Optimization for Microsoft Teams
Citrix delivers optimization for desktop-based Microsoft Teams using Citrix Virtual Apps and Desktops and Citrix Workspace app. By default, we bundle all the necessary components into the Citrix Workspace app and the Virtual Delivery Agent (VDA).
Our optimization for Microsoft Teams includes VDA-side HDX services and an API to interface with the Microsoft Teams hosted app to receive commands. These components open a control virtual channel (CTXMTOP) to the Citrix Workspace app-side media engine. The endpoint decodes and provides the multimedia locally, moving the Citrix Workspace app window back into the hosted Microsoft Teams app.
Authentication and signaling occur natively on the Microsoft Teams-hosted app, just like the other Microsoft Teams services (for example chat or collaboration). Audio/video redirection doesn’t affect them.
The CTXMTOP
is a command and control virtual channel. That means that media isn’t exchanged between the Citrix Workspace app and the VDA.
Only client-fetch/client-render is available.
This video demo gives you an idea of how Microsoft Teams works in a Citrix virtual environment.
Microsoft Teams installation
Note:
We recommend installing the VDA before installing Microsoft Teams in the golden image. This installation order is needed for the ALLUSER=1 flag to take effect. If you installed Microsoft Teams in the virtual machine before installing the VDA, uninstall and reinstall Microsoft Teams. If you’re using App Layering, see For App Layering for more details.
We recommend that you follow the Microsoft Teams machine-wide installation guidelines. Also, avoid using the .exe installer that installs Microsoft Teams in AppData
. Instead, install in C:\Program Files (x86)\Microsoft\Teams
by using the ALLUSER=1 flag from the command line.
msiexec /i <path_to_msi> /l*v <install_logfile_name> ALLUSER=1 ALLUSERS=1
This example also uses the ALLUSERS=1 parameter. When you set this parameter, the Microsoft Teams Machine-Wide Installer appears in Programs and Features in the Control Panel. Also, in Apps & features in Windows Settings for all users of the computer. All users can then uninstall Microsoft Teams if they have administrator credentials.
It’s important to understand the difference between ALLUSERS=1 and ALLUSER=1. You can use the ALLUSERS=1 parameter in non-VDI and VDI environments. Use the ALLUSER=1 parameter only in VDI environments to specify a per-machine installation.
In ALLUSER=1 mode, the Microsoft Teams application doesn’t auto-update whenever there’s a new version. We recommend this mode for non-persistent environments, such as hosted shared apps or desktops out of a Windows Server or Windows 10 random/pooled catalogs. For more information, see Install Microsoft Teams using MSI (VDI Installation section).
Suppose you have Windows 10 dedicated persistent VDI environments. You want the Microsoft Teams application to auto-update and prefer Microsoft Teams to install per-user under Appdata/Local
. In this case, use the .exe
installer or the MSI without ALLUSER=1.
For Remote PC Access
We recommend that you install Microsoft Teams version 1.4.00.22472 or later after installing the VDA. Otherwise, you need to sign out and sign in again for Microsoft Teams to detect the VDA as expected. Version 1.4.00.22472 and later includes augmented logic run at Microsoft Teams launch time and sign in time for VDA detection. These versions also include active session type identification (HDX, RDP or locally connected to the client machine). If you’re locally connected, previous versions of Microsoft Teams might fail to detect and disable certain features or UI elements. For example, Breakout Rooms, pop out windows for meetings and chat, or meeting reactions.
In some Remote PC Access scenarios, when you reconnect to a previously non-optimized session from a new endpoint that supports HDX optimization, you might need to relaunch Microsoft Teams to support HDX optimization.
For App Layering
If using Citrix App Layering to manage VDA and Microsoft Teams installations in different layers, deploy this registry key on Windows VDAs before installing Microsoft Teams with ALLUSER=1. For information, see Optimization for Microsoft Teams with Citrix App Layering in the list of features that managed through the registry.
Profile Management recommendations
We recommend using the machine-wide installer for Windows Server and Pooled VDI Windows 10 environments.
When the ALLUSER=1 flag is passed to the MSI from the command line (the machine-wide installer), the Microsoft Teams app installs under C:\Program Files (x86)
(~300 MB). The app uses AppData\Local\Microsoft\TeamsMeetingAddin
for logs and AppData\Roaming\Microsoft\Teams
(~600–700 MB) for user specific configurations, caching of elements in the user interface, and so forth.
Important:
If you don’t pass the ALLUSER=1 flag, the MSI places the Teams.exe installer and
setup.json
underC:\Program Files (x86)\Teams Installer
. A registry key (TeamsMachineInstaller) is added under:HKEY_LOCAL_MACHINE \SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
A subsequent user logon triggers the final installation in AppData instead.
Machine-wide installer
The following is an example of folders, desktop shortcuts, and registries created by installing Microsoft Teams machine-wide installer on a Windows Server 2016 64-bit VM:
Folder:
C:\Program Files (x86)\Microsoft\Teams
C:\Users\<username>\AppData\Roaming\Microsoft\Teams
Desktop Shortcut:
C:\Program Files (x86)\Microsoft\Teams\current\Teams.exe
Registry:
HKEY_LOCAL_MACHINE \SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Name:
Teams
- Type:
REG_SZ
- Value:
C:\Program Files (x86)\Microsoft\Teams\current\Teams.exe
Note:
The registry location varies based on the underlying Operating Systems and bitness.
Recommendations
- We recommend disabling auto-start by deleting the Microsoft Teams registry keys. Doing so prevents many logons that occur at the same time (for example, at the beginning of your work day) from spiking up the VM’s CPU.
- If the virtual desktop does not have a GPU/vGPU, we recommend setting Disable GPU hardware acceleration in the Microsoft Teams Settings to improve performance. This setting (
"disableGpu":true
) is stored in%Appdata%\Microsoft\Teams
indesktop-config.json
. You can use a logon script to edit that file and set the value to true. - If using Citrix Workspace Environment Management (WEM), enable CPU Spikes Protection to manage processor consumption for Microsoft Teams.
