If you have a Microsoft Teams Room (MTR) device, you can now join Cisco Webex and Zoom Meetings directly. The “Join Cisco WebEx meetings from Teams Rooms with direct guest join” was introduced with Microsoft Teams Room version 4.5.35.0, please see the Release Notes.


If you use the “Safe Link” AntiSpam/Security Feature in Exchange Online Protection (EOP) or Advanced Threat Protection (ATP) you might want to exclude the URLs for Microsoft Teams, Cisco Webex and Zoom meetings. If you do not exclude the rewrites of these URLs, the Microsoft Teams Room (MTR) is unable to handle the altered URLs and the join will not work.

The altered/rewritten URLs looks like this: https://eur03.safelinks.protection.outlook.com/?url=https
You can use the Exchange Admin Center (EAC) to change that behaviour.

You will find this in “advanced threats/safe links“.

I recommend to exclude the following URLs:
'*.webex.com/*'
'*.zoom.us/*'
'zoom.us/*'
'*.teams.microsoft.com/*'
'teams.microsoft.com/*'
'zoom.com/*'
'*.zoom.com/*'

If you have multiple Rules, you might want to use PowerShell to automate this process!
# Get your active SafeLinks Policy/Policies Get-SafeLinksPolicy | Where-Object -FilterScript { $_.IsEnabled -eq $true } | Select-Object -ExpandProperty Identity # I use the default policy in this example $SafeLinksPolicyIdentity = 'Recommended safe links policy' # A list of URLs to exclude from rewriting $DoNotRewriteUrls = @( '*.webex.com/*' '*.zoom.us/*' 'zoom.us/*' '*.teams.microsoft.com/*' 'teams.microsoft.com/*' 'zoom.com/*' '*.zoom.com/*' ) # I use the default policy in this example Set-SafeLinksPolicy -Identity $SafeLinksPolicyIdentity -DoNotRewriteUrls $DoNotRewriteUrls <# Note: The WhiteListedUrls and ExcludedUrls parameters are deprecated Only use the DoNotRewriteUrls parameter #> # Remove all URLs from the SafeLinks Policy/Policies $DoNotRewriteUrls = @() Set-SafeLinksPolicy -Identity $SafeLinksPolicyIdentity -DoNotRewriteUrls $DoNotRewriteUrls
I also recommend a few more things for the SafeLinks policy/policies:
# Apply my recommended settings to the policy/policies $paramSetSafeLinksPolicy = @{ Identity = $SafeLinksPolicyIdentity DoNotTrackUserClicks = $false DoNotAllowClickThrough = $true ScanUrls = $true EnableForInternalSenders = $true DeliverMessageAfterScan = $true } Set-SafeLinksPolicy @paramSetSafeLinksPolicy <# Identity = The Identity parameter specifies the Safe Links policy that you want to modify DoNotTrackUserClicks = Track user clicks related to links in email messages and Microsoft Teams DoNotAllowClickThrough = Disallow users to click through to the original URL ScanUrls = Enable real-time scanning of links in email messages EnableForInternalSenders = The policy is applied to internal and external senders DeliverMessageAfterScan = Wait until Safe Links scanning is complete before delivering the message #>
This is fine, no panic:
WARNING: The command completed successfully but no settings of 'Recommended safe links policy' have been modified.
If you let external parties and/or services to invite your Microsoft Teams Room (MTR) directly, you need to tweak the calendar processing for it/them:
# Do this for all your Teams Room Devices that should except external invitations Set-CalendarProcessing -Identity '<Your Device here>' -ProcessExternalMeetingMessages $true
The code above looks crappy on my Blog, but there is a GIST for all the Code above!
Be First to Comment