Implement the Quality of Service (QoS) for Microsoft Teams V1

Overview:

As you know that Microsoft Teams is great product which has multiple features which

help enterprise users to communicate and collaborate effectively from anywhere in

real-time. To get Microsoft Teams to work correctly for managed and unmanaged

network (users), is complex task as we are dealing with vast product. Improving quality

of service is very important. So, this admin guide helps you to configure end to end

Quality of Service. Also, this document mainly focusing on why we need Quality of

Service and how we can configure this.

Microsoft Teams is latency-sensitive application, to provide optimal experience using

Teams audio, video and application sharing you must prioritize the Teams real-time

traffic against lower priority traffic.

Basically, Quality of Services is not an only solution of every quality problem, however

QoS is combination of networking technologies that enables companies to optimize the

end-user experience for real time audio, video and application sharing communications.

QoS is commonly used when network bandwidth is limited and when network

congestion, in practice bandwidth limitation and network congestion always there so we

must have QoS configure correctly to optimize end-users experience.

Author: Balu Ilag Microsoft MVP (Office Servers and Services) © 8.27.2018, Balu Ilag, System Administrator, Microsoft MVP

for Office Apps and Services. Version 1.0

Contact me at: balasaheb.ilag@hotmail.com

Blog: http://bloguc.com/ . This document covers how to deploy quality of

services and why we need it. Target audience for this admin guide are Microsoft Teams Administrator, Consultant, Skype for Business Administrator, Office365 Administrator, Network Engineer and System Administrator who manages Microsoft Teams and Skype for Business environment.

Implement Quality of Service (QoS) for Microsoft Teams

As you know that Microsoft Teams is Collaboration and Unified Communication

application, means Teams provides Real-Time Communication including Persistent Chat,

Audio/ Video call (Voice Over IP), Meetings, application Sharing, PSTN calls, content

sharing etc. these capabilities will increases the traffic on your existing network, it is

increasingly important for you to balance network performance with the cost of service.

Since these all modalities includes signaling and media traffic and this real-time traffic is

latency-sensitive. Microsoft Teams is latency-sensitive application, to provide optimal

experience using Teams audio, video and application sharing you must prioritize the

Teams real-time traffic against lower priority traffic.

There are different ways to prioritize network traffic, but the most common way by

using Differentiated Services Code Point (DSCP) markings. DSCP values can be applied or

tagged based on port ranges and also via Group Policy objects (GPOs). Since Microsoft

Teams is available across platform including Windows, MacOS, iOS, Android etc.

applying port ranges via GPO will not work for non-windows devices. It is recommended

that you use DSCP tagging based on port ranges on network layer because it will work

for all devices including MacOS, iOS and Android devices. In fact, combination of Group

Policy Object and DSCP tagging at network layer will work better.

QoS is more beneficial when you configure a QoS-capable connection from end to end

means from Computer to network switches to routers to the cloud (Office 365 Service),

because any part of the path that fails to support QoS can degrade the quality of the

entire call.

QoS works well when implemented end-to-end that connect caller to callee and vice

versa. If you use QoS on the internal network and a user signs in from a remote location,

you can only prioritize Teams traffic within your internal (managed network).

Since Microsoft Teams is cloud only service, so you don't have end-to-end control on

network because when network traffic leaves your management network you will be

dependent on internet where you don't have much control. Basically, the interconnect

network will be an unmanaged network internet connection, which is showed in below

image. One option available to address end-to-end QoS is Azure ExpressRoute which

cost additional investment.

QoS will help to enhance user experience using Teams, so you can implement QoS in

your organization when you are deploying Teams, or you already deployed Teams.

Even though you will not have end-to-end control on network, but it is recommended

that you implement QoS on the portions of the network you have control over, namely

you’re on-premises network. This will increase the quality of real-time communication

workloads throughout your deployment and improve chokepoints in your existing

deployment.

Teams is great product, applying QoS policies will gives optimal experience to your end

user, this user guide will help you to implement QoS and validate the same.

How to setup Quality of Service for Microsoft Teams?

As I mention earlier for Teams traffic you should use Group Policy Object and DSCP

marking using port ranges to accommodate windows and non-windows devices. This

guide is covering Quality of Services setting at endpoint level as well network layer.

It is best practice to use a Group Policy Object to catch the majority of clients, and also

use port-based DSCP tagging to ensure that mobile, Mac, and other clients will still get

QoS treatment (at least partially).

Below mentioned DSCP values and client source port ranges are recommended for

Microsoft Teams media traffic.

DSCP Marking and Teams Client Source port ranges:

Client source port range Protocol Media category

DSCP value DSCP class

50,000–50,019 TCP/UDP Audio 46 Expedited Forwarding (EF)

50,020–50,039 TCP/UDP Video 34 Assured Forwarding (AF41)

50,040–50,059 TCP/UDP Application/Desktop Sharing 18

Assured Forwarding (AF21)

Apply DSCP Marking at network Layer (L2):

Port-based DSCP tagging by using access control lists (ACLs) on network devices

(Switches and routers, basically the network team marks the Teams Audio, Video and

Application sharing traffic at the ingress/egress routers typically located on the Wide

Area Network (WAN) based on the client source port ranges defined for each modality.

Although this works across platforms, it only marks traffic at the WAN edge—not all the

way to the client machine—and therefore incurs management overhead.