Per-user installer
When using the .exe
installer, the installation process differs. All the files are placed in AppData.
Folder:
C:\Users\<username>\AppData\Local\Microsoft\Teams
C:\Users\<username>\AppData\Local\Microsoft\TeamsPresenceAddin
C:\Users\<username>\AppData\Local\Microsoft\TeamsMeetingAddin
C:\Users\<username>\AppData\Local\SquirrelTemp
C:\Users\<username>\AppData\Roaming\Microsoft\Teams
Desktop shortcut:
C:\Users\<username>\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe"
Registry:
HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Best Practices
The best practice recommendations are based on the use-case scenarios. Using Microsoft Teams with a non-persistent setup requires a profile caching manager for efficient Microsoft Teams runtime data synchronization. With a profile caching manager, the appropriate user-specific information is cached during the user session. For example, the user-specific information includes, user data, profile, and settings. Synchronize the data in these two folders:
C:\Users\<username>\AppData\Local\Microsoft\IdentityCache
C:\Users\<username>\AppData\Roaming\Microsoft\Teams
Microsoft Teams cached content exclusion list for non-persistent setup
Exclude the files and directories from the Microsoft Teams caching folder as described in the Microsoft documentation. This action helps you to reduce the user caching size to further optimize your non-persistent setup.
Use case: single-session scenario
In this scenario, the end user uses Microsoft Teams in one location at a time. They don’t need to run Microsoft Teams in two Windows sessions at the same time. In a common virtual desktop deployment, each user is assigned to one desktop, and Microsoft Teams is deployed in the virtual desktop as one application. We recommend enabling the Citrix Profile container and redirecting the per-user directories listed in Per-user installer into the container.
- Deploy the Microsoft Teams machine-wide installer (ALLUSER=1) in the golden image.
- Enable Citrix Profile Management and set up the user profile store with the proper permissions.
-
Enable the following Profile Management policy setting: File system > Synchronization > Profile container – List of folders to be contained in profile disk.
List all the per-user directories into this configuration. You can also configure these settings using the Citrix Workspace Environment Management (WEM) service.
- Apply the settings to the correct delivery group.
- Log in to validate the deployment.
System requirements
Minimum recommended version - Delivery Controller (DDCs) 1906.2
If you’re using an earlier version, see Enable optimization of Microsoft Teams:
Supported operating systems:
- Windows Server 2022, 2019, 2016, 2012R2 Standard and data center Editions, and with the Server Core option
Minimum version - Virtual Delivery Agents (VDAs) 1906.2
Supported operating systems:
- Windows 10 64-bit, versions 1607 and later. VM hosted apps are supported in Citrix Workspace app for Windows 2109.1 and later.
- Windows Server 2022, 2019, 2016, and 2012 R2 (Standard and data center Editions).
Requirements:
- BCR_x64.msi - the MSI that includes the Microsoft Teams optimization code and starts automatically from the GUI. If you’re using the command line interface for the VDA installation, don’t exclude it.
Recommended version – Citrix Workspace app for Windows latest CR and Minimum version - Citrix Workspace app 1907 for Windows
- Windows 8 and 10 (32-bit and 64-bit editions, including Embedded editions) (Support for Windows 7 stopped at Version 2006)
- Windows 10 IoT Enterprise 2016 LTSB (v1607) and 2019 LTSC (v1809)
- Processor (CPU) architectures supported: x86 and x64 (ARM isn’t supported)
- Endpoint requirement: Approximately 2.2–2.4 GHz dual core CPU that can support 720p HD resolution during a peer-to-peer video conference call.
- Dual or quad-core CPUs with lower base speeds (~1.5 GHz) equipped with Intel Turbo Boost or AMD Turbo Core that can boost up to at least 2.4 GHz.
- HP Thin Clients verified: t630/t640, t730/t740, mt44/mt45.
- Dell Thin Clients verified: 5070, 5470 Mobile TC.
- 10ZiG Thin Clients verified: 4510 and 5810q.
- For a complete list of verified endpoints, see Thin Clients.
- Citrix Workspace app requires at least 600 MB free disk space and 1 GB RAM.
- Microsoft .NET Framework minimum requirement is version 4.6.2. Citrix Workspace app automatically downloads and installs .NET Framework if it’s not present in the system.
Administrators can enable/disable Microsoft Teams starting in optimized mode by changing the Teams Optimization policy. Users starting in optimized mode in Citrix Workspace app can’t disable Microsoft Teams.
Minimum version - Citrix Workspace app 2006 for Linux
For more information, see Optimization for Microsoft Teams in What’s new in 2006.
Software:
-
GStreamer
1.0 or later or Cairo 2 - libc++-9.0 or later
-
libgdk
3.22 or later - OpenSSL 1.1.1d
- x64 Linux distribution
Hardware:
- Minimum 1.8 GHz dual-core CPU that can support 720p HD resolution during a peer-to-peer video conference call
- Dual or quad-core CPU with a base speed of 1.8 GHz and a high Intel Turbo Boost speed of at least 2.9 GHz
For a complete list of verified endpoints, see Thin Clients.
For more information, see Prerequisites to install Citrix Workspace app.
You can disable Microsoft Teams optimization updating the value of the VDWEBRTC field to Off in the /opt/Citrix/ICAClient/config/module.ini
file. The default is VDWEBRTC=On. After the update is complete, restart the Session. (Root permission is required).
Minimum version - Citrix Workspace app 2012 for Mac
Supported operating systems:
- macOS Catalina (10.15).
- macOS Big Sur 11.0.1 and later.
Features supported:
- Audio
- Video
- Screen sharing optimization (incoming and outgoing)
Note:
Citrix Viewer app requires access to macOS Security and Privacy preferences for screen sharing to work. Users configure this preference in Apple menu > System preferences > Security & Privacy > Privacy tab > Screen recording and select Citrix Viewer.
