This document provides an in-depth overview of the Microsoft Teams architecture including:
- The logical architecture showing how messages, files, tabs, apps, and other components are stored and connected.
- A deeper look at the various Microsoft services that power Teams like Exchange, SharePoint, and Azure.
- Details on where different types of Teams data like messages, files, voicemails are stored.
- The compliance boundary and how third-party services and data interact with Teams.
- An overview of the Teams client architecture across different platforms and technologies used.
- Settings and admin roles for managing Teams at the tenant, team, and channel level including with PowerShell.
SBFT Tool Competition 2024 -- Python Test Case Generation Track
ESPC19 - Microsoft Teams Architecture Deep Dive
1. MICROSOFT TEAMS
ARCHITECTURE DEEP DIVE
MAARTEN EEKELS - @maarteneekels
CHIEF DIGITAL OFFICER PORTIVA
MICROSOFT MVP & REGIONAL DIRECTOR
2. MICROSOFT TEAMS
LOGICAL ARCHITECTURE
Message
Images, Emojis,
Stickers,
Recordings
Contacts
Teams
Chats
Voice
Chat
OneDrive for
Business
Tabs
Apps
Calling
Meetings
Voice mail
Team
Office 365
Groups
Channel
SharePoint
Reply Chain
Tabs
Activity Feed
Apps
Folder
SharePoint
Folder
TEAMCHANNEL#0
3. ARCHITECTURE – A BIT DEEPER
Services
Most recent files
Telemetry
Files
Files
Web
Companions
Notes
Calendar
AAD
MessagingSettings and
O365 access
OneNote
OneDrivefor
Business
WAC
Other
Workloads
Connectors
Audio /
video
Search
Notification
service
SMTP
SharePoint
Publish /
Subscribe
Push
Notifications
Exchange
Experimentation
MRU Teams
services
Calling /
Meeting
PSTN
Teams Clients
Desktop
iOS
App
Android
AppElectron
Web
Chat &
Presence
services
Exchange
Information
Protection
Graph
Webhook
Stream
Recording
Bots
Graph API
Email service
Policy
4. WHERE IS EVERYTHING STORED?
Image
Files
Voicemail
Message
Recording
Calendar
meeting
Contacts
Media service on Azure (using Blob storage)
Team files SharePoint
Chat files OneDrive for Business
Individual mailbox in Exchange
Chat service table storage (moving to Cosmos DB)
Media service on Azure (using Blob storage) (<24
hours)
Individual mailbox in Exchange
Exchange
Ingested to Exchange to enable compliance
Ingested to Exchange to enable compliance
Encoded to Stream
Telemetry Microsoft Data warehouse (No customer content)
5. DATA FLOWS AND THE COMPLIANCE BOUNDARY
compliance boundary
Microsoft
Teams
Email a channel
Connectors
Calling Plan (PSTN)
Push Notifications
(Mobile)
Other Cloud storage
(3rd party)
Giphy
2-way communication Inbound data Outbound data
Data posted to a channel
Data posted to a channel
Query to Giphy
Push notifications to Apple or Google to
notify mobile client
Optional Box, Dropbox, Google drive, Citrix
ShareFile
Tabs Any third-party tab is hosted outside the
compliance boundary
Apps/Bots Any third-party App/bot or line of business app
is hosted outside the compliance boundary
Graph API
Graph APIs can be exposed to line of
business apps or 3rd party apps
Enables inbound/outbound calling outside
the organization
User Browser,
Desktop ,MobileStandard Teams user
Guest userGuest added
via AAD B2B
Anonymous join to a
meeting
Anonymous user
joining a meeting
Federation
communication
Communication between
multiple tenants
URL Preview
Get a preview of a URL that is posted to a
message
6. TEAMS CLIENT ARCHITECTURE
Web Windows Mac iPhone/iPad Android
Angular → React
Electron
Desktop Mobile
jQuery, lodash, etc. (200+ Open Source Components)
iOS Android
TypeScript, Node, SASS
Swift Java
HTML5/CSS
C++ Objective C
(Some) React
Native
7. MEMBERSHIP AND ROLES
Team Owner Team Member Team Guest
Create team - -
Leave team
Edit team name/description - -
Delete team - -
Add channel * *
Edit channel name/description * *
Delete/restore channel * *
Edit messages * *
Delete messages * * *
Add members - -
Add tabs * -
Add connectors * -
Add bots * -
* Can be restricted
through Team
Settings by the owner
8. TEAMS ADMIN ROLES
• Teams Service Administrator: The overall Teams workload admin, who can
also manage and create O365 Groups.
• Teams Communication Administrator: This role can manage meetings and
calling functionality in Microsoft Teams.
• Teams Communications Support Engineering: Users who are assigned this
role have access to advanced call analytics tools.
• Teams Communications Support Specialist: This role has access to basic call
analytics tools.
• Group Administrator: Users in this role can create/manage groups and its
settings like naming and expiration policies.
14. EXTERNAL GUEST ACCESS
• Default setting: Off for tenants / On for individual Teams
• Disabling or enabling external guest user access for individual Teams is only
possible through PowerShell
$template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq
"group.unified.guest"}
$settings = $template.CreateDirectorySetting()
$settings["AllowToAddGuests"]=$False
$groupID = (Get-AzureADGroup -SearchString “<your group name").ObjectId
Get-AzureADObjectSetting -TargetObjectId $groupID -TargetType Groups | fl Values
New-AzureADObjectSetting -TargetObjectId $groupID -TargetType Groups
-DirectorySetting $settings
Get-AzureADObjectSetting -TargetObjectId $groupId -TargetType Groups |
Set-AzureADObjectSetting -TargetObjectId $groupId -TargetType Groups
-DirectorySetting $settings
To add your image, first delete the place holder image as shown in the white box.Then insert your picture and scale it to be bigger than the size of the white box shown.Finally, right click on your image and select ‘Send to back’ – your image should now be framed correctly.
This is the Pre-Title Screen.
Please do not place any content on this screen.