Please see below for some technical considerations that LA’s must make when preparing to use Teams across their organisation. Without the necessary pre-requisites completed, users may not be able to access Teams or may experience issues.
O365 URLs & IP Address Ranges
It is important to check your network is suitable for use with Teams. There are a series of IP address ranges and endpoints that need to be allow-listed in order to use the application. Further detail can be found on the microsoft website.
It is recommended that addresses and ports are enabled for Teams, SharePoint, OneDrive and Office Online.
For Teams specifically you will be required to:
- Open TCP ports 80 and 443 outgoing from clients that will use Teams
- Open UDP ports 3478 through 3481 outgoing from clients that will use Teams
- Allow-list IP addresses: 126.96.36.199/18 and 188.8.131.52/14
Teams is designed to give the best audio, video, and content sharing experience regardless of your network conditions. That said, when bandwidth is insufficient, Teams performance may be impacted.
The table below outlines bandwidth consumption across different use case scenarios.
Network optimisation may be required if your users are experiencing any of the below issues:
- Teams runs slowly (maybe you have insufficient bandwidth)
- Calls keep dropping (might be due to firewall or proxy blockers)
- Calls are static-y and cut out, or voices sound like robots (could be jitter or packet loss)
It is important to note that based on Teams consumption across your organisation, there may be a requirement to uplift bandwidth in conjunction with your local network provider.
There are a series of self-help steps provided by Microsoft below should you experience any issues when using Teams:
|Self Help Step||Description|
|External Name Resolution||Be sure that all computers running the Teams client can resolve external DNS queries to discover the services provided by Office 365 and that your firewalls are not preventing access. For information about configuring firewall ports, go to Office 365 URLs and IP ranges|
|Validate (NAT) pool size||Validate the network address translation (NAT) pool size required for user connectivity. When multiple users and devices access Office 365 using Network Address Translation (NAT) or Port Address Translation (PAT), you need to ensure that the devices hidden behind each publicly routable IP address do not exceed the supported number. Ensure that adequate public IP addresses are assigned to the NAT pools to prevent port exhaustion. Port exhaustion will contribute to internal users and devices being unable to connect to the Office 365 service|
|Intrusion Detection and Prevention Guidance||If your environment has an Intrusion Detection or Prevention System (IDS/IPS) deployed for an extra layer of security for outbound connections, be sure to allow-list all Office 365 URLs|
|Configure split-tunnel VPN||If users belonging to your organisation are connected to the corporate network using a remote access VPN solution, we recommend configuring Office 365 based traffic to bypass the VPN. This is typically referred to as a split tunnel VPN (where the corporate internal traffic is defined to go over the VPN in order reach the corporate network, whilst the internet traffic (such as Office365 or Exchange Online traffic) is separated out and sent directly to the internet from the client device). Bypassing your Clients remote access VPN will have a positive impact on Microsoft Teams’ quality, as well as reducing load from the VPN devices and the organisation’s network.To implement a split-tunnel VPN, work with your VPN vendor. In addition, organisations can connect their corporate networks to the internet either via a suitable local breakout or via a HSCN internet service provided by their HSCN Consumer Network Service providers (CNSP). HSCN and NHSmail have been working with the central internet security provider to ensure the traffic over the HSCN internet service. This is ensuring the O365 traffic that is directed through the HSCN internet service is treated as efficiently as possible. This has been centrally configured and will be in place for all organisations using the Central HSCN Secure Boundary service.
The HSCN teams are monitoring and working with each of the CNSP’s to ensure suitable capacity is in place for their customers internet traffic.
|Optimise WiFi||Similar to VPN, WiFi networks aren’t necessarily designed or configured to support real-time media. Planning for, or optimising, a WiFi network to support Teams is an important consideration for a high-quality deployment. Consider these factors:
Each wireless vendor has its own recommendations for deploying its wireless solution. Consult your WiFi vendor for specific guidance.
Teams Application Install:
Teams can be used both through the desktop client application or the browser-based version.
Local Administrators can use this link to facilitate the download and installation of the Teams desktop client application on user devices. Alternatively, standard local methods to download and distribute applications to devices can be used.
Administration & Management:
Users will be provided access to Teams, OneDrive and SharePoint as a standard. As this is a temporary solution, Local Administrators won’t have the ability to configure application access for end users. This will be managed centrally by NHS Digital.
Local Administrators will be responsible for creating Teams for end users. This can be done by logging into the NHSmail Portal and following the instructions outlined in the teams creation article.
Standard Teams functionality will be available to end users, notably instant messaging, audio and video calling with all other NHSmail colleagues. Instructions on how to complete certain tasks will be provided to end users and made available on the NHSmail Support site.
Using Teams with Outlook & OWA:
In order to use Teams within Outlook (for meeting scheduling) – you will be required to download and install the Teams desktop application. This will automatically create the Teams add-in for Outlook (version 2010 onwards).
Teams meetings cannot currently be setup directly in OWA (Outlook Web App). Instead users will be required to use the ‘Meet Now’ functionality in the Teams application to facilitate meetings as and when required.