Microsoft Teams – Direct Routing – Part 2

Continuation from Part 1 discussing the configuration and setup of Sonus SBC as well as O365 tenant to support Microsoft Teams direct routing.

Certificate Requirement

All deployed SBC(s) must have a public certificate from a supported Public CA. When generating the CSR, the private key size should be at least 2048.
Note: onmicrosoft.com domain for certificate is not supported.

Thomas Poett has a great article around certificates. His article can be found here:

Direct Routing Certificate Requirement

Wildcard certificate is also supported on Sonus SBC for Direct Routing.

SBC Configuration for Teams

From the previous blog, the public FQDN that was identified for the Sonus SBC will now need to be assigned including the wildcard certificate.

Assigning the FQDN to the SBC:

Under System -> Node-Level Settings:

Host Name (example): sbc01
Domain name (example): contoso.com.au

For Time Zone – depending where the SBC is going to be located, please allocate appropriately. In Australia I prefer to use the Public DNS settings as shown above including NTP.

Certificate for SBC:

Under the Trusted CA for the SBC you will need to upload all relevant trusted certs. Example of the trusted certs required to validate the wildcard provided by the Public CA as shown below:

These will need to be uploaded to the SBC as Trusted CA:

As part of the required Trusted CA, to decipher the certificate provided by Microsoft the Baltimore CyberTrust Root is also required to be uploaded and show above.

Once this is done, upload the wildcard certificate:

Once all Trusted CA’s in place the verification status will show as “OK”

Setting up the SRTP Profile for Media List:

Once the SRTP profile is created, now create the Media list:

Setup a TLS profile:

Under the SIP Server Table create the MSFT SIP Servers:

Setup of SIP Server:

For the “TLS profile” assign the TLS profile that was created previously.

Setup a SIP Profile:

The SIP profile table is as follows

Static Host FQDN (example): sbc01.contoso.com.au
Origin Field Username (example): sbc01.contoso.com.au

Note: Before you proceed to setup the signalling group it is recommended to update the firmware of the SBC to the latest version. Latest version used for this blog is 8.0.1.508. This is a requirement from Sonus to enable Direct Routing integration with Microsoft Teams.

Setting up Teams with SBC Information to complete the process

Log into the tenant via PowerShell using the following information:

$acctName=”John.Doe@contoso.com.au”
$sfboSession = New-CsOnlineSession -UserName $acctName
Import-PSSession $sfboSession

Note: You will need to download and install the Skype for Business Online PowerShell module. Click Link to download file.

Once logged in, run the following command:

New-CsOnlinePSTNGateway -FQDN “SBC Public FQDN Name” -SipSignallingPort 5061 -MaxConcurrentSessions 10 -ForwardCallHistory $true -Enabled $true

Output of the above command should look like below:

Note: You can enable ForwardCallHistory and ForwardPAI if this is not going to conflict with the local SBC configuration with SIP provider. If enabled and the local SBC is also configured to provide this information, the SIP provider may drop the call if duplicate information is provided.

Setting up Signalling Group for Microsoft Teams

Firstly, create a Call routing table to assign to the Signalling group otherwise you will have to change this later on.
Once done a Signalling group can be setup for Teams:

Once this is done the Signalling group will be up and up can now see SIP Options when you click on the Counters against the SIP Signalling group:

Once the SIP signalling is setup from your provider and the transformation tables are setup, you can route calls to and from Microsoft Teams and to and from your PSTN provider.