Certificates and domains in MS Teams Direct Routing

28 February 2022

Essential requirements for Direct Routing projects

Teams offers the ability to establish SIP trunks with SBCs. This functionality is known as direct routing. It is a very powerful option, which allows us to integrate Teams with the company’s VoIP infrastructure, and also to give out PSTN to Teams users through operators, in case MS Teams calling plans are not convenient.

MS Teams networking requirements

Implementing interconnection with Teams has its requirements, summarized in the Ms Teams documentation:
  • It will be necessary to associate a FQDN (Fully Qualified Domain Name) to the SBC, fulfilling the following requirements detailed in the documentation.
  • MS Teams requires encryption for both signaling (TLS) and audio (SRTP). A certificate is required for the SBC. This certificate must be issued by a CA listed by Microsoft.
  • The SBC must be certified by Microsoft: here is the official list of compatible SBCs.

Choose a domain name and create the certificates:

The first step will be to decide the domain name that we will assign to our certified SBC. For example:


Taking this domain into account, we generate the corresponding CSR (certificate signing request) in the SBC, including the FQDN and the company data (name, location, department, etc.) and we will request the generation of this certificate from the authorized CA.

As an alternative option, if we already have a wildcard (*.name-company.com), it can be imported into the SBC. As soon as we have the certificate on the SBC, encryption can be configured for the trunks.

In parallel, it will be necessary to create the DNS record corresponding to the domain of our SBC, pointing to the public IP of the SBC.

Connect your MS Teams instance to the SBC:

Another important point is related to the connectivity between the MS Teams cloud instance and the SBC itself, which is typically linked to a client network deployment (although there is the possibility of using elements in a multi-tenant format such as the SBC as a Service offered by Quobis).

It is necessary to enable some rules in the intermediate elements (firewalls). For example, MS Teams uses port 5061 for SIP signaling and ports 3478-3481 and 49152-53247 for media traffic. In this link there is more information about these ports and policies.

Quobis, your partner to succeed in direct-routing projects

Quobis has been working for more than 15 years in integrations of customer switchboards and operator networks, using SBCs from different manufacturers and with more than 300 references.

Dozens of clients have counted on Quobis to manage the integration with MS Teams, so it can be the main ally to manage the implementation of MS Teams within their corporate network.

Next article

What is MS Teams Survivable Branch Appliance (SBA)?

MS Teams is one of the most popular collaboration platforms today. Quobis is helping service providers and enterprises to a[...]