Microsoft Teams optimization works by default with Citrix Workspace app 2012 and later and macOS 10.15.
If you want to disable Microsoft Teams optimization, run this command in a terminal and restart the Citrix Workspace app:
defaults write com.citrix.receiver.nomas mtopEnabled -bool NO
Minimum version - Latest version of Citrix Workspace app for Chrome OS running on the latest version of Chrome OS
Hardware:
- Processors that perform at par or better than Intel i3, quad core 2.4 GHz.
Features supported:
- Audio
- Video
- Screen sharing optimization (incoming and outgoing) - disabled by default. See these settings for instructions on how to turn it on.
Feature matrix and version support
Feature | Microsoft Teams (minimum version) | VDA (minimum version) | Citrix Workspace app for Windows CR | Citrix Workspace app for Windows 1912 LTSR (and CU1-CU4) | Citrix Workspace app for Windows 1912 CU5 | Citrix Workspace app for Windows 1912 CU6 (or later) | Citrix Workspace app for Mac | Citrix Workspace app for Linux | Citrix Workspace app for Chrome OS |
---|---|---|---|---|---|---|---|---|---|
Audio/Video (P2P and conference) | 1.4.00.22472 | 1906 | 1907 | Yes | Yes | Yes | 2009 | 2004 | 2105.5 |
Screensharing | 1.4.00.22472 | 1906 | 1907 | Yes | Yes | Yes | 2012 | 2006 | 2105.5 (1) |
i. Screen Indicator Red border | 1.4.00.22472 | 1906 | 2002 | Yes | Yes | Yes | 2012 | 2006 | No |
ii. Limit capture to Desktop Viewer | 1.4.00.22472 | 1906 | 2009.5 | No | Yes | Yes | 2012 | 2006 | No |
iii. Multimonitor | 1.4.00.22472 | 1906 | 2106 (2) | No | No | Yes (2) | 2106 | 2106 | No |
DTMF | 1.4.00.22472 | N/A | 2102 | No | Yes (5) | Yes (5) | 2101 | 2101 | 2111.1 |
Proxy Server support | 1.4.00.22472 | N/A | 2012 (3) | No | Yes (3) (5) | Yes (3) (5) | 2104 (4) | 2101 (4) | No |
App Sharing | 1.4.00.22472 | 2109 | 2109.1 | No | No | No | No | No | No |
MultiWindow | (1.5.x.x)(6) | 2112 | 2112.1 | No | No | No | No | No | No |
Give/Request Control | 1.4.00.22472 (6) | N/A | 2112.1 | No | No | No | No | No | No |
Dynamic e911 | 1.4.00.22472 | N/A | 2112.1 | No | No | No | 2112 | 2112 | 2112 |
- Disabled by default, requires Admin to enable.
- CD Viewer in full screen mode only. SHIFT+F2 not supported.
- Negotiate/Kerberos, NTLM, Basic, and Digest.
Pac
files are also supported. - Anonymous only.
- Only on Windows 10, Windows IoT Client OS.
- Features currently unavailable in Microsoft Teams. For information on ETA, see Microsoft page.
Enable optimization of Microsoft Teams
To enable optimization for Microsoft Teams, use the Manage console policy described in the Microsoft Teams redirection policy. This policy is ON by default. In addition to this policy being enabled, HDX checks to verify that the version of the Citrix Workspace app is at least the minimum required version. If you enabled the policy and the Citrix Workspace app version is supported, HKEY_CURRENT_USER\Software\Citrix\HDXMediaStream\MSTeamsRedirSupport is set to 1 automatically on the VDA. Microsoft Teams reads the key to load in VDI mode.
Note:
If you’re using version 1906.2 or later VDAs or with older controller versions (for example, version 7.15) that don’t have the policy available in the Manage console (Studio), your VDA can still be optimized. HDX optimization for Microsoft Teams is enabled by default in the VDA.
If you click About > Version, the Citrix HDX Optimized legend displays:
If you see Citrix HDX Not Connected, the Citrix API is loaded in Microsoft Teams. Loading the API is the first step toward redirection. But there’s an error in later parts of the stack. The error is most likely in the VDA services or the Citrix Workspace app.
If you don’t see any legend, Microsoft Teams failed to load the Citrix API. Exit Microsoft Teams by right-clicking the notification area icon and restarting. Make sure that the Manage console policy isn’t set to Prohibited and that the Citrix Workspace app version is supported.
Important: session reconnects
- You might require to relaunch Microsoft Teams to get an HDX optimized session when your connectivity changes. For example, if you are roaming from an unsupported endpoint (Workspace app for iOS, Android, HTML5, or old versions of Windows/Linux/Mac) to a supported one (Workspace app for Windows/Linux/Mac/ChromeOS), or the opposite way.
- When you roam from a local session to an HDX session, you must relaunch Microsoft Teams to optimize with HDX. This action is required in a Remote PC Access scenario.
Network requirements
Microsoft Teams relies on Media Processor servers in Office 365 for meetings or multiparty calls. Also, Microsoft Teams relies on Office 365 Transport Relays for these scenarios:
- Two peers in a point-to-point call do not have direct connectivity
- A participant does not have direct connectivity to the media processor.
So the network health between the peer and the Office 365 cloud determines the performance of the call.
We recommend evaluating your environment to identify any risks and requirements that can influence your overall cloud voice and video deployment. Use the Skype for Business Network Assessment Tool to test if your network is ready for Microsoft Teams. For support information, see Support.
Summary of key network recommendations for Real Time Protocol (RTP) traffic
- Connect to the Office 365 network as directly as possible from the branch office.
- If you must use any of the following at the branch office, make sure that RTP/UDP Microsoft Teams traffic is unhindered.
- Bypass proxy servers
- Network SSL intercept
- Deep packet inspection devices
- VPN hairpins (use split tunneling if possible)
- Plan for and provide sufficient bandwidth at the branch office.
