Hey everyone,
I'm trying to figure out how to keep Microsoft Teams fully operational while using AOVPN for Windows with forced tunneling. I've already excluded the necessary IP addresses for Teams in my ProfileXML, like:
13.107.64.0
18
true
After applying this new profile on a test device, I disconnected from the VPN, but while Teams continued to function because I remained in a call, I couldn't send messages and my colleagues' statuses and images didn't update.
I'm looking for some advice on how to maintain full Teams functionality even if the VPN tunnel is down. This is becoming a significant issue for our team. Any insights would be greatly appreciated!
4 Answers
It could also be helpful to review your VPN settings to ensure they align with Teams’ requirements. Sometimes, simply adjusting the configuration can restore full functionality without needing to exclude a bunch of IPs.
It seems like you might need to widen the range of IP addresses you’ve excluded. Teams has ties to other Microsoft 365 apps, so just excluding that /18 address might not cut it. You should check out Microsoft's official list of URLs and IP address ranges for 365 to ensure you're not missing anything crucial.
If your company insists on endpoint inspection, it might be worth looking into a SASE solution. Technologies like Entra GSA or Zscaler can scan outbound traffic and manage M365 apps better without overly complicating things. You wouldn’t have to worry about manually defining all those IP ranges.
Have you considered why everything is being routed through AOVPN? It might be beneficial to only route internal ranges and leave other traffic out of it.
I see your point, but my company prioritizes routing all traffic through the AOVPN for security reasons. It was even tough to convince them to allow Teams to bypass the tunnel.
Even if your team wants to inspect all traffic, remember that most threats are from the public internet. Excluding certain traffic could save headaches later.
Thanks for the tip! I actually focused on IPs related to Teams, but I’ll double-check the entire Microsoft 365 list to see what else I should include.