Preparing for Teams – Technical Guidance for Local Administrators

Contents

Please see below for some technical considerations that LA’s must make when preparing to use Teams across their organisation. Without the necessary pre-requisites completed, users may not be able to access Teams or may experience issues.

Technical Preparation:

O365 URLs & IP Address Ranges

It is important to check your network is suitable for use with Teams. There are a series of IP address ranges and endpoints that need to be allow-listed in order to use the application. Further detail can be found on the microsoft website.

It is recommended that addresses and ports are enabled for Teams, SharePoint, OneDrive and Office Online.

For Teams specifically you will be required to:

Open TCP ports 80 and 443 outgoing from clients that will use Teams
Open UDP ports 3478 through 3481 outgoing from clients that will use Teams
Allow-list IP addresses: 13.107.64.0/18 and 52.112.0.0/14

Bandwidth Requirements:

Teams is designed to give the best audio, video, and content sharing experience regardless of your network conditions. That said, when bandwidth is insufficient, Teams performance may be impacted.

The table below outlines bandwidth consumption across different use case scenarios.

Network Optimisation:

Network optimisation may be required if your users are experiencing any of the below issues:

Teams runs slowly (maybe you have insufficient bandwidth)
Calls keep dropping (might be due to firewall or proxy blockers)
Calls are static-y and cut out, or voices sound like robots (could be jitter or packet loss)

It is important to note that based on Teams consumption across your organisation, there may be a requirement to uplift bandwidth in conjunction with your local network provider.

There are a series of self-help steps provided by Microsoft below should you experience any issues when using Teams:

Self Help Step	Description
External Name Resolution	Be sure that all computers running the Teams client can resolve external DNS queries to discover the services provided by Office 365 and that your firewalls are not preventing access. For information about configuring firewall ports, go to Office 365 URLs and IP ranges
Validate (NAT) pool size	Validate the network address translation (NAT) pool size required for user connectivity. When multiple users and devices access Office 365 using Network Address Translation (NAT) or Port Address Translation (PAT), you need to ensure that the devices hidden behind each publicly routable IP address do not exceed the supported number. Ensure that adequate public IP addresses are assigned to the NAT pools to prevent port exhaustion. Port exhaustion will contribute to internal users and devices being unable to connect to the Office 365 service
Intrusion Detection and Prevention Guidance	If your environment has an Intrusion Detection or Prevention System (IDS/IPS) deployed for an extra layer of security for outbound connections, be sure to allow-list all Office 365 URLs
Configure split-tunnel VPN	If users belonging to your organisation are connected to the corporate network using a remote access VPN solution, we recommend configuring Office 365 based traffic to bypass the VPN. This is typically referred to as a split tunnel VPN (where the corporate internal traffic is defined to go over the VPN in order reach the corporate network, whilst the internet traffic (such as Office365 or Exchange Online traffic) is separated out and sent directly to the internet from the client device). Bypassing your Clients remote access VPN will have a positive impact on Microsoft Teams’ quality, as well as reducing load from the VPN devices and the organisation’s network.To implement a split-tunnel VPN, work with your VPN vendor. In addition, organisations can connect their corporate networks to the internet either via a suitable local breakout or via a HSCN internet service provided by their HSCN Consumer Network Service providers (CNSP). HSCN and NHSmail have been working with the central internet security provider to ensure the traffic over the HSCN internet service. This is ensuring the O365 traffic that is directed through the HSCN internet service is treated as efficiently as possible. This has been centrally configured and will be in place for all organisations using the Central HSCN Secure Boundary service. The HSCN teams are monitoring and working with each of the CNSP’s to ensure suitable capacity is in place for their customers internet traffic.
Optimise WiFi	Similar to VPN, WiFi networks aren’t necessarily designed or configured to support real-time media. Planning for, or optimising, a WiFi network to support Teams is an important consideration for a high-quality deployment. Consider these factors: Plan and optimise the WiFi bands and access point placement. The 2.4 GHz range might provide an adequate experience depending on access point placement, but access points are often affected by other consumer devices that operate in that range. The 5 GHz range is better suited to real-time media due to its dense range, but it requires more access points to get sufficient coverage. Endpoints also need to support that range and be configured to leverage those bands accordingly If you’re using dual-band WiFi networks, consider implementing band steering. Band steering is a technique implemented by WiFi vendors to influence dual-band clients to use the 5 GHz range. When access points of the same channel are too close together, they can cause signal overlap and unintentionally compete, resulting in a bad experience for the user. Ensure that access points that are next to each other are on channels that don’t overlap. Each wireless vendor has its own recommendations for deploying its wireless solution. Consult your WiFi vendor for specific guidance.

Teams Application Install:

Teams can be used both through the desktop client application or the browser-based version.

Local Administrators can use this link to facilitate the download and installation of the Teams desktop client application on user devices. Alternatively, standard local methods to download and distribute applications to devices can be used.

Administration & Management:

Intermittent Issue

Due to the current high demand for Teams, some of Microsoft’s management tools are having intermittent issues. If you are trying to create or edit a Team and receive an error, please wait and try again. If you are trying to manage Team membership, please do this directly in the Teams application.

User Configuration:

Users will be provided access to Teams, OneDrive and SharePoint as a standard. As this is a temporary solution, Local Administrators won’t have the ability to configure application access for end users. This will be managed centrally by NHS England.

Creating Teams:

Local Administrators will be responsible for creating Teams for end users. This can be done by logging into the NHSmail Portal and following the instructions outlined in the teams creation article.

Teams Functionality:

Standard Teams functionality will be available to end users, notably instant messaging, audio and video calling with all other NHSmail colleagues. Instructions on how to complete certain tasks will be provided to end users and made available on the NHSmail Support site.

Using Teams with Outlook & OWA:

In order to use Teams within Outlook (for meeting scheduling) – you will be required to download and install the Teams desktop application. This will automatically create the Teams add-in for Outlook (version 2010 onwards).

Teams meetings cannot currently be setup directly in OWA (Outlook Web App). Instead users will be required to use the ‘Meet Now’ functionality in the Teams application to facilitate meetings as and when required.

Last Reviewed Date

03/02/2023

Updated on 03/02/2023

Need Support?

Can’t find the answer you’re looking for? Don’t worry we’re here to help!

Contact Support