Configure Authorized Owners to allow Microsoft Teams

The following configuration example shows how to allow Microsoft Teams to be launched by users that are not in the default authorized owners list. By default, Microsoft Teams is installed under the end-user's profile directory whose NTFS owner is the logged user.

End-user profiles are not configured as authorized owners by default. Therefore, they are not allowed to run the application under the default Authorized Owners configuration.

Other applications besides Microsoft Teams that can be configure as allowed to run include:

  • Microsoft OneDrive

  • Microsoft Click-to-Run or ClickOnce

Microsoft Teams is started from the Update executable located in the Teams installation folder. Update.exe then launches the Teams executable. To ensure the security of your Workspace Control environment while still using the Authorized Owners feature, Ivanti recommends to allow the executables to run based on Authorized Certificates rules.

To allow Microsoft Teams to run in Workspace Control managed user sessions, follow these steps:

  1. Enable the Authorized Owners feature.

    Open the Workspace Control Console and navigate to Security > Authorized Owners > Settings tab or Workspace Container. Set the Authorized Owners option to Enabled.

  2. Enable Managed Application security. This is prerequisite for the Authorized Certificates feature to function.

    Navigate to Security > Applications > Managed Applications > Settings tab. Set the Managed Application security option to Enabled.

  3. Enable the Authorized Certificates feature.

    Navigate to Security > Authorized Certificates > Settings tab. Set the File Certificate Security option to Enabled.

  4. Configure Update.exe as authorized certificates.

    1. Navigate to the Authorized Certificates tab.

    2. Right-click in right-side pane and select New from the context menu.

      This opens the Authorize Certificate window.

    3. Under the Settings tab, select next to the Load from file field. In the Select a file window, navigate to the location of Update.exe and select Open.

      The default installation path for Update.exe is C:\Users\<username>\AppData\Local\Microsoft\Teams.

    4. Since Update.exe can have various versions, deselect the File version option from the Authorize Certificate window, under the Settings tab.

    5. Select OK to finish configuring the new authorized certificate.

  5. Configure Teams.exe as covered in step 4 for Update.exe.

    The default installation path for Teams.exe is C:\Users\<username>\AppData\Local\Microsoft\Teams\current\.

Microsoft Teams is now configured to run based on Authorized Certificates, regardless if the user that launches the application is in the list of authorized owners or not.