- Check each branch office for network connectivity and quality.
The WebRTC media engine in the Workspace app (HdxRtcEngine.exe) uses the Secure Real-time Transport Protocol (SRTP) for multimedia streams that are offloaded to the client. SRTP provides confidentiality and authentication to RTP. For this feature, symmetric keys (negotiated with DTLS) are used to encrypt media and control messages using the AES encryption cipher.
The following metrics are recommended for a positive user experience:
Metric | Endpoint to Office 365 |
---|---|
Latency (one way) | < 50 msec |
Latency (RTT) | < 100 msec |
Packet Loss | <1% during any 15s interval |
Packet inter-arrival jitter | <30ms during any 15s interval |
For more information, see Prepare your organization’s network for Microsoft Teams.
For bandwidth requirements, optimization for Microsoft Teams can use a wide variety of codecs for audio (OPUS/G.722/PCM G711) and video (H264).
The peers negotiate these codecs during the call establishment process using the Session Description Protocol (SDP) Offer/Answer. Citrix minimum recommendations per user are:
Type | Bandwidth | Codec |
---|---|---|
Audio (each way) | ~ 90 kbps | G.722 |
Audio (each way) | ~ 60 kbps | Opus* |
Video (each way) | ~ 700 kbps | H264 360p @ 30 fps 16:9 |
Screen sharing | ~ 300 kbps | H264 1080p @ 15 fps |
* Opus supports constant and variable bitrate encoding from 6 kbps up to 510 kbps.
Opus is the preferred codec for peer-to-peer calls between two optimized VDI users.
G.722 and H264 are the preferred codecs for a VDI user joining a meeting.
Important:
About performance, encoding is more expensive than decoding for CPU use at the client machine. You can hardcode the maximum encoding resolution in the Citrix Workspace app for Linux and Windows. See Encoder performance estimator and Optimization for Microsoft Teams.
Proxy servers
Depending on the location of the proxy, consider the following:
-
Proxy configuration on the VDA:
If you configure an explicit proxy server in the VDA and route connections to localhost through a proxy, redirection fails. To configure the proxy correctly, you must select the Bypass proxy servers for local address setting in Internet Options > Connections > LAN Settings > Proxy Servers and make sure
127.0.0.1:9002
be bypassed.If you use a PAC file, your VDA proxy configuration script from the PAC file must return DIRECT for
wss://127.0.0.1:9002
. If not, optimization fails. To make sure that the script returns DIRECT, useshExpMatch(url, "wss://127.0.0.1:9002/*")
. -
Proxy configuration on Citrix Workspace app:
If the branch office is configured to access the internet through a proxy, these versions support proxy servers:
- Citrix Workspace app for Windows version 2012 (Negotiate/Kerberos, NTLM, Basic, and Digest.
Pac
files are also supported) - Citrix Workspace app for Windows version 1912 CU5 (Negotiate/Kerberos, NTLM, Basic, and Digest.
Pac
files are also supported) - Citrix Workspace app for Linux version 2101 (anonymous authentication)
- Citrix Workspace app for Mac version 2104 (anonymous authentication)
- Citrix Workspace app for Windows version 2012 (Negotiate/Kerberos, NTLM, Basic, and Digest.
Client devices with earlier versions of Citrix Workspace app can’t read proxy configurations. These devices send traffic directly to Office 365 TURN servers.
Important:
- Verify that the client device can connect to the DNS server to do DNS resolutions. A client device must be able to resolve three Microsoft Teams TURN server’s FQDNs:
worldaz.turn.teams.microsoft.com
,usaz.turn.teams.microsoft.com
, andeuaz.turn.teams.microsoft.com
.- The location of the conference server is selected based on the first participant’s virtual desktop location (and not the client).
Call establishment and media flow paths
When possible, the HDX WebRTC media engine in the Citrix Workspace app (HdxTeams.exe or HdxRtcEngine.exe) tries to establish a direct network Secure Real-time Transport Protocol (SRTP) connection over User Datagram Protocol (UDP) in a peer-to-peer call. If the UDP high ports are blocked, the media engine falls back to TCP/TLS 443.
The HDX media engine supports ICE, Session Traversal Utilities for NAT (STUN), and Traversal Using Relays around NAT (TURN) for candidate discovery and establishing connection. This support means that the endpoint must be able to perform DNS resolutions.
Consider a scenario where there is no direct path between the two peers or between a peer and a conference server and you are joining a multi-party call or meeting. The HdxRtcEngine.exe uses a Microsoft Teams transport relay server in Office 365 to reach the other peer or the media processor, where meetings are hosted. Your client machine must have access to three Office 365 subnet IP address ranges and four UDP ports (or TCP/TLS 443 as fallback if UDP is blocked). For more information, see the Architecture diagram in the Call setup and Office 365 URLs and IP address ranges ID 11.
ID | Category | Addresses | Destination Ports |
---|---|---|---|
11 | Optimize required | 13.107.64.0/18, 52.112.0.0/14, 52.120.0.0/14 | UDP: 3478, 3479, 3480, 3481, TCP: 443 (fallback) |
These ranges include both Transport Relays and media processors, front-ended by an Azure Load Balancer. The Microsoft Teams Transport Relays provide STUN and TURN functionality, but they aren’t ICE endpoints. Also, the Microsoft Teams Transport Relays don’t terminate media, TLS, or do any transcoding. They can bridge TCP (if HdxRtcEngine.exe uses TCP) to UDP when they forward traffic to other peers or media processors.
Workspace app WebRTC media engine contacts the closest Microsoft Teams Transport Relay in the Office 365 cloud. The media engine uses anycast IP and port 3478–3481 UDP (different UDP ports per workload, though multiplexing can happen) or 443 TCP/TLS for fallbacks. Call quality depends on the underlying network protocol. Because UDP is always recommended over TCP, we advise you to design your networks to accommodate UDP traffic in the branch office.
