Friend bought round XBox 360. It worked. No UPnP.
I have 1000 games on my Steam account. They all work. Online.
Skype, Whatsapp, hundreds of apps, phones, other people's consoles on games nights, you name it. They all work.
You only EVER *NEED* a port-forward if you are HOSTING content. You do not need it to game, join servers, browse servers or anything else. All major consoles have matchmaking services that can handle that side for you, no port-forwards required. And that's because only when you are actually being a server should you be punching holes in your firewall to let others in (rather than talking to a matchmaking server, or talking over an ESTABLISHED connection to another person which is what matchmaking servers set up for you).
Seriously. Turn UPnP off now. Play any game you like. See what happens. At absolute worst, XBox even has a term for it that shows up in the settings that nobody ever looks at... it basically means "you're behind a NAT, so I'll use a matchmaking service that knows that".
UPnP has several functions - one discovers things over the local network using local broadcast/multicast addresses. That's fine, and is on the client. One tells the local network that there is indeed a way to get to the Internet. That's fine, but often runs on the router and is entirely unnecessary on any modern operating system. Some advanced routers (e.g. Draytek) will have an option to leave that on, if you like. It's called "Connectivity Status". The other thing UPnP does is the port-forward thing. Every client asks for port-forwards. If your router grants them, this is by far not the first security problem with that. If you turn them off, the clients carry on regardless. Even weird stuff like videoconferencing, Steam matchmaking etc.
Before you start spreading nonsense saying that you "have to have UPnP", turn it off and see what happens. It's literally one click on your router.
Then tell me why you would ever want that functionality enabled on, say, a corporate network either, and why they turn it off from day one, and who's likely to be the biggest user of things like port-forwards and SIP / H232 / etc. protocols that all "need" that... yet it all works without UPnP.
Honestly, just try it. Nobody is even suggesting you have to ditch your local wireless devices, because they can use mDNS and UPnP etc. discovery over your local network, and connect to the Internet to do everything they need, without EVER HAVING to use it to punch as many holes in your firewall as they like.
TURN OFF UPNP ON YOUR ROUTER. Seriously. Not your clients, they can do what they like, because they can't punch holes in your security without the router's assistance and will just discover each other and work around it. And if you *didn't* know this, you really need to think why you're on an IT forum.