and other equipment.
- Ensure the wireless network shows strong signal strength (Wi-Fi signal showing full bars is preferred) on Teams Rooms and other device screens.
- Default to prioritizing 5-GHz coverage for devices to optimize for higher bandwidth.
- Enable band steering to ensure that 5 GHz is always given more priority when sharing the same network name as 2.4 GHz.
- Keep wireless channel utilization below 50%.
- Keep access point and router firmware up to date with the latest firmware versions and hot fixes.
- Verify that Teams Rooms devices and at least one access point see each other with a signal strength of -60 dBm or better. A dBm value closer to zero is preferred. Follow your equipment manufacturer's recommendations.
- Implement QoS whenever possible to allow monitoring and resolution of issues in real time.
For more best practices specific to your wireless network hardware, check your manufacturer's documentation.
You can also troubleshoot wireless network issues using the wireless network report built into Windows 10. For more information, see Analyze the wireless network report - Microsoft Support.
Tenant Restrictions
For organizations which utilize tenant restrictions features of Microsoft Entra ID, this is supported on some Teams Devices if your organization utilizes the proxy deployment variant with header injection.
Teams Rooms on Windows
To support tenant restrictions, ensure you have your proxy configuration on your Teams Rooms device completed per this Learn document and ensure the Teams Rooms on Windows device has the replacement SSL certificates installed on it to trust the header injected web traffic.
Teams Rooms on Android
Tenant restrictions aren't supported today on Teams Rooms on Android devices. Consult with your Android device OEM for potential workarounds.
Teams Rooms on Windows administrative access
Using an admin group
If you choose to join a Teams Rooms on Windows device to a domain (Microsoft Entra ID or Active Directory), you can use Microsoft Intune, Group Policy, or Local Computer Management to set a Security Group as local administrator just like you would for a Windows PC in your domain. Anyone who is a member of that security group can enter their credentials and unlock Settings.
Note
If your Microsoft Teams Rooms device loses trust with the domain (for example, if you remove the Microsoft Teams Rooms from the domain after it is domain joined), you won't be able to authenticate into the device and open up Settings. The workaround is to log in with the local Admin account.
Local "Admin" User Account
Caution
Be sure to change the Microsoft Teams Rooms password as soon as possible.
Microsoft Teams Rooms default password is set to sfb. The password can be changed in several ways:
- Recommended: Configuring LAPS on Teams Rooms on Windows
- Intune: Set-LocalUser
- Locally: Change or reset your Windows password
You can read more about the Admin account in the Microsoft Teams Rooms security article.
Local 'Skype' User Account
Caution
Any modifications to the "Skype" user account are not supported by Microsoft and will prevent your Teams Rooms on Windows device from functioning correctly.
Teams Rooms on Windows include a local account named "Skype" which is passwordless. This account is used to sign in to Windows to launch the Teams Rooms app. For more information on how the "Skype" user is security, review Microsoft Teams Rooms security.
Machine Account
Much like any Windows device, the machine name can be renamed by right-clicking in Settings > About > Rename PC.
If you would like to rename the computer after joining it to a domain, use Rename-Computer, a PowerShell command, followed by the computer's new name.
Teams Rooms on Android administrative access
Local administrative access to Teams Rooms on Android devices is controlled by the Teams device equipment manufacturer. Consult the device documentation for default accounts and passwords and instructions for how to change those passwords.