If Microsoft Teams loaded in optimized mode and HdxRtcEngine.exe is running on the endpoint, ICE failures might cause a call setup failure or one-way-only audio/video. When a call can’t be completed or the media streams aren’t full duplex, check the Wireshark trace on the endpoint first. For more information about the ICE candidate gathering process, see “Collecting logs” in the Support section.
Note:
If the endpoints don’t have internet access, the users might still be able to make a peer-to-peer call if they are both on the same LAN. Meetings fail. In this case, there’s a 30-second timeout before the call setup begins.
Call setup
Use this architecture diagram as a visual reference for the call flow sequence. The corresponding steps are indicated in the diagram.
Architecture
- Start Microsoft Teams.
- Microsoft Teams authenticates to O365. Tenant policies are pushed down to the Microsoft Teams client, and relevant TURN and signaling channel information is relayed to the app.
- Microsoft Teams detects that it’s running in a VDA and makes API calls to the Citrix JavaScript API.
- Citrix JavaScript in Microsoft Teams opens a secure WebSocket connection to WebSocketService.exe running on the VDA, which spawns WebSocketAgent.exe inside the user session.
- WebSocketAgent.exe instantiates a generic virtual channel by calling into the Citrix HDX Microsoft Teams Redirection Service (CtxSvcHost.exe).
- Citrix Workspace app’s wfica32.exe (HDX engine) spawns a new process called HdxTeams.exe or HdxRtcEngine.exe, which is the new WebRTC engine used for Microsoft Teams optimization.
-
Citrix media engine and Teams.exe have a 2-way virtual channel path and can start processing multimedia requests.
—–User calls——
- Peer A clicks the call button. Teams.exe communicates with the Microsoft Teams services in Office 365, establishing an end-to-end signaling path with Peer B. Microsoft Teams asks HdxTeams for a series of supported call parameters (codecs, resolutions, and so forth, which is known as a Session Description Protocol (SDP) offer). These call parameters are then relayed using the signaling path to the Microsoft Teams services in Office 365 and from there to the other peer.
- The SDP offer/answer (single-pass negotiation) takes place through the signaling channel, and the ICE connectivity checks (NAT and Firewall traversal using STUN bind requests) complete. Then, Secure Real-time Transport Protocol (SRTP) media flows directly between HdxTeams.exe and the other peer (or Office 365 conference servers if it’s a meeting).
Microsoft Phone System
Phone System is Microsoft’s technology that enables call control and PBX in the Office 365 cloud with Microsoft Teams. Optimization for Microsoft Teams supports Phone System, using Office 365 Calling Plans or Direct Routing. With Direct Routing, you connect your own supported session border controller to the Microsoft Phone System directly without any additional on-premises software. Call queues, transfer, forward, hold, mute, and resume a call are supported.
DTMF
The dual-tone multi-frequency (DTMF) feature is supported with these versions of Citrix Workspace app (and later):
- Citrix Workspace app for Windows version 2102
- Citrix Workspace app for Windows LTSR 1912 CU5 (Windows 10 OS only)
- Citrix Workspace app for Linux version 2101
- Citrix Workspace app for Mac version 2101
- Citrix Workspace app for Chrome OS version 2111.1
Support for dynamic e911
Starting with version 2112, Citrix Workspace app supports dynamic emergency calling. When used in Microsoft Calling Plans, Operator Connect, and Direct Routing, it allows you to do the following:
- Configure and route emergency calls.
- Notify security personnel.
The notification is provided based on the current location of the Citrix Workspace app that runs on the endpoint, instead of the Microsoft Teams client that runs on the VDA.
Ray Baum’s law requires the 911 caller’s dispatchable location to be transmitted to the appropriate Public Safety Answering Point (PSAP). Microsoft Teams Optimization with HDX is compliant with Ray Baum’s law when used with the following versions of Citrix Workspace app:
- Citrix Workspace app for Windows version 2112.1 and later
- Citrix Workspace app for Linux version 2112 and later
- Citrix Workspace app for Mac version 2112 and later
- Citrix Workspace app for Chrome OS version 2112 and later
To enable dynamic emergency calling, the administrator must use the Microsoft Teams Admin Center and configure the following to create a network or emergency location map:
- Network settings
- Location Information Service (LIS)
For more information on Dynamic emergency calling, see Microsoft’s documentation.
The dispatchable location information that Citrix Workspace app relays to Microsoft Teams is:
-
Chassis ID / Port ID using Link Layer Discovery Protocol (LLDP) for Ethernet/Switch connections. Ethernet/Switch (LLDP) is supported on:
- Windows versions 8.1 and 10
- macOS, which requires LLDP enablement software
- Linux, which requires the LLDP library to be included in the operating system(OS) distribution of the Thin Client.
- WLAN BBSID and {IPv4-IPv6; Subnet; MAC Address} of the endpoint where Citrix Workspace app is installed.
- Subnet and WiFi-based locations are supported on the Workspace app for Windows, Linux, and Mac.
- Latitude and Longitude, if user permission is granted at the OS-level where Citrix Workspace app is installed (permission is set to HDX RTC Engine)
- Supported on all Workspace app platforms. However, for Citrix Workspace for Linux, you must include the
libgps
library in the OS distribution of the Thin Client.
- Supported on all Workspace app platforms. However, for Citrix Workspace for Linux, you must include the
Firewall considerations
When users start an optimized call using the Microsoft Teams client for the first time, they might notice a warning with the Windows firewall settings. The warning asks for users to allow communication for HdxTeams.exe or HdxRtcEngine.exe (HDX Overlay Microsoft Teams).
The following four entries are added under Inbound Rules in the Windows Defender Firewall > Advanced Security console. You can apply more restrictive rules if you want.
Microsoft Teams and Skype for Business Coexistence
You can deploy Microsoft Teams and Skype for Business side by side as two separate solutions with overlapping capabilities. For more information, see Understand Microsoft Teams and Skype for Business coexistence and interoperability.
