Understanding Media Flows in Microsoft Teams – My Notes

Understanding Media Flows in Microsoft Teams and Skype for Business

Awesome Session by Tim … I was more interested in the difference between Teams Media Handling vis-a-vis Skype4B hence not noting down the basics…. I would strongly recomend watching this video but if you are short of time these notes may give you a quick roundup….

  • Teams uses REST APIs for signaling while S4B uses SIP
  • The REST APIs use HTTPS  WebSockets!… (I’m wondering …how would REST work over WebSocket!)
  • Introducing Two ‘Relay’ concepts
    • Media Relay
      • Born On Premise and Not scaleable for cloud
      • Designed for Single Location
      • Used by S4B till date
    • Transport Relay
      • Born in The Cloud!
      • Designed to be Multi-Location using anycast IP (https://en.wikipedia.org/wiki/Anycast)! – Offices will need Local Breakouts to make use of this 😦
      • S4BO moving to this model
      • Teams uses right from start
  • Anycast IP
    • Same IP Used by Global DCs
    • Requests land on the DC Closest to the User
    • Regional Government constraints respected-> eg EU Govts users will land on EU DCs even if users are in US! But same not applicable for US Govt Users…
    • Generic EU Users will be forced to EU and US Relays only (Don’t Trust the ROW I guess)
  • Client Authentication
    • No more MRAS … Only TRAP -> Transport Relay Auth Provider
  • For S4B users who moved to transport relay , The MRAS media usr/psw/server address retreival process is same as old s4b but the server url will always start with TREdge.<online/us/eu…>.lync.com…  Also the list will only have one server name while media relay based s4bo users will have multiple server names ( 1 for internal and 1 for external)…
  • In teams there is no internal user hence only 1 server address
  • Teams does not generate customer facing logs and hence cant use the same methods to debug
  • We’ll need to use a trusted MITM Proxy like charles to capture traffic and debug protocols
  • In charles search for mdn_trap
  • All details are in json 🙂             [note: I typed this too soon and realised later that its not so always 😦 ]
  • Server address is an Anycast IP address and not FQDN
  • During actual Media session creation the Anycast IP will assign an alternate IP which is used by the client for relay
  • Teams will connect on 443/tcp and 3478udp … and will retain connection on port 3478/udp (slide shows 4478 but Tim apologises it as a typo in audio)
  • In locations where S4B has been working the 3479-3481 may be closed and hence relay will fall back to 443/tcp…. Sadly with TCP calls will work but with relatively bad user xperience…SO if Teams is performing badly in ur office , u know why…
  • + In Teams all P2P traffic is defaults to udp only…. If udp is blocked then Relay will be used to mediate over tcp
  • Aaaah! SDP Still used in Team!… Still stuck in ancient unlabeled Messaging age 😦
  • No more 50K wala giant hole in the firewall funda …Media is always in 3479-3481 (3479-audio, 3480-video, 3481-desktop sharing/VBSS -> video based Screen Sharing) [Added on 22Aug2018] Please note that this is optional if all users are on teams + S4B online. If you are on hybrid with users spread across On-Premise S4B and Teams then this 50000-59999 TCP/UDP hole is still needed. Please check the latest documentation here at https://docs.microsoft.com…
  • Call quality Dashboard used by Teams also (hurrah!)
  • Connectivity Testing Tool coming soon…


  1. Thank you for this minutes meeting.

    When you say “In Teams all P2P traffic is udp only” are you sure of that? I didn’t hear anything about that on the youtube video. But maybe I missed it.
    And I don’t anything info confirming that point on Microsoft documentation.

    Thank you.


  2. Please forgive My English…, UDP is the default for voice traffic. However if Teams discovers that UDP is not working then it tries TCP. I’ll try to keep future posts less ambiguous 🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s