Occasionally there’s a reqirement to block Teams from running on a server or PC. Usually, this wouldn’t be an issue because end users shouldn’t have admin rights – but given it installs to AppData then local admin rights isn’t required. Microsoft haven’t provided any useful ADMX templates to stop it from running, so the only option is to block it via SRP.
Technically, it should be possible to block it via the code cert, however I never had any success with this and settled on the working route of path based blocking. Microsoft don’t make it easy, even if you block it from running in AppData it then decides that ProgramData is the next best option! Therefore I’ve found ALL the following paths need to be blocked in order to stop the installation and running of Teams:
GPO > Computer (or user) > Windows Settings > Security Settings > Software Restriction Policy > Additonal Rules > New Path Rule. Add the below and set security level to disallowed:
%AppData%\Microsoft\Teams\*
%LocalAppData%\SquirrelTemp\*
%LocalAppData%\Microsoft\Teams\current\*
%ProgramData%*\Microsoft\Teams\*
%ProgramData%\%username%\SquirrelTemp\*
%LocalAppData%\Microsoft\Teams\*I usually then combine this with the one and only Teams ADMX template to stop Teams running on startup – this then prevents any unwanted popups (and therefore support calls) when the user signs in.