Session Border Controller (SBC) requirements for MS Teams

28 January 2022

SBC as key element on Direct Routing scenarios

Interconnection with MS Teams represents a technical challenge as it manages signaling and media in a different way to traditional PBX. SBCs are elements that have been designed to defeat all the problems and concerns related to security (preventing DDoS attacks, topology hiding, etc), interconnection between different vendor platforms (SIP normalization) and performance of SIP networks (monitoring voice quality, etc). They play a primary role when connectivity with MS Teams Phone System is needed, especially in those scenarios where Direct Routing is used to connect with customer carriers.

Quobis SBC as a Service

Call ciphering becomes mandatory requirement

The first challenge is call ciphering, that is a common requirement from current UCaaS solutions and pseudo-mandatory for MS Teams, demanding signaling via TLS and media via SRTP. Legacy PBX and trunks with telcos are using plain mode. You’ll need to install a trusted certificate in the SBC, that must have the enough capacity to cipher all the sessions you expect. This is important as hardware-based SBCs are sometimes limited in terms of number of sessions to be ciphered.

Transcoding SILK

Despite G.711 being typically supported, Microsoft recommends SILK for voice coding. OPUS is a new adaptive codec that reduces bandwidth needed to allocate voice calls in a trunk. Tests show that it reduces around 5 times the bandwidth needed (on net) compared to G.711. So, the capacity of the SBC to handle voice transcoding sessions is important, as this is very intensive in terms of allocating resources. Hardware-based SBCs typically use ad-hoc DSP for this, that must be bought independently to standard SBCs. Virtual SBCs sometimes require a huge amount of vCPUs and RAM capacity, depending on the number of sessions to transcode.


Not only a certified sessión border controller and a Office 365 tenant are mandatory for managing this interconnection. As stated above, a public trusted certificate is needed, together with a fully-qualified domain name (FGDN) for the SBC and some firewall-enabled IP address and port to route Direct Routing signaling and media. 

Media traffic optimization

Another feature is media bypass, that enables service providers and enterprises to optimize the path for media traffic. This tool uses protocols on the Teams client and the SBCs to use the most direct path for media, keeping the cloud of Microsoft just for signaling. This is a better approach to avoid problems related to network performance. Media-bypass is an optional feature for certified SBCs, like SBA (Survivable Branch Appliances), an optional feature that enables the possibility to route calls to the PSTN in cases of loss of the connectivity with the cloud of Microsoft. Other optional features that depend on the certified SBC implementation are E9-1-1 and ELIN support, which might be critical depending on the customer country.

Certified SBCs for MS Teams Direct Routing

Audiocodes and Ribbon (former Sonus) were the first SBC manufacturers to get their SBCs certified. After that, others like Oracle, Nokia or even Cisco passed the certification.

SBCs that have passed the certification can be found on this Microsoft documentation page.

Next article

What is the Microsoft 365 Phone System?

To act as a complete UCaaS solution, Microsoft Teams needs access to the Microsoft Phone System. There is some confusion be[...]