So it won't work. Which means that to make it work I'll need to either force-migrate the company to an AD domain or something else that can force-push CAs to client machines, or I'll have to figure out a way to automatically update DNS (hosted by some place with no automation support) to support letsencrypt DNS challenges.
Or perhaps easiest: refuse to work with Teams.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!