Applocker Strategy for Microsoft Teams

ian wilson_68 21 Reputation points
2020-11-10T12:49:21.43+00:00

Microsoft Teams stores its .exe .dll files in the local user profile. I need to whitelist Teams through applocker and have tried whitelisting the main .exe files (teams, updater etc) using the "publisher" applocker option.

I have so far had to whitelist over 10 dll's and i still get dll and .node blocks in my applocker logs.

It is not an option (or sensible) to whitelist the path (as the user has full rights here), so have others ran into this and come up with a sensible solution that also allows for Teams not to break when it gets updated?

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
Microsoft Teams | Microsoft Teams for business | Other
{count} votes

Accepted answer
  1. JimmyYang-MSFT 58,646 Reputation points Moderator
    2020-11-11T06:13:37.057+00:00

    Hi @ian wilson_68 ,

    Based on my knowledge, we recommend that you use the publisher condition rules since all Teams app files are digitally signed. We don't recommend the use of path rules because the Teams installation directory is user-writable. We also don't recommend the use of hash rules because the rules would have to be updated each time the Teams client app is updated.

    You can try to add the following to the Executable Rules & DLL Rules for the Teams client app:

    Publisher: O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
    Product name: MICROSOFT TEAMS
    Product name: MICROSOFT TEAMS UPDATE


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. ian wilson_68 21 Reputation points
    2020-11-12T12:54:22.41+00:00

    Hi and Thanks.

    Your suggestion worked perfectly.

    I had not at the time understood that you could use the path rule and then edit the entry and provide a * wildcard in the "Filename" option.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.