Citrix RealTime Optimization Pack and HDX optimization for Microsoft Teams multimedia engines then honor the configuration set in your environment. Examples include island modes and Skype for Business with Microsoft Teams collaboration. Also, Skype for Business with Microsoft Teams collaboration and meetings.
Peripheral access can be granted only to a single application at the time. For example, webcam access by the RealTime Media Engine during a call locks the imaging device during a call. When the device is released, it becomes available for Microsoft Teams.
Citrix SD-WAN: optimized network connectivity for Microsoft Teams
Optimal audio and video quality require a network connection to the Office 365 cloud that has low latency, low jitter, and low packet loss. Backhauling of Microsoft Teams audio-video RTP traffic from Citrix Workspace app users at branch office locations to a data center before going to the internet can add excessive latency. It might also cause congestion on WAN links. Citrix SD-WAN optimizes connectivity for Microsoft Teams following Microsoft Office 365 network connectivity principles. Citrix SD-WAN uses the Microsoft REST-based Office 365 IP address and web service and proximate DNS. This use is to identify, categorize, and steer Microsoft Teams traffic.
Business broadband internet connections in many areas suffer from intermittent packet loss, periods of excessive jitter, and outages.
Citrix SD-WAN offers two solutions to preserve Microsoft Teams audio-video quality when network health is variable or degraded.
- If you use Microsoft Azure, a Citrix SD-WAN virtual appliance (VPX) deployed in the Azure VNET provides advanced connectivity optimizations. These optimizations include seamless link failover and audio packet racing.
- Citrix SD-WAN customers can connect to Office 365 through the Citrix Cloud Direct service. This service provides reliable and secure delivery for all internet-bound traffic.
If the quality of the branch office internet connection isn’t a concern, it might be enough to minimize latency. Steer Microsoft Teams traffic directly from the Citrix SD-WAN branch appliance to the nearest Office 365 front door to minimize latency. For more information, see Citrix SD-WAN Office 365 optimization.
Gallery view and active speakers in Microsoft Teams
Microsoft Teams supports Gallery, Large gallery, and Together mode layouts.
Microsoft Teams displays a 2x2 grid with video streams of four participants (known as Gallery). In this case, Microsoft Teams sends four video streams to the client device for decoding. When more than four participants share video, only the last four most active speakers appear on the screen.
Microsoft Teams also provides the large gallery view with a grid up to 7x7. As a result, the Microsoft Teams conference server composites a single video feed and sends it to the client device for decoding, resulting in lower CPU consumption. This single, matrix-style feed might include users’ self-preview video as well.
Lastly, Microsoft Teams supports Together mode, which is part of the new meeting experience. Using AI segmentation technology to digitally place participants in a shared background, Microsoft Teams puts all participants in the same auditorium.
The user can control these modes during a conference call by selecting Gallery, Large gallery, or Together mode layouts in the ellipses menu.
Support for video aspect ratio constraints (CWA for Windows 2102, CWA for Linux 2106, CWA for MAC 2106 and later):
- The option Fill to frame is available in Gallery/Large Gallery View. This option crops the video size to fit it in the subwindow. Fit to frame, on the other hand, displays black bars (letterbox) on the sides of the video so there is no cropping.
The following table provides a comparison of Gallery and Large Gallery layouts:
Gallery view 2x2 (default) | Large Gallery view | |
---|---|---|
Layout / Grid | Displays a 2x2 grid with video streams of four participants. Only the last four most active speakers appear on the screen and other participants do not appear on the grid. | Displays a 7x7 grid with video streams of 49 participants. |
Mixing technique | A media router forwards individual streams from each participant to every user. | A central conference server mixes and transcodes all audio or video to create a tailored composite layout for every participant. This action introduces some additional latency. |
Active speaker | The new active speaker replaces the least active speaker in the grid. | Displays all participants irrespective of whether they are active or inactive. |
Encoding at the endpoint | A single quality video stream. You can set the encoding resolution value on the client. For more information, see Encoder performance estimator and Optimization for Microsoft Teams. Quality is defined as resolution and frames per second. Currently, simulcast video isn’t supported. | A single quality video stream. You can set the encoding resolution value on the client. For more information, see Encoder performance estimator and Optimization for Microsoft Teams. |
Decoding at the endpoint | Each participant gets up to four individual media streams. This increases CPU consumption at the endpoint by HdxRtcEngine.exe (for decoding/rendering). | Each participant gets only a single stream for audio and video. This setting lowers the CPU consumption at the endpoint. |
Maximum resolution | 720p. When four participants are sharing video, the maximum resolution is 360p per video feed. If fewer than four participants are sharing video, the resolution per video feed might be higher. | 720p for the composite layout or mixing. There’s no need for a high-quality video stream per participant in a composite layout. Because of this condition, each sender reduces resolution or upload bitrate. |
‘Slow-user’ problem | Sender modifies each modality’s (audio/video/screenshare) quality to the lowest common network quality among the participants. This multimedia stream is then forwarded to all other participants. As a result, a participant with poor network condition impacts the quality for everyone else in the call. | Less susceptible to the lowest common network quality scenario. The conference server provides different qualities based on the network conditions of individual participants. |
Self-preview | Displays yourself in a small thumbnail in real time. | Displays yourself in thumbnail and mixed with the rest of the video feeds. As a result, you might see yourself included in the main video layout with some additional delay. |
Screen sharing in Microsoft Teams
Microsoft Teams relies on video-based screen sharing (VBSS), effectively encoding the desktop being shared with video codecs like H264 and creating a high-definition stream. With HDX optimization, incoming screen sharing is treated as a video stream. If you’re in the middle of a video call and the other peer starts to share the desktop, the original camera video feed is paused. Instead, the screen sharing video feed shows. The peer must then manually resume the camera sharing.
Outgoing screen sharing is also optimized and offloaded to Citrix Workspace app. In this case, the media engine captures and transmits only the Citrix Desktop Viewer (CDViewer.exe) window, with a red border drawn around it. Any local application overlapping with Desktop Viewer isn’t captured.
