Featured image of post Direct guest join Microsoft Teams Room devices does not work

Direct guest join Microsoft Teams Room devices does not work

If you have a Microsoft Teams Room (MTR) device, you can now join Cisco Webex and Zoom Meetings directly.

Join WebEx on MTR

The “Join Cisco WebEx meetings from Teams Rooms with direct guest join” was introduced with Microsoft Teams Room version, please see the Release Notes.

Modify the MTR config

If you use the “Safe Link” AntiSpam/Security Feature in Exchange Online Protection (EOP) or Advanced Threat Protection (ATP) you might want to exclude the URLs for Microsoft Teams, Cisco Webex and Zoom meetings. If you do not exclude the rewrites of these URLs, the Microsoft Teams Room (MTR) is unable to handle the altered URLs and the join will not work.

Guest join is not working

The altered/rewritten URLs looks like this:

You can use the Exchange Admin Center (EAC) to change that behaviour.

Where to find it

You will find this in “advanced threats/safe links”.

Modify the Policy

I recommend to exclude the following URLs:


Guest join is working

If you have multiple Rules, you might want to use PowerShell to automate this process!

# Get your active SafeLinks Policy/Policies
Get-SafeLinksPolicy | Where-Object -FilterScript {
   $_.IsEnabled -eq $true
} | Select-Object -ExpandProperty Identity

# I use the default policy in this example
$SafeLinksPolicyIdentity = 'Recommended safe links policy'

# A list of URLs to exclude from rewriting
$DoNotRewriteUrls = @(

# I use the default policy in this example
Set-SafeLinksPolicy -Identity $SafeLinksPolicyIdentity -DoNotRewriteUrls $DoNotRewriteUrls
      The WhiteListedUrls and ExcludedUrls parameters are deprecated
      Only use the DoNotRewriteUrls parameter

# Remove all URLs from the SafeLinks Policy/Policies
$DoNotRewriteUrls = @()
Set-SafeLinksPolicy -Identity $SafeLinksPolicyIdentity -DoNotRewriteUrls $DoNotRewriteUrls

I also recommend a few more things for the SafeLinks policy/policies:

# Apply my recommended settings to the policy/policies
$paramSetSafeLinksPolicy = @{
   Identity                 = $SafeLinksPolicyIdentity
   DoNotTrackUserClicks     = $false
   DoNotAllowClickThrough   = $true
   ScanUrls                 = $true
   EnableForInternalSenders = $true
   DeliverMessageAfterScan  = $true
Set-SafeLinksPolicy @paramSetSafeLinksPolicy

      Identity                        = The Identity parameter specifies the Safe Links policy that you want to modify
      DoNotTrackUserClicks        = Track user clicks related to links in email messages and Microsoft Teams
      DoNotAllowClickThrough   = Disallow users to click through to the original URL
      ScanUrls                        = Enable real-time scanning of links in email messages
      EnableForInternalSenders = The policy is applied to internal and external senders
      DeliverMessageAfterScan  = Wait until Safe Links scanning is complete before delivering the message

This is fine, no panic:

WARNING: The command completed successfully but no settings of 'Recommended safe links policy' have been modified.

If you let external parties and/or services to invite your Microsoft Teams Room (MTR) directly, you need to tweak the calendar processing for it/them:

# Do this for all your Teams Room Devices that should except external invitations
Set-CalendarProcessing -Identity '<Your Device here>' -ProcessExternalMeetingMessages $true

The code above looks crappy on my Blog, but there is a GIST for all the Code above!