In this section:
Configuring Microsoft Teams
Microsoft Teams Direct Routing Configuration.
Consult the Microsoft documentation for detailed information on Direct Routing interface configuration guidelines, including the RFC standards and the syntax of SIP messages.
Obtain IP Address and FQDN
Requirements for configuring the SBC in support of Teams Direct Routing include:
Domain Name
For the SBC to pair with Microsoft Teams, the SBC FQDN domain name must match a name registered in both the Domains and DomainUrlMap fields of the Tenant. Verify the correct domain name is configured for the Tenant as follows:
- On the Microsoft Teams Tenant side, execute Get-CsTenant.
- Review the output.
- Verify that the Domain Name configured is listed in the Domains and DomainUrlMap attributes for the Tenant. If the Domain Name is incorrect or missing, the SBC will not pair with Microsoft Teams.
Users may be from any SIP domain registered for the tenant. For example, you can configure user user@example.com with the SBC FQDN name sbc2.examplevoice.com, as long as both names are registered for the tenant.
Configure Domain Names - Example
Obtain a Certificate
Public Certificate
The Certificate must be issued by one of the supported certification authorities (CAs). Wildcard certificates are supported.
- Refer to Microsoft documentation for the supported CAs.
- Refer to Domain Name in Table 2 for certificate Common name formats.
Configure and Generate Certificates on the SBC
Microsoft Teams Direct Routing allows only TLS connections from the SBC for SIP traffic with a certificate signed by one of the trusted certification authorities.
Request a certificate for the SBC External interface and configure it based on the example using GlobalSign as follows:
- Generate a Certificate Signing Request (CSR) and obtain the certificate from a supported Certification Authority.
- Import the Public CA Root/Intermediate Certificate on the SBC.
- Import the Microsoft CA Certificate on the SBC.
- Import the SBC Certificate.
The certificate is obtained through the Certificate Signing Request (instructions below). The Trusted Root and Intermediary Signing Certificates are obtained from your certification authority.
Configure Office 365 Tenant Voice Routing
A Tenant is used within the Microsoft environment as a single independent enterprise that has subscribed to Office 365 services; through this tenant, administrators can manage projects, users, and roles. Access the Tenant configuration and configure as detailed below. (For details on accessing the Tenant, refer to Microsoft Teams Documentation).
- Create Online PSTN Gateway that points to the SBC:
- Enter the SBC FQDN (Example below: sbc1.rbbn.com). The FQDN must be configured for the Tenant in both the Domains and the DomainUrlMap fields.
- Enter the SBC SIP Port (Example below - SipPort5061).
New-CsOnlinePSTNGateway -Fqdn sbc1.rbbn.com -SipSignallingPort SipPort5061 - MaxConcurrentSessions <Max Concurrent Session which SBC capable handling> -Enabled
$true
2. Configure Teams usage for the user:
a. Enter the User Identity (find example below - user1@domain.com)
Get-CsOnlineUser -Identity user1@domain.com Set-CsUser -Identity user1@domain.com - EnterpriseVoiceEnabled $true -HostedVoiceMail $true -OnPremLineURI tel:+10001001008
Grant-CsOnlineVoiceRoutingPolicy -PolicyName "GeneralVRP" -Identity user1@domain.com
Grant-CsTeamsCallingPolicy -PolicyName AllowCalling -Identity user1@domain.com
Grant-CsTeamsUpgradePolicy -PolicyName UpgradeToTeams -Identity user1@domain.com
Configure media bypass with Direct Routing
Media bypass enables you to shorten the path of media traffic and reduce the number of hops in transit for better performance. With media bypass, media is kept between the Session Border Controller (SBC) and the client instead of sending it via the Microsoft Phone System. To configure media bypass, the SBC and the client must be in the same location or network. (for details on Media-Bypass, refer Plan for media bypass with Direct Routing).
Media bypass can be enabled/disabled on the trunk.
Set-CSOnlinePSTNGateway -Identity <sbc_FQDN> -MediaBypass $true