Accessing Microsoft Teams through ProxySG - Microsoft's Recommendation
search cancel

Accessing Microsoft Teams through ProxySG - Microsoft's Recommendation


Article ID: 228062


Updated On:


ProxySG Software - SGOS


Accessing Microsoft Teams through ProxySG - Microsoft's Recommendation


With respect to Microsoft Teams, please refer to the details below (For only SGOS versions before 7.3.2.x). 

Please note that you really shouldn't be sending teams calls via a proxy, the IP addresses listed as optimize, in the in this list (the Microsoft doc. with URL below ) need to have directly, unrestricted connection.

For a quality experience with audio calls Teams needs to be sending UDP/STUN traffic directly, as it's not HTTP it has nothing to do with proxy settings or PAC. Only if these ports are being blocked Teams will attempt to use HTTPS but the reliability and latency suffer. I can't really explain the difference you see, but maybe you've got some elements in your pad which take a long time to respond, for example using isInNet(), isResolvable(), and dnsResolve() are generally unacceptably slow.


A PAC file only defines what happens to HTTP traffic, it's not at all relevant or considered by UDP, so by definition you can't get teams UDP media to bypass your proxy through a PAC. It relies on your network edge firewalls and DNS allowing traffic to resolve. 

Not using a proxy server is recommended:

When it comes to Teams or Skype for Business traffic over proxies, Microsoft recommends bypassing proxies. Proxies don't make Teams or Skype for Business more secure because the traffic is already encrypted.

And having a proxy can cause issues. Performance-related problems can be introduced to the environment through latency and packet loss. Issues such as these will result in a negative experience in such Teams or Skype for Business scenarios as audio and video, where real-time streams are essential.

If you need to use a proxy server:

Some organizations have no option to bypass a proxy for Teams or Skype for Business traffic. If that's the case for you, the problems mentioned above need to be kept in mind.

Microsoft also strongly recommends:

Using external DNS resolution
Using direct UDP based routing
Allowing UDP traffic
Following the other recommendations in (Microsoft's) networking guidelines: Prepare your organization's network for Teams. 

Microsoft Reference Doc.:

Additional doc.:


Note (From SGOS

SGOS 7.3.2 introduced a UDP-Tunnel proxy service and provided basic visibility into UDP flows through the appliance. This release allows you to intercept and further manage UDP flows.

In the ProxySG Admin Console, you can configure a UDP Tunnel proxy service in Configuration > Services > > UDP Tunnel Proxy Settings.

New Microsoft Teams proxy service

This release includes a new built-in proxy service for Microsoft Teams. This proxy service uses the UDP Tunnel proxy and is set to Bypass by default. To edit the Microsoft Teams service, use the following commands:

#(config proxy-services)edit "MS Teams"

For all the details you will need to navigate and implement the support for Microsoft Teams, please refer to the Tech. doc. with the URL below.