Accessing Microsoft Teams through ProxySG - Microsoft's Recommendation
With respect to Microsoft Teams, please refer to the details below (For only SGOS versions before 7.3.4.x).
Please note that you really shouldn't be sending teams calls via a proxy, the IP addresses listed as optimize, in the in this list (the Microsoft doc. with URL below ) need to have directly, unrestricted connection.
Url's and IP address ranges for Skype for Business Online and Microsoft Teams
For a quality experience with audio calls Teams needs to be sending UDP/STUN traffic directly, as it's not HTTP it has nothing to do with proxy settings or PAC. Only if these ports are being blocked Teams will attempt to use HTTPS but the reliability and latency suffer.
Note:
A PAC file only defines what happens to HTTP traffic, it's not at all relevant or considered by UDP, so by definition you can't get teams UDP media to bypass your proxy through a PAC. It relies on your network edge firewalls and DNS allowing traffic to resolve.
Not using a proxy server is recommended:
When it comes to Teams or Skype for Business traffic over proxies, Microsoft recommends bypassing proxies. Proxies don't make Teams or Skype for Business more secure because the traffic is already encrypted.
And having a proxy can cause issues. Performance-related problems can be introduced to the environment through latency and packet loss. Issues such as these will result in a negative experience in such Teams or Skype for Business scenarios as audio and video, where real-time streams are essential.
If you need to use a proxy server:
Some organizations have no option to bypass a proxy for Teams or Skype for Business traffic. If that's the case for you, the problems mentioned above need to be kept in mind.
Microsoft also strongly recommends:
Using external DNS resolution
Using direct UDP based routing
Allowing UDP traffic
Following the other recommendations in (Microsoft's) networking guidelines:
Prepare your organization's network for Teams
Proxy servers for Teams and Skype for Business Online
Managing Microsoft 365 endpoints
Note :
In the ProxySG Admin Console, you can configure a UDP Tunnel proxy service in Configuration > Services > > UDP Tunnel Proxy Settings.
New Microsoft Teams proxy service
This release includes a new built-in proxy service for Microsoft Teams. This proxy service uses the UDP Tunnel proxy and is set to Bypass by default. To edit the Microsoft Teams service, use the following commands:
#(config proxy-services)edit "MS Teams"