Certificates and domains in MS Teams Direct Routing
The first step will be to decide the domain name that we will assign to our certified SBC. For example:
sbc-for-msteams.name-company.com
Taking this domain into account, we generate the corresponding CSR (certificate signing request) in the SBC, including the FQDN and the company data (name, location, department, etc.) and we will request the generation of this certificate from the authorized CA.
As an alternative option, if we already have a wildcard (*.name-company.com), it can be imported into the SBC. As soon as we have the certificate on the SBC, encryption can be configured for the trunks.
In parallel, it will be necessary to create the DNS record corresponding to the domain of our SBC, pointing to the public IP of the SBC. Another important point is related to the connectivity between the MS Teams cloud instance and the SBC itself, which is typically linked to a client network deployment (although there is the possibility of using elements in a multi-tenant format such as the SBC as a Service offered by Quobis).
It is necessary to enable some rules in the intermediate elements (firewalls). For example, MS Teams uses port 5061 for SIP signaling and ports 3478-3481 and 49152-53247 for media traffic. In this link there is more information about these ports and policies. Quobis has been working for more than 15 years in integrations of customer switchboards and operator networks, using SBCs from different manufacturers and with more than 300 references.
Dozens of clients have counted on Quobis to manage the integration with MS Teams, so it can be the main ally to manage the implementation of MS Teams within their corporate network.