Note
Set specific permission in Citrix Workspace app for Mac to enable screen sharing. For more information, see System Requirements.
Multimonitor
If Desktop Viewer (CDViewer.exe) is in full-screen mode and spanning across multimonitor setups, Citrix Workspace app 2106 or later (Windows/Linux/Mac) allows the screen picker to select the monitor to share.
Known limitation:
- If Desktop Viewer is disabled or if Desktop Lock is being used, multimonitor selection isn’t available in the Microsoft Teams screen picker. The Desktop Viewer might be disabled either by editing the
.ICA
file template orStoreFront web.config
. SHIFT+F2 hotkey isn’t compatible with multimonitor screen sharing. - In Workspace app versions older than 2106, only the primary monitor is shared. Drag the application in the virtual desktop to the primary monitor for the other peer on the call to see it.
- Multimonitor screen sharing might not work if you configure the Citrix Workspace app with the virtual monitor layout feature (logical partition of a single physical monitor). In this case, all virtual monitors are shared as a composite image.
- Older versions of the Citrix Workspace app for Windows (1907 up to 2008) also shares a local application that runs in the client machine. This sharing is possible only if the Citrix Workspace app was overlaid on top of Desktop Viewer. This behavior was removed in 2009.6 or higher, and 1912 CU5 or higher.
Screensharing from seamless application:
If you’re publishing Microsoft Teams as a standalone, seamless application, screen sharing captures the local desktop of your physical endpoint. Citrix Workspace app minimum version 1909 is required.
App sharing
Starting with Citrix Workspace app for Windows 2112.1 and VDA 2112, Microsoft Teams supports app sharing using HDX 3D Pro.
Starting with Citrix Workspace app for Windows 2109 and VDA 2109, Microsoft Teams supports screen sharing of specific apps running in the virtual session. To share a specific app:
- Navigate to the Microsoft Teams app within your remote session.
- Click Share content in your Microsoft Teams UI.
- Select an app to share in the meeting. The red border appears around an app you selected and the peers on the call can see the shared app.
To share a different app, click Share content again and select a new app.
If you want to disable app sharing, create the following registry key on the VDA at HKLM\SOFTWARE\Citrix\Graphics
:
Name: UseWsProvider
Type: DWORD
Value: 0
Note:
- If you minimize an app, Microsoft Teams displays the last image from the shared app. You can maximize the window to resume screen sharing.
- Screen sharing depends on the VDA-side capturing of the window. The content is then relayed at a maximum rate to the Citrix Workspace app. The maximm rate is 30 frames per second. The Citrix Workspace app forwards the content to the peers or conference server.
Known limitations with screen sharing of specific app:
- Mouse pointer isn’t visible when you are screen sharing an app.
- If you minimize an app when you’re sharing it, only the app icon appears in the screen picker. The thumbnail of the app isn’t previewed in the screen picker. You can’t share the content and the red border does not appear until you maximize the app.
Compatibility with app protection The screen sharing of a specific app is compatible with the app protection feature in HDX optimized Microsoft Teams. You can screen share a specific app, if you’ve launched the app or desktop from a delivery group that has app protection enabled.
When you click Share content in the Microsoft Teams UI, the screen picker removes the Desktop option. You can only select the Window option to share any open app.
Note:
When you launch apps or desktops from a delivery group with app protection enabled, you aren’t able to see the incoming video or screen sharing.
Multi-window meetings and chat
You can use multiple meetings or chat windows for Microsoft Teams in Windows. For details on the pop-out feature, see Microsoft Teams Pop-Out Windows for Chats and Meetings on the Microsoft Office 365 site.
Note:
This feature is available only after the roll-out of an update from Microsoft Teams. For information on ETA, see Microsoft page. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.
This feature is supported with Citrix Workspace app for Windows 2112.1 and VDA 2112.
Request control in Microsoft Teams
You can request control during a Microsoft Teams call when a participant is sharing the screen. Once you have control, you can make selections, edits, or other keyboard and mouse activities to the shared screen.
To take control when a screen is being shared, click Request control at the top of the Microsoft Teams screen. The meeting participant who’s sharing the screen can either allow or deny your request.
While you have control, you can make selections, edits, and other modifications to the shared screen. For these actions, you can use both keyboard and mouse. When you’re done, click Release control.
Limitation:
The Request Control option is not available during the peer-to-peer call between an optimized user and a user on the native Microsoft Teams desktop client that is running on the endpoint. As a workaround, users can join a meeting to get the Request Control option.
This feature is supported in the following versions of Citrix Workspace app:
- Citrix Workspace app for Windows version 2112.1 and later
- Citrix Workspace app for Linux version 2112 and later
- Citrix Workspace app for Mac version 2112 and later
Note:
This feature is available only after the roll-out of an update from Microsoft Teams. For information on ETA, see Microsoft page. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.
Peripherals in Microsoft Teams
When optimization for Microsoft Teams is active, the Citrix Workspace app accesses the peripherals (headsets, microphones, cameras, speakers, and so forth). Then the peripherals are properly listed in the Microsoft Teams UI (Settings > Devices).
Microsoft Teams does not access the devices directly. Instead, it relies on the Workspace app WebRTC media engine for acquiring, capturing, and processing the media. Microsoft Teams lists the devices for the user to select.
The peripherals that are inserted while Microsoft Teams is active aren’t selected by default. You’ve to manually select the peripherals from the Settings > Devices screen of the Microsoft Teams UI. After the peripheral is selected, Microsoft Teams caches the information of the peripherals. As a result, the peripherals are automatically selected when you reconnect to a session from the same endpoint.
Recommendations:
- Microsoft Teams certified headsets with built-in echo cancellation. In setups with extra peripherals, where microphone and speakers are on separate devices, there might be an echo. An example is a webcam with a built-in microphone and a monitor with speakers. When using external speakers, place them as far as possible from the microphone. Also, place them away from any surface that might refract the sound into the microphone.