To setup this you can discuss and share Teams client source port ranges with DSCP Class

and Value with your network team.

DSCP marking at endpoint level using Policy-based QoS:

QoS policies are applied to a user login session or a computer as part of a Group Policy

object (GPO) that you have linked to an Active Directory container, such as a domain,

site, or organizational unit (OU). QoS traffic management occurs below the application

layer, which means that your existing applications do not need to be modified to benefit

from the advantages that are provided by QoS policies.

For Microsoft Teams, we need setup QoS policies for Computer configuration so that

whoever login to computer and use Teams client will get policy applied.

GPO Path: Default Domain Policy | Computer Configuration | Policies| Windows

Settings | Policy-based QoS

Follow the below steps to implement policy-based QoS for Teams:

1. First define the Teams client source port ranges on Teams Admin Center modern

portal:

URL: https://admin.teams.microsoft.com/policies/meetings

a. Turn on “Insert Quality of Service (QoS) markers for real-time media

traffic”, refer the below image.

b. Select “Select a port range for each type of real-time media traffic”, refer

the below image.

c. Update starting and ending port ranges with media traffic type. Refer

below the image.

You may setup port range using PowerShell as well.

2. Configure separate Group Policy Object for each modality:

After defining port ranges in Teams Admin portal, you have to create Quality of

Service policies that specify the DSCP values to be associated with each port

range

Simply, restricting a set of ports to a specific type of traffic does not result in

packets traveling through those ports being marked with the appropriate DSCP

value. In addition to defining port ranges you must also create Quality of Service

policies that specify the DSCP value to be associated with each port range.

This DSCP values association with port ranges can be achieve via GPO which

called as policy based QoS. With QoS Policy, you can configure and enforce QoS

policies that cannot be configured on routers and switches. QoS Policy provides

the following advantages:

• QoS Policies are easier to configure a user-level QoS policy on a domain

controller and propagate the policy to the user’s computer.

• QoS policies are flexible regardless of where or how a computer connects

to the network, QoS policy is applied - the computer can connect using

WiFi or Ethernet from any location.

• Some QoS functions, such as throttling, are better performed when they

are closer to the source. QoS Policy moves such QoS functions closest to

the source.

If you already have all port ranges and DSCP value with media category type then

processed below, if not then decide port ranges and follow the step two for

configure port ranges. Microsoft outline complete steps and port ranges here:

https://docs.microsoft.com/en-us/microsoftteams/qos-in-teams

a. You must have consolidated all your computer object to single OU

(Organization Unit). E.g. Computer to apply GPO correctly.

b. Login to the Domain Controller or computer which have Group Policy

Management installed.

c. Open Group Policy Management tool (run > gpmc.msc) and then right click

the OU (Computer) and then click “Create a GPO in this domain and Link it

here” to create a new GPO. E.g. TeamsClient-QoS. You must have required

permission (Domain Admin) or like create and link policy object permission.

d. Select the newly created Group Policy Object and right click on it and select

Edit to Open Group Policy Management Editor > expand Computer

Configuration > expand Policies > expand Windows Settings > right click

Policy-based QoS > then click ‘Create new policy’. Refer below image.

e. In Policy-based QoS page > give policy name as "Teams Audio" > Select Specify

DSCP Value: "46" > click Next.

Below screenshot shows Policy name and DSCP value information:

f. On next page > Select "Only applications with this executable name:

"Teams.exe" > click Next. Below screenshot shows Application name

information:

Note: This simply ensures that Teams.exe application will match packets from the

specified port range with the specified DSCP code.

g. On next page, make sure that both Any source IP address and Any

destination IP address are selected > then click Next.

Note: These two settings ensure that packets will be managed regardless of

which computer (IP address) sent those packets and which computer (IP

address) will receive those packets. Below screenshot shows IP address

configuration information

h. On next page select TCP and UDP > select ‘From this source port or range’.

Note: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)

are the two networking protocols most-commonly used by Microsoft Teams

Service and its client applications. Also, typed port range reserved for audio

transmissions (50000 to 50019) and select “To any destination port”.

Below screenshot shows protocol and port range configuration information:

i. Follow step “e” to “h” and create new policy object as “Teams Video and

Teams Sharing” with above ports ranges and DSCP values. j. After you are configuring all policy object, it will look like below:

3. Finally test the QoS, as a best practice you must validate QoS configuration and

DSCP tagging quarterly basis.

How to verify QoS policies applied and working?

There are multiple ways to verify the QoS:

1. Using Registry on Windows Local computer: Once GPO pushed and applied to

computer, you can force the GPO to local computer by running command

“gpudate.exe /force”, and then visit below path to verify QoS policies applied.

You will see result like below image. It shows Teams Audio, Video and Sharing

policy with port ranges and DSCP Values. Registry Path:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\QoS\

Teams Audio

a. Validate using Packet capture: Start teams audio/video meeting and capture

the network traffic via Wireshark tool (it is freeware tool, you can download

and install on your computer). Below shows Teams audio traffic (source is

10.0.0.207 and destination 104.42.192.49) protocol UDP with port number

“50018” this packet shows DSCP marking as EF (expedite forwarding as DSCP

46 ). Verify the two-way traffic to get QoS benefits.

Thank you.