MS-Teams Direct Routing SBC Example Configuration
Introduction
This document provides instructions on how to configure your existing Microsoft 365 domain with the ProSBC as an SBC for Direct Routing.
Official documentation
Configure Direct Routing – High-level steps for connecting SBC to Teams and enabling users.
Connect your SBC to Direct Routing – Detailed instructions for pairing SBC with Teams using Admin Center or PowerShell.
Prerequisites
Refer to Plan Direct Routing – Infrastructure, licensing, and domain requirements.
MS365 Licensing requirements
Microsoft Teams Phone license assigned to users
The “Microsoft Teams Essentials with Phone” is used and assigned to three MS users:
MS365 : Domain, DNS and certificate requirements
Public FQDN for SBC and public-signed certificate
TLS 1.2 support
MS365 users assigned to that domain
The domain "contoso.com" has been added to Microsoft 365.
“prosbc.contoso.com” is the registered ProSBC FQDN.
ProSBC instance hosting
world-wide web reacheable
configured with public IP and FQDN
network/firewall configuration for public access
MS365 / MS-Teams Configuration
While most of the official documentation is using “PowerShell” commands, the majority of the configuration can be done through the MS365 Admin Portal and MS-Teams Admin Portal.
Create PSTN Gateway in Teams Admin Center or via PowerShell.
Reference: https://learn.microsoft.com/en-us/microsoftteams/direct-routing-connect-the-sbc
Where: Microsoft Teams admin center > Voice > Direct Routing > SBCs (tab)
What to do: Add an SBC with the following configuration:
FQDN and TLS SIP port used for SIP trunking between the ProSBC and MS-Teams cloud network
Send SIP options: On
Forward call history: Off
Forward PAI header: Off
SBC Internet Protocol version: IPv4
Media bypass: Off
Bypass mode: None
All other parameters can be decided
Concurrent call capacity
Faillover response codes/time
Preferred country/region for media traffic
Location based routing
Assign SBC to voice routing policies
Reference:
Where: Microsoft Teams admin center > Voice > Direct Routing > Voice routes (tab)
What to do:
Add routes with number patterns allowed to be used by MS-Teams users for calls toward PSTN
Assign these routes to the SBC
Example:
For Toll-free numbers (e.g. 1-800-555-5555), the configuration may be like that:
Dialed number pattern:
^+18(00|33|44|55|66|77|88)[2-9]\d{6}$SBCs enrolled: prosbc.contoso.com
PSTN usage records: NANP-TollFree
Configuring MS365 users with MS-Teams parameters
Reference: https://learn.microsoft.com/en-us/microsoftteams/direct-routing-enable-users
Where: Microsoft Teams admin center > Users > Manage users
What to do:
Under the “Account” tab, do one of the following
Assign a phone number (“Direct Routing” type) to each user
Enable the “Enterprise Voice” (this user won’t have the full telephony service however)
ProSBC Configuration
Here’s a short list of what must be done on the ProSBC
FQDN and certificates
Where: ProSBC > Security > Certificates
References:
What to do: Add all certificates needed for TLS connection with MS-Teams
As “Local” type, a public-signed certificate for the ProSBC itself and its FQDN
As “Trusted”, the certificates coming from MS list
The list of CA certificate can change, because of date expiration or other reasons. Always give a look at the official documentation for the actual list of required CA. The page states instructions about that.
TLS Profile
Where: ProSBC > Security > TLS Profile
What to do: Create a “Level 1” TLS profile using the local certificate and bundled with the trusted certificates. The “Peer authentication” must be enabled.
SIP stack configuration
Where: ProSBC > SIP
What to do: Have a SIP stack on the host
create a TLS transport dedicated to connect with the MS-Teams servers. The TLS transport must me assigned with the TLS profile previously created for MS-Teams.
To avoid interoperability issues with different SIP peers, disable “Use session timer”.
Public IP and FQDN for NAT traversal
Where: ProSBC > Advanced Networking > NATs
What to do: Create two “Force Public IP or FQDN” entries: one for the Public IP and one for the FQDN
This may be unneeded if the public IP is directly available to the IP network interface (no NAT topology)
NAP profile
Where: ProSBC > Profiles
What to do: Create a dedicated profile for the NAP that will be connected to MS-Teams servers
VOIP > Media Relay > Allow low-delay media relay := enabled
VOIP > Media Relay > Use RTP anchoring := enabled
VOIP > Media Relay > RTP security mode := Secure
VOIP > SIP > Advanced parameters > SDP combining options := none selected
VOIP > SIP > Advanced parameters > Forward SIP hold SDP direction := enabled
VOIP > SIP > Allowed SIP methods > REFER := disabled
VOIP > RTP and Audio > RTCP > Enabled := enabled
VOIP > RTP and Audio > RTCP > RTCP multiplexing := disabled
NAP configuration
Where: ProSBC > NAP
What to do: Create three NAPs. Each of them have by default the profile configured above.
The proxy for each NAP:
sip.pstnhub.microsoft.com:5061sip2.pstnhub.microsoft.com:5061sip3.pstnhub.microsoft.com:5061
Assigned the SIP TLS transport created from previous step
Poll Remote Proxy := enabled
NAT > Remote Method for RTP := None
NAT > Remote Method for SIP := None
NAT > Local NAT Method for RTP := the public IP NAT from previous step
NAT > Local NAT Method for RTP := the FQDN NAT from previous step
Check the Checkbox: Proxy Environment → Microsoft Teams Direct Routing
NAP routes
Where: ProSBC > Gateway > Routes
What to do: For each of the three NAPs, create an inbound and outbound rules
For routes towards MS-Teams server:
filled the Remapped Called with the MS-Teams user identification (user account or phone number)
enabled the forward_sip_domain and forward_sip_parameters parameters.
Set a priority value to each of MS-Teams NAPs: lowest value, most p
Last updated
Was this helpful?