- Microsoft Teams certified cameras, although Skype for Business certified peripherals are compatible with Microsoft Teams.
- Citrix Workspace app media engine can’t take advantage of CPU offloading with webcams that perform on-board H.264 encoding -UVC 1.1 and 1.5.
Note:
Workspace app 2009.6 for Windows can now acquire peripherals with audio formats with 24-bit or with frequencies above 96 kHz.
HdxTeams.exe (in the Citrix Workspace app for Windows 2009 or older) supports only these specific audio device formats (channels, bit depth, and sample rate):
- Playback Devices: up to 2 channels, 16 bit, frequencies up to 96,000 Hz
- Recording Devices: up to 4 channels, 16 bit, frequencies up to 96,000 Hz
Even if one speaker or microphone does not match the expected settings, device enumeration in Microsoft Teams fails and None displays under Settings > Devices.
Webrpc logs in HdxTeams.exe show this type of information:
Mar 27 20:58:22.885 webrtcapi.WebRTCEngine Info: init. initializing...
Mar 27 20:58:23.190 webrtcapi.WebRTCEngine Error: init. couldn't create audio module!
As a workaround, disable the specific device or:
- Open the Sound Control Panel (mmsys.cpl).
- Select the playback or recording device.
- Go to Properties > Advanced and change the settings to a supported mode.
Fallback mode
If Microsoft Teams fails to load in optimized VDI mode (“Citrix HDX Not Connected” in Teams/About/Version), the VDA falls back to legacy HDX technologies. The legacy HDX technologies might be webcam redirection and client audio and microphone redirection. If you’re using a Workspace app version/platform OS that does not support Microsoft Teams optimization, fallback registry keys do not apply. In fallback mode, the peripherals are mapped to the VDA. The peripherals appear to the Microsoft Teams app as if they were locally attached to the virtual desktop.
You can now granularly control the fallback mechanism by setting the registry keys in the VDA. For information, see Microsoft Teams fallback mode in the list of features managed through the registry.
This feature requires Microsoft Teams version 1.3.0.13565 or later.
To determine if you are in optimized or unoptimized mode when looking at the Settings > Devices tab in the Microsoft Teams app, the main difference is the camera name. If Microsoft Teams loaded in unoptimized mode, legacy HDX technologies launch. The webcam name has the Citrix HDX suffix as shown in the following graphic. The speaker and microphone device names might be slightly different (or truncated) when compared to the optimized mode.
When legacy HDX technologies are used, Microsoft Teams doesn’t offload audio, video, and screen sharing processing to the endpoint’s Citrix Workspace app WebRTC media engine. Instead, HDX technologies use server-side rendering. Expect high CPU consumption on the VDA when you turn on video. Real-time audio performance might not be optimal.
Known limitations
Citrix limitations
Limitations on Citrix Workspace app:
- HID buttons - Answer and end call aren’t supported. Volume up and down are supported.
- Secondary ringer (Teams > Settings > Devices) isn’t supported.
- QoS settings in the Admin Center for Microsoft Teams don’t apply for VDI users.
- App protection add-on feature for the Citrix Workspace app prevents outgoing screen sharing and blocks incoming screen share and video.
Limitation on the VDA:
- When you configure the Citrix Workspace app High DPI setting to Yes, the redirected video window appears out of place. This limitation occurs when the monitor’s DPI scaling factor is set to anything above 100%.
Limitations on Citrix Workspace app and the VDA:
- You can only control the volume of an optimized call using the volume bar on the client machine – not on the VDA.
Microsoft limitations
- The options to blur or customize the background aren’t supported.
- A 3x3 gallery view isn’t supported. Microsoft Teams dependency – contact Microsoft for when to expect a 3x3 grid.
- Interoperability with Skype for Business is limited to audio calls, no video modality.
- Incoming and outgoing video stream maximum resolution is 720p. Microsoft Teams dependency – contact Microsoft for when to expect 1080p.
- PSTN call ringback tone isn’t supported.
- Media bypass for Direct Routing isn’t supported.
- Only one video stream from an incoming camera or screen share stream is supported. When there’s an incoming screen share, that screen share is shown instead of the video of the dominant speaker.
- Broadcast and live event producer and presenter roles aren’t supported. Attendee role is supported but not optimized (renders on the VDA instead).
- The zoom in and zoom out function in Microsoft Teams isn’t supported.
- Location-Based Routing is not supported.
- Call health is not available.
Citrix and Microsoft limitations
- When doing screen sharing, the option include system audio isn’t available.
- Pop out chat (also known as multi-window chat or the new meeting experience) isn’t supported.
- Breakout rooms are supported for VDI participants. Microsoft Teams doesn’t support breakout rooms if the organizer is a VDI user.
- Give control and take control: Not supported during a desktop screen sharing or application sharing session. Supported only during a PowerPoint sharing session.
Note:
The following features are available only after the roll-out of an update from Microsoft Teams. For information on ETA, see Microsoft page. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.
Pop out chat (also known as multi-window chat or the new meeting experience) feature is supported with Citrix Workspace app for Windows 2112.1 and VDA 2112.
Take control feature is supported in the Citrix Workspace app for Windows version 2109.
Give control and take control feature is supported in the Citrix Workspace app for Windows version 2112.1 and later.
Additional information
In this article
- Microsoft Teams installation
- For Remote PC Access
- For App Layering
- Profile Management recommendations
- System requirements
- Feature matrix and version support
- Enable optimization of Microsoft Teams
- Network requirements
- Proxy servers
- Call establishment and media flow paths
- Microsoft Phone System
- Firewall considerations
- Microsoft Teams and Skype for Business Coexistence
- Citrix SD-WAN: optimized network connectivity for Microsoft Teams
- Gallery view and active speakers in Microsoft Teams
- Screen sharing in Microsoft Teams
- Peripherals in Microsoft Teams
- Known limitations
- Additional information