In this section:
Overview
This best practice details how to use Microsoft Azure AD to automatically route calls from a SIP Trunk or PSTN to Microsoft Teams Direct Routing at the same time user migrates to Microsoft Teams.
In this network scenario, a call arrives from the carrier and the
- If the user has been migrated to Teams, the call is sent to the Teams user using Microsoft Direct Routing.
- If the user is not a Teams user, call is sent to the PBX phone using the PBX connection.
Overview - Call Routing Logic
In the configuration example used for this Best Practice, a call arrives from the SIP Trunk and an IP address is associated with a SIP Signaling Group (SIP SG). The SIP Signaling Group points to a Call Routing Table which in turn specifies a Transformation Table.
The Transformation Table contains two entries:
- One transformation entry formats the Called Number to match the format used in Azure AD. The Unable to show "metadata-from": No such page "_space_variables"adds a "+" to match the format of the telephoneNumber Azure Active Directory user attribute.
- The second transformation entry searches for this formatted value in the phoneNumber Active Directory user attribute stored in the local Azure AD cache.
For the purpose of this example, the following attributes are used:
- For general Unable to show "metadata-from": No such page "_space_variables"Call Routing information, refer to Working with Telephony Routing.
- For the purposes of this documentation, all Unable to show "metadata-from": No such page "_space_variables"screen capture examples are taken from SBC 2000.
Step 1: Prerequisites
The following prerequisites are required for configuring the
- SBC 1000, SBC 2000 or Unable to show "metadata-from": No such page "_space_variables"
- Unable to show "metadata-from": No such page "_space_variables"License includes Active Directory
- Active Azure subscription
- Azure Active Directory tenant associated with your subscription (either synchronized with an on-premises directory or a cloud-only directory)
Setup the Unable to show "metadata-from": No such page "_space_variables"
Before
Configure the Unable to show "metadata-from": No such page "_space_variables" to Access PSTN, PBX and Direct Routing
Configure the
Prepare Azure Active Directory Domain Services
- Configure Azure AD Domain Services. Refer to: Create and Configure an Azure Active Directory Domain Services instance.
Configure LDAPS on Azure AD Domain Services. Refer to: Configure Secure LDAP for an Azure Active Directory Domain Services Managed Domain. The section "Export a certificate for client computers" is not required.
Take note of the "Secure LDAP External IP Address" or the FQDN that you associated. In this example, ldaps.domain.com is used.
Add the SBC Public IP address to the Azure AD Domain Services Network Security Group (AADDS-domain.com-NSG).
- Create a user in Active Directory with the correct "AAD DC Administrators". This user is used to query Azure AD from the Unable to show "metadata-from": No such page "_space_variables"to read the Azure AD information. In this example, admin@domain.com is used.
Step 2: Configure Unable to show "metadata-from": No such page "_space_variables" for Azure Active Directory
Verify Active Directory License
Active Directory based call routing can be preformed only with an AD feature license. Verify this license is installed as follows:
- In the WebUI, click the Settings tab.
- In the left navigation pane, go to System > Licensing > Current Licenses.
Verify that the Active Directory feature is licensed.
For detailed information on licenses, refer to: Node-Locked Licensing.
Create/Configure Domain Controller
- In the WebUI, click the Settings tab.
- In the left navigation pane, go to Auth and Directory Services > Active Directory > Domain Controllers.
- Click the Add Domain Controller icon at the top of the Domain Controllers Table page.
Add a domain controller per the parameters below. For details on creating a Domain Controller, refer to Adding and Modifying Domain Controllers.
Click OK.
Create/Configure Active Directory
Create and configure an Active Directory entry as follows:
- In the WebUI, click the Settings tab.
- In the left navigation pane, go to Auth and Directory Services > Active Directory > Configuration.
- Configure the settings per the table below. For details on Active Directory, refer to Configuring the SBC Edge Portfolio for Active Directory.
Click Apply.
Verify Telephone Number in AD Query
The Active Directory Cache Query tool allows you to query the local AD Cache for records that match a selected property/value pair. The query returns the records associated with the first match it finds. This tool is useful in determining if the Cache has been updated after a record has been added on the Domain Controller.
Perform an AD query as follows:
- In the WebUI, click the Diagnostics tab.
- In the left navigation pane, go to Tools > Query AD Cache.
- In the Property to Match drop down list, select telephoneNumber.
- In the Value to Match field, enter the Skype user's telephoneNumber (i.e:+12122139087)
Click OK.
The query should return results similar to those shown below.
If the request is failing, LDAPS may be denying the ACL that protects the Logical Interface for Teams. Create the following rules:
On the Outbound ACL, create the rule with the following parameters (ensure this rule is higher than "Deny All" rule):
On the inbound ACL, create the rule with the following parameters (ensure this rule is higher than "Deny All" rule):For detailed information about ACLs, refer to Working with Access Control Lists and Session Control.
Step 3: Configure SBC for Active Directory Routing
Create/Configure Transformation Tables
A Transformation table contains a list of entries that contain routing rules. Two Transformation table entries are required:
- Entry for the Called Number to match the format used in Azure AD.
- Entry to search for the formatted value in the phoneNumber Active Directory user attribute stored in the local Azure AD cache.
Create the Transformation Table entries as follows:
- In the WebUI, click the Settings tab.
- In the left navigation pane, go to Call Routing > Transformation.
Create a Transformation table called From SIP-Trunk to Teams user. For details, refer to Managing Transformation Tables.
- In the left navigation pane, select the Transformation Table created in the previous step.
Add two entries. See below for configuration. For details, refer to Creating and Modifying Entries to Transformation Tables.
Create/Configure Call Routing Table
- In the WebUI, click the Settings tab.
- In the left navigation pane, go to Call Routing > Call Routing Table > From SIP Trunk
Add a new entry as follows:
Reorder this Routing table to have this new rule on TOP of the rule going to the PBX.
Step 4: Migrate a User to Microsoft Teams
When migrating a user to Microsoft Teams, the administrator needs to enter a Phone Number (with a format that match the one used in the transformation table) via Office 365 Portal. The
- Access Office 365 admin portal.
- Access to Users > Active Users.
- Select the user you previously migrated to Teams.
Enter the user phone number in Phone Number field.
Step 5: Verify Call Routing using AD Attributes
Call Type: Call going to a Teams user
To properly verify the
- A SIP Trunk dials the user's number (12122139087).
- The call reaches the SIP inbound Signaling Group on the Unable to show "metadata-from": No such page "_space_variables".
- The call is then sent to the relevant Call Route Table Entry.
In the Call Route Entry, the incoming number is first formatted to the proper format (+12122139087) using the relevant call route entry. A match is then made using the cached Active Directory user attributes.
The call is then routed to the relevant Direct Routing outbound Signaling Group.
To view the AD usage in progression via the WebUI log, refer to Working with Logging. See below for an example.
Call Type: Call going to a PBX user
To properly verify the SBC configuration, please follow these steps:- A SIP Trunk dials the user's number (10001001004).
- The call reaches the SIP Inbound Signaling Group on the SBC.
- The call is then sent to the relevant Call Route Table Entry.
In the Call Route Entry, the incoming number is first formatted to the proper format (+10001001004) using the relevant call route entry. A match is NOT made using the cached Active Directory user attributes. The call is then routed to the relevant PBX outbound Signaling Group.
To view the AD usage in progression via the WebUI log, refer to Working with Logging. See below for an example.